09010 Sant'Anna Arresi
INFORMATION NOTICE REGARDING THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH EU REGULATION 2016/679 (“GDPR”)
Cantina Mesa S.r.l. società agricola, with registered Office in Località Su Baroni snc, 09010 Sant’Anna Arresi (SU), Italy, fiscal code/VAT number 03754000929, R.E.A. di Cagliari n. 295239, telephone number + 39 0781/965057, email address firstname.lastname@example.org (“Company”).
1 – DATA PROCESSING PURPOSES
1.1 – Contractual purposes: view the web pages and utilize the services offered, including the sale of products, on the website www.cantinamesa.com (“Website”)
1.2 – Marketing purposes: the sending, through automated messaging systems (including txt, mms and e-mail) and by traditional methods (such as traditional mailings and phone calls), of promotional and commercial messages concerning the products/services offered by the Company or announcements about company events, as well as for market research purposes and statistical analyses.
1.3 – Third party marketing: the sending, through automated methods of contact (including txt, mms and e-mail) of promotional and commercial communications relating to products offered by third-party companies belonging to Santa Margherita Wine Group. These companies are the following:
Santa Margherita S.p.A., SM Tenimenti Pile and Lamole and San Disdagio S.r.l. società agricola, Cà Maiol S.r.l. società agricola.
1.4 – Legal obligations: to comply with the obligations specified in the applicable national and international regulations.
1.5 – Mailing of newsletters: only if requested by the user, who must register to benefit from this service.
1.6 – Rights of Data Controller: if necessary, to ascertain, exercise or defend the Company’s rights in legal proceedings.
1.7 – Extra-judicial credit recovery: in order to allow the Company to recover its receivables without resorting to legal actions.
1.8 – Functioning of the Website: during their normal operation, the information processing systems and software programs that allow the Website to function, acquire some personal data whose transmission is implicit in the web communication protocols. This information are not collected in order to be associated with the interested parties, but because of its nature, through additional processing and association with other data in the possession of the Company or of third parties, they could lead to the identification of the Website’s users.
2 – LEGAL BASIS FOR PROCESSING DATA
2.1 – Contractual purposes:the execution of a contract you are a party to.
2.2 – Marketing and profiling purposes:consent (optional, can be revoked at any time).
2.3 – Legal obligations:need to comply with legal obligations.
2.4 – Mailing of newsletters:execution of a contract you are a party to, i.e. the subscription to the newsletter.
2.5 – Rights of the Data Controller and extra-judicial credit recovery:legitimate interest.
3 – DATA RETENTION PERIOD
3.1 – Contractual purposes, legal obligations: valid for the entire duration of the contract, and for 10 years after its termination.
3.2 – Mailing of newsletters, marketing and profiling purposes: valid until the revocation of consent for said purposes. Only the data concerning details of purchases, if made, will be stored and processed for the terms indicated in the regulations issued by the Authority for the protection of personal data, dated 24 February 2005, and subsequent modifications, i.e. 24 months.
3.3 – Rights of the Head of Data Treatment and extrajudicial credit recovery: in the case of legal proceedings, for the entire duration of the same, until the expiration of the term of availability of appeals.
3.4 – Functioning of the Website: for the entire duration of the user’s navigation of the Website.
When the terms of data storage indicated above have expired, your personal data will be destroyed, cancelled or made anonymous, in accordance with the technical cancellation and backup procedures.
4.1 – PERSONAL DATA TREATED FOR CONTRACTUAL PURPOSES – LEGAL OBLIGATIONS – RIGHTS OF THE DATA CONTROLLER – CREDIT RECOVERY
Personal data, contact information, administrative-accounting data.
4.2 – PERSONAL DATA TREATED FOR MARKETING AND PROFILING PURPOSES
Personal data, contact information, administrative-accounting data, data concerning purchases made on the Website, data collected by cookies installed on the Website.
For more information on cookies, please see:https://www.cantinamesa.com/en-US/cookie
4.3 – PERSONAL DATA TREATED FOR THE PURPOSE OF MAILING NEWSLETTERS http://www.
4.4 – PERSONAL DATA TREATED FOR FUNCTIONING OF THE WEBSITE
IP addresses or domain names of the computers utilized by Website users, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the requests, the method utilized to submit the request to the server, the dimensions of the file obtained in reply, the numeric code indicating the reply issued by the server (good outcome, error, etc.), other parameters concerning the user’s operating system and IT environment, information about the user’s behavior on the Website, the pages viewed or searched for, in order to select and personalize specific messages sent to the user by the Website and the data relative to the user’s behavior on the Website collected, for example, by using cookies.
5 – DATA SUBMISSION REQUIREMENT
The submission of personal data referred to in point 4.1 above, for the purposes indicated in point 1.1, is obligatory. This means that refusal to submit the abovementioned personal data makes it impossible to utilize the Website services to reserve or purchase products.
Submission of personal data as per point 4.2, for the purposes indicated in points 1.2 and 1.3, is voluntary and depends on the user’s consent.
Some of the personal data specified as per point 4.4 are strictly necessary to the functioning of the Website, while others are used only to collect statistical information in anonymous form, on the use of the Website, and to check on its proper functioning, and are erased immediately after they are processed. In treating personal data that can, directly or indirectly, indicate your identity, we try to adhere to the principle of strict necessity. For this reason, we have designed the Website to require a minimum of personal data, so as to limit the treatment of the personal data that can identify you to only those instances in which it is strictly necessary, or at the request of the authorities or the police (such as, for example, the data relative to traffic and the time you spend on the Website, or your IP address), or to ascertain responsibility in the case of hypothetical criminal hacking of the Website or digital fraud.
6 – DATA RECIPIENTS
Personal data may be treated by third parties operating as autonomous Data Managers, such as, for example, oversight authorities and control bodies and, in general, private or public subjects that can legitimately request access to the data.
Personal data may also be treated on behalf of the Company by third parties designated as Data Managers, who are provided with adequate operational instructions.
These subjects can be subdivided into the following basic categories:
a. companies belonging to Zignago Group such as, for example, Santa Margherita S.p.A. for marketing services, Zignago Holding SpA, for General Legal Services, Zignago Servizi S.r.l. for HR services (including payroll processing);
b. companies offering email mailing services;
c. companies offering Website maintenance and development services;
d. press offices or companies offering services involving event organization;
e. companies offering e-commerce services;
f. companies offering support in the realization of market research and customer satisfaction studies.
7 – SUBJECTS AUTHORIZED TO TREAT DATA
Your data may be processed by employees of the Company functions assigned to pursue the purposes indicated above. They are expressly authorized to treat the data and have received appropriate operating instructions.
The data provided as per point 4.4 – collected during Website navigation – will be processed by Company employees and collaborators or third parties specifically charged with and responsible for the processing, who perform technical and organizational tasks for the Company on its Website.
8 – YOUR RIGHTS AS A PARTY INTERESTED IN THE TREATMENT – COMPLAINTS TO THE OVERSIGHT AUTHORITY
By contacting the Company via email at email@example.com you can request access to your data, their cancellation, correction of inaccurate data, integration of additional data or object to their treatment in cases specified in art. 18 of the GDPR, as well as oppose treatment in the hypothesis of the Company’s legitimate interest.
In addition, in the case in which data treatment depends on consent or a contractual agreement and is carried out by automated means, you are entitled to receive, in a structured, legible format for common use, your personal data and, if technically feasible, to transmit them to another Head of Data Treatment without impediment.
You have a right to revoke your consent to treatment of your personal data for marketing and/or profiling purposes at any time, and may also object to the treatment of the same for marketing purposes, including the profiling involved in direct marketing. You may also choose to be contacted for the abovementioned purposes solely by traditional means, and object only to receiving communication by automated means.
You are entitled to file a claim with the oversight authority of the member nation in which you normally reside or work, or of the country in which the purported violation occurred.
9 – DATA PROTECTION
Your personal data will be processed using automated means, for the time strictly necessary to achieve the objectives for which they were collected and in line with the principle of necessity and proportionality, avoiding the treatment of personal data whenever it is possible to instead utilize anonymous data or alternative modalities.
We employ specific security measures to prevent the loss of personal data, its illicit or improper use and unauthorized access, but we ask you to keep in mind that to ensure the confidentiality of your data, you must have instruments such as an updated antivirus program on your device, and the internet service provider you utilize must guarantee data security through firewalls, anti-spam filters and other analogous systems.