Pursuant to EU Regulation 2016/679, entitled “European General Data Protection Regulation” (GDPR) we inform our users that the personal data they register in our website are processed for the purposes and in the manner described below.
Pursuant to the aforesaid regulation, data processing means any single operation or set of operations, whether or not by electronic or automated means, involving the collection, recording, organisation, storage, processing, alteration, selection, retrieval, comparison, use, interconnection, blockage, communication, disclosure, erasure and dissemination of data.
In compliance with the provisions of the new Regulation regarding personal data protection, we inform you as follows:
1. Data Controller
The data controller is SAN GIORGIO S.r.l., tax and VAT no. IT02844770731, with head office in Via Pitagora, 1 – 74020 Faggiano | Taranto, who will use the data for the purposes indicated below. For further information please contact us by email at: firstname.lastname@example.org.
2. Data processed
The personal and master data we collect (name, surname, email) are provided by the user when they register with our website www.csgbulkwines.it, and send a contact request.
3. Purposes of the processing
Personal data are processed for the purposes that are related or instrumental to the business of SAN GIORGIO S.r.l., including storage in the company database or for direct mail marketing. In particular:
- A. Without express consent from the data subject:
To receive an email sent using the contact form. When filling in the contact form, certain personal data are requested (company or name, email address and mobile phone) that will identify the user in order to send a reply to the given email address.
- B. With express consent from the data subject:
To register with the newsletter service provided by the Data Controller.
4. Processing method
The personal data are processed based on correctness, legality and transparency. Our company guarantees that all data processing, with or without the use of electronic or automated means, is performed using tools that are appropriate to guarantee the security and privacy of the data subject. This is achieved by means of appropriate procedures that prevent the risk of data loss, unauthorized access, illegal use and distribution, in compliance with the restrictions and terms established in EU Regulation 2016/679.
Personal data are processed using printing, electronic and/or automated methods.
The data are processed by our staff, within the performance of our mandate.
5. Data access
The parties that could learn of the user’s personal data in their capacity as processors or assignees (as per article 13(1) of the GDPR) are:
- The Data Controller
- The Data Controller’s staff in order to satisfy the user’s requests (registration with the website, registration with the newsletter, and reply to a request for information).
Parties that provide electronic data processing services and information management services as indicated in paragraph 3.
I dati personali non saranno oggetto di diffusione a terzi.
6. Data communication
The data could be communicated to Supervisory Authorities, Judicial Authorities or other third parties that the data has to be communicated to by law, including for the prevention/repression of any illegal activities related to the site access and sending a request.
7. Data transfer
The personal data are processed and stored on servers, located in Italy, of the Data Controller and/or third companies. However, it is understood that, if necessary, the Data Controller has the faculty to move the servers outside the EU. In this case, the Data Controller hereby guarantees that data transfer outside the EU will take place in compliance with applicable legal dispositions.
8. Data retention period
The personal data of website users who send an information request using the contact form will be conserved only for the time strictly needed to satisfy their request, and for the purposes indicated in paragraph 3.
The data collected for registering with the website and newsletter service are stored in the company database and conserved for as long as the service lasts, after which they are deleted or made anonymous within the term established by law.
Should a data subject revoke consent for a specific type of processing, the data are deleted or made anonymous within 72 hours from receipt of the revocation.
Pursuant to art. 13(2)(f) of the Regulation, we inform you that none of the collected data will be included in any sort of automated decisional process, including user profiling.
9. Data subject’s rights
Users are free at any time to exercise their rights as defined in articles 13(2), 15, 18, 19 and 21 of the GDPR, which are summarized as follows:
- The data subject has the right to obtain confirmation as to whether or not personal data concerning him or exist, even if not yet communicated, and receive a legible copy of the data.
- The data subject has the right to request the Data Controller to grant access to his or her personal data, and to integrate, amend, delete or limit the data, or oppose the processing, and the right to request the data be transferred.
- The data subject has the right to put forward a claim to the Privacy Guarantor, following the procedures and indications published in the authority’s official website www.garanteprivacy.it; exercising these rights is not subject to any formal limitation and is free of charge.
10. Method for exercising these rights
Users can exercise their rights at any time by sending an email to email@example.com.
Or by letter to:
SAN GIORGIO S.r.l.
Via Pitagora, 1
74020 Faggiano | Taranto
Notice pursuant to and for the effects of art. 13 of the GDPR EU 2016/679 relating to the protection of the processing of personal data.
In your capacity as “Data Controller” and “Data Subject”, that is, the entity referred to by the data which are subject to processing and / or for whose management you are responsible, we wish to inform you of the essential elements of the processing carried out.
Purpose of the processing.
Your personal data (for example, name, surname, company name, address, telephone number, mobile phone number, e-mail address, bank and payment details) are processed: Without your express consent (Article 6 letter b), e) GDPR), for the following service purposes:
- the fulfillment of all the transactions imposed by regulatory obligations, tax and fiscal provisions deriving from the performance of the business activity and the prescribed provisions on anti-money laundering;
- the establishment and execution of ongoing contractual relationships;
- transactions strictly connected and instrumental to the initiation of the aforesaid relationships, including the acquisition of information preliminary to the conclusion of the Contract;
- management of relations with the customer for administration, accounting, orders, shipments, invoicing, services, management of any litigation;
- the management and execution of the necessary customs procedures in case of import / export activities, including storage at customs warehouses and assistance in inspection by the Competent Authorities;
- the execution of transport, logistics and management services for the shipment of goods requested;
- the conservation of the goods held for pick-up;
- the execution of all the necessary procedures for the correct and complete management of the shipment and / or of goods in transit.
Your personal data will be subject to processing based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights. Contractual, service provision, commercial and non-commercial and promotional purposes regard the processing of personal data of the Customer only. The Customer’s personal data will be processed for the entire duration of the contractual relationships established and also subsequently for the fulfilment of all legal obligations as well as for future commercial purposes. There is no automated decision-making process based on the personal data communicated or any profiling activity.
Anti-money laundering and anti-terrorism.
The provision of data required by the legislation on Anti-Money Laundering and Counter-Terrorism is mandatory and any refusal to respond precludes the requested professional service and may involve reporting the transaction to the competent supervisory body. In this regard, it should be noted that the processing of personal data relating to anti-money laundering obligations will take place having regard to the specific implementation procedures imposed on non-financial operators by the Regulation on the identification and retention of information envisaged by art. 3 paragraph 2 of Legislative Decree no. 56/2004 and adopted with M. D. no. 143/2006. Other information could also be taken from public sources to comply with the obligations under Legislative Decree 231/2007.
The processing of data for the purposes set out takes place using either automated, electronic or magnetic, or non-automated means, on paper, in compliance with the rules of confidentiality and security required by law, the resulting regulations and internal provisions. The data processing is carried out by means of the operations indicated in art. 4 no. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Place of processing.
The data are currently processed and stored at the headquarters, Via Pitagora, 1, 74020 Faggiano | Taranto. They are also processed, on behalf of the Undersigned, by professionals and / or companies in charge of carrying out technical, development, management and administrative – accounting activities.
Mandatory or optional nature of the provision of data and consequences of a refusal to provide such data.
Some data are indispensable for the establishment of the contractual relationship or for its execution, while others can be defined as accessories for these purposes. The provision of data to the undersigned is mandatory only for data for which there is a legal or contractual obligation.
In the cases in which the provision of data is provided for by a normative or contractual obligation, refusal would result in the company being unable to give effect or continue the Contract in that it would constitute an illicit processing. In cases where there is no legal obligation to provide data, the refusal would not have the consequences mentioned above, but would still prevent the execution of ancillary transactions.
Without prejudice to communications made in compliance with legal and contractual obligations, all data collected and processed may be communicated in Italy and transferred abroad, exclusively for the purposes specified above, to:
- Professionals and consultants, consultancy companies, factoring companies, credit institutes, debt collection companies, credit insurance companies, commercial information companies, insurance companies, companies operating in the transport sector;
- Entities that can access your data in accordance with provisions laid down by law.
Furthermore, in the management of your data, the following categories of persons in charge and / or internal and external processors identified in writing and to whom specific written instructions have been given may be informed of them:
- Employees of Administrative Services;
- Professionals or service companies for administration and business management who work on behalf of our company.
Transfer of data to third countries.
Personal data are stored on servers located in Italy. In any case, it is understood that the Data Controller, if necessary, will also have the right to move the servers outside the EU. In this case, the Data Controller hereby guarantees that the transfer of data outside the EU will take place in accordance with the applicable legal provisions.
Tempi di conservazione dei dati:
The data provided will be stored in our archives according to the following parameters:
For administration, accounting, orders, budget management and the entire production flow, assistance and maintenance, shipping, invoicing, services, management of any dispute: 10 years as established by law from the provisions of art. 2220 of the Italian Civil Code, except for any delayed payments of the sums that justify its extension;
For the purposes referred to in paragraphs 5 to 8 above, the storage times are up to the expiry of the contract and / or the commercial supply relationship;
Data subject’s rights.
In your capacity as a Data Subject, you have the rights set forth in art. 15 GDPR and precisely the right to:
- obtain confirmation as to whether or not personal data concerning you exist, even if not yet recorded, and their communication in an intelligible form;
- obtain the specification:
- of the origin of personal data;
- of the purposes and methods of the processing;
- of the logic applied in case of processing carried out with the aid of electronic instruments;
- of the identification details of the controller, the processors and the designated representative pursuant to art. 3, paragraph 1, GDPR;
- the individuals or categories of individuals to whom the personal data may be communicated or who may be informed of it in their capacity as designated representative in the territory of the State, processors or appointees;
- updating, rectification or, when it concerns you, integration of data;
- the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right;
- oppose, in whole or in part:
- for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection;
- the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail.
It should be noted that the right of opposition of the Data Subject, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the Data Subject to exercise the right to object even only partially. Therefore, the Data Dubject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
In case of signing of any form of consent to the treatment requested by SAN GIORGIO S.r.l. please note that the Data Subject may revoke it at any time, without prejudice to the mandatory obligations provided for by the legislation in force at the time of the request for revocation, by contacting the Data Controller, by registered letter A.R., at the addresses below.
Data controller and data processor.
The Data Controller, who can be contacted to enforce the rights transcribed above, is SAN GIORGIO S.r.l., Tax Code and VAT No. 02844770731, with headquarters in Via Pitagora, 1, 74020 Faggiano | Taranto. The designation of the data processors and of the appointees is kept at the registered office of the Data Controller. The aforementioned rights may also be exercised by you by sending communications to the following e-mail address: firstname.lastname@example.org.