Cantine Riondo S.p.A.
VAT no. 02950740239 Tax code, VAT no. and Company Reg. VR: 02950740239 R.E.A. VR n.297269 Reg. Cap. € 2,360,000.00
Subject to management and coordination control by the sole shareholder COLLIS VENETO WINE GROUP S.C.A.C. www.cantineriondo.com

Information for interested parties pursuant to Art. 13 of the European Data Protection Regulation (GDPR) No. 679/2016 and related provisions issued by the National and European Authorities

Privacy protection

Cantine Riondo S.p.A. (hereinafter also Cantine Riondo and/or company and/or owner) is constantly striving to provide visitors with a web experience that fully respects and protects their privacy and welcomes you to www.cantineriondo.com.

We invite you to read our Privacy Policy and to read the following information provided – pursuant to Article 13 of the GDPR (General Data Protection Regulation) no. 679/2016 – EU Privacy Regulation; this information is addressed to those who interact with the web services directly provided by Cantine Riondo and that are accessible telematically from the address www.cantineriondo.com, and is intended to describe the management of the aforementioned website and not of other external websites that may be consulted by the user via links. Additional information may be provided within the different access channels.

1. The Data Controller – indication and contact details

Cantine Riondo S.p.A. Via Cappuccini, 6 – Monteforte d’Alpone (VR) – ITALY
Cap. 37032
Ph. (+39) 045 6104346
Fax (+39) +39 045 6104224
E-mail: riondo@cantineriondo.com

2. Contact details of the data protection officer

At the date, the Data Controller, having carried out the appropriate assessments, does not consider it necessary to include the figure of the Data Protection Officer (in short RPD or DPO – Data Protection Officer) pursuant to Articles. 37 and following of the GDPR n. 679/2016; it remains the reservation to integrate this information also through addendum in the event of a different procedure.

3. Persons responsible for the processing of personal data and place of processing

Summary:

Parties other than the Data Controller who may handle your personal data on our behalf. The list is available from our office and can be requested using the references given here.

More detailed information:

The list of any identified data controllers who are specifically bound by contract or other legal act, as well as the system administrator(s), is available at the head office. The processing operations connected with the web services offered by this site take place at the registered office of Cantine Riondo and, where applicable, at the offices of the external data processors and other authorised parties (as specified below) and are carried out by entities responsible for managing the services requested, data storage and processing activities and the necessary maintenance operations.
In the event of the need/use/guarantee of the provision of services via the web, we specify that the data connected to the web services may be processed by the staff of the company or companies that manage the technological part of the site and the platform for the newsletter service, including the sending of coupons.
With the consent of the interested parties, if required by law, and in any case subject to adequate information specifying the various purposes, personal data may be communicated to third parties, public or private, unrelated to Cantine Riondo, who will process them as autonomous data controllers (or, where applicable, data processors); in this regard, the writer is in no way responsible, moreover, assumes no liability for:
1. rules and methods for handling personal data of other websites, which can be reached from the pages of the www.cantineriondo.com website through links;
2. contents of any e-mail services, web spaces, chat forums provided to users.

4. Legal basis of the processing/Why we process your data

Basic purposes (mandatory data provision and consent).

Summary:

o Response to requests received from the user
o Supply of goods and services
o Contacting the user for matters related to requests made by the user
o Legal and/or regulatory provisions
o Sector-specific provisions

More detailed information:

We process your personal data for the following purposes:
o Responding to explicit requests from the data subject/user
o Fulfilling the obligations arising from the supply of goods and services, both in contractual and pre-contractual terms, with particular reference to their execution as well as to the collection of any agreed fees.
o Fulfilment of obligations under applicable national and EU legislation.
o To also enforce rights of third parties in judicial, arbitration, administrative proceedings in compliance with regulatory restrictions.

Promotional activities (provision of data and consent optional)

Summary:

Sending of commercial communications, execution of direct marketing, market analysis etc. … by means of:
o automated tools (e.g. SMS and chat, e-mail, unmanned phone calls)
o traditional (e.g. post, phone calls with an operator)

More detailed information:

Marketing: subject to your express consent, we may send, by means of computerised and other means (i.e. traditional methods such as post and/or calls with an operator), communications for the purpose of monitoring the progress of customer relations as well as planning and executing analytical, strategical and operational marketing activities, informing you of commercial and promotional activities concerning goods/services related to those for which the relationship was established and the contact request was sent. The purpose in question may therefore be pursued for reasons other than those strictly related to the basic purpose, should you decide to give your consent (after having reviewed the information herein); should you decide not to give your (optional) consent for the aforementioned purpose, the basis and the consequent obligations of the relationship between our company and you will not in any case be compromised or altered; the requests and demands made will also be fulfilled in any case. Therefore, if you wish to give your consent, it will be valid for contact using both traditional methods and computerised tools (e.g. e-mail, SMS, MMS, fax, automated calls…); if you wish to exercise your right to oppose and/or revoke your consent at any time, you may do so independently using one of the contact methods.

Mailing lists or newsletters etc: by registering for a mailing list or newsletter etc, the User’s e-mail address is automatically included in a list of contacts to whom e-mail messages containing information relating to our services, including of a commercial and promotional nature, may be sent. The User’s e-mail address may also be added to this list as a result of registering with this Application or having made a request.

Contact Form/Registration: The User, by filling in the contact form with his or her Data, consents to the use of such Data to respond to requests for information, quotes, or any other nature indicated in the header of the form.
Interaction with social networks and external platforms: this type of service allows you to interact with social networks, or other external platforms, directly from the pages of this Site. The interactions and information acquired by this Application are in any case subject to the User’s privacy settings for each social network. If a service for interaction with social networks is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages where it is installed.

Profiling (provision of data and consent optional)

Summary:

Profiling mechanisms may be used to create a personalised profile of you, based on your preferences and tastes, and to send you advertising consistent with your profile. In this way, any advertising messages you may receive will be of greater interest to you. In accordance with current privacy legislation, prior consent, which may be revoked at any time, is required to carry out these activities.

More detailed information:

With regard to the activity in question, it should be noted that we may carry out automated profiling of users (in general of natural persons) in order to analyse or predict aspects relating to the professional performance, economic situation, health, personal preferences or interests, reliability or behaviour, location and movements of the person concerned, to the extent that this allows us to draw up a profile of the person concerned with consequent actions mainly of a promotional nature and targeted towards you. We may be primarily concerned with analysing and creating a personalised profile of you, based on your preferences and tastes when browsing and entering data on the Cantine Riondo website, and sending you advertisements consistent with your profile. In this way, advertising messages/communications/notices etc. … that you may possibly receive will be of greater interest to you. In accordance with current privacy legislation, prior consent, which may be revoked at any time, is required to carry out these activities.

Other purposes (provision of data and consent optional)

Summary:

o Inclusion in the map of retailers’ points of sale

More detailed information:

Adherence to the map of retailers’ outlets: If you meet the conditions and wish to include your sales outlet on the map, we will publish your references on the site so that the public can locate your business as quickly as possible.

5. What data do we process and how?

Summary:

Navigation and usage data
E-mail, address, first name, surname / or company name, contact details, usage data
System logs and maintenance
Cookies (see cookie policyCookie Policy)

More detailed information:

Personal Data (e.g. e-mail, address, first name, last name and/or company name, name of contact persons, cookies, usage data, etc.) may be entered voluntarily by the User or collected automatically during the use of this Application.
In this regard, we would like to inform you that, in addition to the data that you expressly provide to Cantine Riondo, other data arising from your navigation on the Site may be recorded. For any access to the Site, we record the type of browser (e.g. Internet Explorer, Chrome, Mozilla), the operating system (e.g. Windows, Macintosh) and the visitor’s host and URL of origin, as well as data on the page requested. This data may be used in aggregate and anonymous form for statistical analysis of the use of the Site.
Other Personal Data collected may – also in the future – be indicated in further sections of this page or by means of information texts displayed at the same time as the collection of the Data itself within the relevant sections, if any.
Personal Data may be entered voluntarily by the User or collected automatically during the use of this Application.
The possible use of Cookies – or of other tracking tools – by this Application or by the owners of third party services, unless otherwise specified, has the purpose of identifying the User and recording his/her preferences for purposes strictly related to the provision of the service/information requested by the User.
Failure by the User to provide certain Personal Data may prevent this Application and the writing company from providing its services. Please refer to the cookie policy for details.
The User assumes responsibility for the Personal Data of third parties published or shared through this Site and guarantees that he/she has the right to communicate or distribute it, releasing the Owner from any liability towards third parties.

6. Methods of processing

Summary:

Paper and IT

More detailed information:

Your personal data will be processed using manual and automated tools, in ways that are strictly related to the purposes indicated here and, in any case, in such a way as to guarantee the security and confidentiality of your data.
Should you wish to obtain further information, we remind you of your rights as specified here.

7. When is the user obliged to give us their data?

Summary:

Basic purpose: compulsory
Other purposes (marketing/promotional): optional

More detailed information:

The types of personal data collected and processed on the www.cantineriondo.com website are those necessary for the provision of the services requested and in the remaining cases are derived from the user’s navigation. It is therefore clear that if you do not provide such data, you will not be able to receive the services requiring the use of these tools. If you do not give your consent to receive advertising or direct sales information or interactive commercial communication, your e-mail and telephone number will not be used for this purpose.
Warning:
o The voluntary sending of electronic mail to the addresses indicated on the site entails the acquisition of the sender’s address as well as any other information contained in the message; this personal data will be used solely for the purpose of performing the service or provision requested.
o The optional insertion of data in the forms on the Site (newsletter, contact form, registration form, etc.) as well as the optional, explicit and voluntary sending of data in the web forms or electronic mail to the addresses indicated on this Site, in order to obtain specific services and/or communications and information, entails the subsequent acquisition of the sender’s address/reference, which is necessary to respond to requests or to provide the services, communications and information requested, as well as any other personal data entered.

8. Protection of minors

Summary:

The processing of data of minors may take place to the extent that consent is given or authorised by the holder of parental responsibility.

More detailed information:

Cantine Riondo does not intentionally collect personal information (such as name, address and telephone number etc.) from minors. We do not allow minors to register on the sites or to participate in online competitions or promotions. However, if the parent or guardian of a child believes that the child may have provided personal information, he or she should contact us if he or she wishes to have such information deleted from our files. If the Data Controller becomes aware of being in possession of information of a personal nature relating to a child, they shall in any event immediately delete such information from their databases. In the event of untruthful information being provided, Cantine Riondo shall be considered free from any liability and/or claims, without prejudice to the checks it undertakes to carry out. In addition, it is reminded that all minors must, in any case, receive due authorisation from their parents or guardians before using or making information public on websites of any kind.

 

9. Categories of recipients to whom personal data may be communicated

Summary:

o employees and similar persons of Cantine Riondo qualified as “authorised processors” (administrative, sales, marketing, system administrators, etc.). …) and duly trained and monitored by the owner;
o external parties (e.g. agents, legal and administrative consultants, experts in industry standards, technical service providers, hosting providers, information service companies, communication agencies, business partners where necessary to fulfil specific obligations, etc.). …).

More detailed information:

Your data will not be disclosed by us, by which term disclosure is meant to unspecified persons in any way, including by making them available or consulting them.
We may disclose your data in general, by which we mean the disclosure of data to specific persons, as follows:
o to persons who can access the data by virtue of a provision of law, regulation or EU legislation, within the limits provided for by such legislation;
o to persons who need access to the data for purposes strictly related to fulfilling requests and for purposes related to them, within the limits strictly necessary for the related tasks (subjects of public security and other public and private subjects for the fulfilment of obligations provided for by law also of administrative nature, and the like);
o to employees of the company qualified as authorised persons to process personal data and to the staff assigned to the correct response to your requests, limited to the related communication needs (name and e-mail address and other possible means of contact provided by you);
o to managers of the institutional website who carry out, on our behalf, tasks of a technical or organisational nature instrumental to the provision of the services requested, as well as to any third parties involved in various ways with the activities;
o to persons who assist us in the transmission of communications for commercial/promotional purposes;
o to system administrators specifically appointed by the undersigned in compliance with regulatory requirements.
NB: data will not be disclosed to third parties for their marketing purposes.

10. Retention period of personal data

10 years for basic purposes
24 months for marketing purposes (unless authorisation is withdrawn)
24 months for profiling purposes (unless authorisation is withdrawn)
These terms may be shortened and/or extended (with prior notice to the interested parties) in the event, for example, of indications from institutions and/or supervisory authorities.
It remains possible to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

11. Transfer to non-EU countries

Summary:

The data controller may transfer your data to non-EU countries in order to use services such as archiving or to create mailing lists; naturally, in this case Cantine Riondo undertakes to verify the security of the transfer of personal data using the criteria established by the legislation (for example: the presence of a “legally binding instrument” with executive effect between public authorities or public bodies; binding company regulations; standard data protection clauses adopted by the Commission; codes of conduct; certification mechanisms).

 

12. Complaint to the Guarantor Authority

The procedures at your disposal and protection (in addition to the exercise of your rights against us) are:
o Access from the website www.garante privacy.it in the special section dedicated to complaints in the event that the Italian Authority is competent.
or
o In accordance with the procedures laid down by the supervisory authority of the Member State (where different from Italy) where the person concerned habitually resides or works or where the alleged infringement occurred.

13. Your rights

Summary:

Access – Restriction – Rectification – Objection – Withdrawal of consent – Deletion (Removal) – Portability

More detailed information:

Right of access: you may receive a copy of the personal data being processed at any time.
Right of restriction: this right may be exercised not only in the event of a breach of the lawfulness of the processing, but also in the event that a request is made for the data to be corrected or the data subject objects to the processing; the Data Controller undertakes to mark the data in question during the period of its assessment as to what is to be done with suitable organisational measures.
Right of rectification: you may obtain the rectification of inaccurate personal data concerning you without delay and you may also obtain the integration of incomplete personal data by providing a supplementary declaration.
Right to object: you may object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you, even if they are used for direct marketing and/or profiling.
Right to withdraw consent where given, e.g. for marketing purposes and the like.
Right to deletion (to be removed): it is possible to request the erasure of data in an enhanced form, e.g. after the data subject has withdrawn consent to the processing of personal data.
Right to portability: this does not apply to non-automated processing, i.e. to paper-based archives and/or registers; moreover, only data that is provided by the data subject to the Data Controller and processed with the latter’s consent or on the basis of a contract entered into with the Data Controller are portable.

14. What references should be used to exercise rights?

Please refer to point 1 of this policy.

 

15. Term and modalities of response by the Controller to those who wish to assert a right concerning their personal data

Summary:

1 (one) month extendable to 3 (three) months in more complex cases in writing

More detailed information:

We hereby inform you that if you exercise your rights, the Data Controller must provide a written reply, also by means of electronic instruments that favour accessibility (orally only at the express request of the data subject), within a period of 1 (one) month which, in particularly complex cases, may be extended to 3 (three) months, without prejudice to the obligation to provide a reply within one month of the request, even in the event of refusal.
After assessing the complexity of the request made by the data subject, the Controller may establish the amount of any contribution to be requested from him, but only if the request is manifestly unfounded or excessive.

Changes to this information sheet

The Data Controller reserves the right to make changes to this information page at any time by advertising it to Users here. Please consult this page often, taking as a reference the date of last modification indicated at the bottom. In the event of non-acceptance of the changes made to this privacy policy, the User must cease using this Application and may request the Data Controller to remove his/her Personal Data. Unless otherwise specified, the above information sheet will continue to apply to Personal Data collected up to that point.

Date of update 10/12/2020