INFORMATION ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH ART. 13 OF REGULATION (EU) NO. 2016/679
Pursuant to Art. 13 of Regulation (EU) no. 2016/679, also known as the General Data Protection Regulation (hereinafter also referred to as “GDPR” for brevity), Cantina Monticiana di Fabio Marra informs you that your personal data (hereinafter also referred to as “Data” for brevity), will be processed in compliance with the dictates of the GDPR and any applicable national and international regulations in force regarding the processing of personal data in accordance with this policy statement.
1. DATA CONTROLLER. DATA PROTECTION OFFICER
The Data Controller is Cantina Monticiana di Fabio Marra (VAT number and Fiscal Code: IT03034330609) based in via Selvapiana 44, IT-03025 – Monte San Giovanni Campano, hereinafter also referred to for brevity as “Data Controller”. The Data Protection Officer may be contacted for any information pertaining to the processing of Data at the email address: email@example.com.
2. CATEGORIES OF DATA
Data processed by the Data Controller include:
– biographical data (first name, last name, age, gender), residential or home address and contact information (e.g., telephone, email address);
– bank and/or payment information;
– Data provided for the purpose of carrying out professional activities.
3. PURPOSE AND LEGAL BASIS OF PROCESSING. LEGITIMATE INTEREST
Data will be processed for the purposes for which they were provided and for the fulfillment of legal obligations, pursuant to Art. 6, paragraph 1, subparagraph (b) and (c) of the GDPR, as well as the pursuit of the legitimate interest of the Owner, Art. 6(1)(f) of the GDPR, referring to:
fulfillment of the activities for which they were conferred (e.g., for the professional service that is the subject of the assignment);
compliance with internal administrative procedures and fulfillment of legal or regulatory obligations in force in Italy
In any case, the processing of your Data carried out on the basis of the Data Controller’s own legitimate interest takes place, in addition to the provisions of Art. 6(1)(f) of the GDPR, also in accordance with the provisions of recital no. 47 and to Opinion no. 6/2014 Article 29 Data Protection Working Party, para. III.3.1.
4. METHODS OF PROCESSING
Your Data will be collected and recorded legitimately and fairly for the purposes stated above and will also be processed through the use of electronic and automated tools, including by entering and organizing them in databases, in accordance with the provisions of the GDPR on security measures, and, in any case, in such a way as to ensure the security and confidentiality of the Data.
5. RECIPIENTS OR CATEGORIES OF RECIPIENTS
The Data may be made accessible to, brought to the attention of, or communicated to the following individuals, who will be appointed by the Data Controller, as appropriate, as data processors – a list of whom is available at the Data Controller’s office – or appointees:
employees and/or collaborators in any capacity of the Owner;
Public or private entities, natural or legal persons, which the Data Controller uses to carry out the activities instrumental to the achievement of the above purpose or to which the Data Controller is required to communicate the Data under legal or contractual obligations.
In any case, the Data will not be disseminated.
6. TRANSFER OF DATA ABROAD
For the purpose of processing instrumental to the management of the database, Data may be transferred to third countries (non-EU). In this case, the transfer will take place by adopting the contractual clauses prescribed by the decision of February 5, 2010 of the European Commission, as well as in such a way as to provide appropriate and adequate guarantees under Articles 46 or 47 or 49 of the GDPR.
7. RETENTION PERIOD
The Data will be kept for a period of time not exceeding 10 (ten) years for administrative purposes and, in any case, for the time strictly necessary to pursue the legitimate interest of the Data Controller.
8. RIGHTS OF ACCESS, CANCELLATION, LIMITATION AND PORTABILITY
The Holder informs you that you have the rights set forth in Articles 15 to 20 of the GDPR. By way of example only, by sending a specific request via email to firstname.lastname@example.org, you may:
Obtain confirmation as to whether or not personal data concerning you are being processed;
where a processing operation is in progress, obtain access to the data and information related to the processing, as well as request a copy of the data;
Obtain correction of inaccurate data and supplementation of incomplete personal data;
obtain, if any of the conditions stipulated in Art. 17 of the GDPR, the deletion of Data concerning you;
Obtain, in the cases listed in Art. 18 of the GDPR, the restriction of the processing of Data concerning you;
Receive the Data concerning you in a structured, commonly used, machine-readable format and request its transmission to another data controller, if technically feasible.
9. RIGHT OF OPPOSITION
Pursuant to Art. 21 of the GDPR, you may exercise your right to object at any time to the processing of your Data carried out in pursuit of the legitimate interest of the Data Controller by sending an email to email@example.com. In this case, the Data may no longer be processed, except where there are legitimate grounds for processing that override the interests, rights and freedoms of the data subjects, or for the establishment, exercise or defense of a legal claim.
10. RIGHT TO COMPLAIN TO THE GUARANTOR
The Data Controller also informs you that you may file a complaint with the Garante per la Protezione dei Dati Personali if you believe that your rights under the GDPR or any other applicable legislation have been violated, in the manner indicated on the website of the Garante per la Protezione dei Dati Personali accessible at: www.garanteprivacy.it.