This Policy describes how your personal data will be processed in the context of using the sales services which can be reached from the Website. This policy is provided only for the Website and, therefore, the Controller does not accept any liability for other websites that may be consulted through hyperlinks on the Website. For these reasons, in order to know the details regarding the processing of personal data in these external websites, please refer to the related privacy policies. You are also invited to read the Cookie policy, the privacy policy, as well as the Terms and Conditions of Sale present on the Website.
1. WHO IS THE DATA CONTROLLER?
Angelini Wines & Estates Società Agricola a r.l., with registered office in Via Roma 117, 60031, Castelplanio (AN), in the person of its pro tempore legal representative, is the data controller of your personal data (“Angelini” or the “Controller”), which may be contacted at the following e-mail address: angeliniwinesandestatessocagrarl@legalmail.it.
2. HAS THE CONTROLLER APPOINTED A DATA PROTECTION OFFICER?
The Controller has appointed a “Data Protection Officer” or “DPO”. The DPO may be contacted via e-mail at dpo@angeliniwinestates.com or by writing by normal post to the following address:
Data Protection Officer
c/o Angelini Wines & Estates Società Agricola a r.l.
Via Roma n. 117, 60031
Castelpiano (AN)
3. WHAT IS PERSONAL DATA? WHICH DATA DO WE PROCESS AND WHY?
“Personal Data” means any information capable of directly or indirectly identifying a natural person, in this case, you browsing the Website (“Data”). Below we outline what personal data is processed by the Controller in relation to the different purposes.
a. MANAGEMENT OF BOOKING/PURCHASE REQUESTS SUBMITTED VIA LINKS TO THE “BOOK A VISIT” SECTION The Controller collects and processes your Data in order to follow up on your booking request voluntarily made by you via the appropriate link on the Website in the “Book a visit” section, pursuant to Article 6(1)(b) GDPR. i.e. performance of a contract to which the data subject is party or precontractual measures adopted at the request of the data subject. The Controller will process the following identification data (name and surname, e-mail address, telephone number, residence address, tax code) and information needed for payment (payment card holder’s name, payment card number, expiry date, CVV or Paypal account, and invoicing address). For such purposes. provision of Data is optional. Nevertheless, in the event of failure to provide it, the Controller will not be able to follow up on your booking request.
b. SENDING DIRECT MARKETING COMMUNICATIONS If you have provided your consent, the Controller may send you, by e-mail or text message, commercial communications to notify you of news about products, promotions, events and/or initiatives carried out by the Controller (Communications also called Newsletters). The legal basis is your consent (Article 6(1)(a) GDPR), which you can withdraw at any time by writing to the following e-mail addresses:
angeliniwinesandestatessocagrarl@legalmail.it or dpo@angeliniwinestates.com.
c. DEFENDING RIGHTS IN COURT The Controller may process your Data to assert and defend its rights. Where necessary, processing will be based on the condition of lawfulness pursuant Article 6(1)(f) GDPR (Legitimate interest of the Controller). For such purposes. provision of Data is optional. Nevertheless, in the event of failure to provide it, the Controller will not be able to guarantee you browsing on the Website. In any case, the Controller undertakes to collect only information that is adequate, relevant and limited to that strictly necessary to achieve the purposes pursued by the latter case by case, and that this does not result in a limitation or other violation of your rights and freedoms as a data subject.
4. WHERE DO WE TRANSFER YOUR DATA NA TO WHOM DO WE COMMUNICATE IT?
The server where the Website is located is within the European Economic Area (EEA). Your Data may be communicated to other companies of the Angelini Group, as well as to third party companies located within the European Economic Area that the Controller uses for the pursuit of the above purposes, specifically appointed as data processors pursuant to Article 28 GDPR. Where required by law, your Data may also be disclosed to other companies, Competent Authorities or Public Bodies located within the European Economic Area, which will process it for their own purposes as autonomous data controllers. To request a complete and up-to-date list of Data recipients (data processors and/or autonomous data controllers), you may contact the Controller or DPO at the contact details provided in paragraphs 1 and 2.
5. FOR HOW LONG DO WE PROCESS AND RETAIN YOUR DATA?
The Controller will process and retain your personal data for a limited period of time, strictly necessary to achieve the above-mentioned purposes, which differs according to the type of purposes described above, as outlined below. Once this period has expired, your data will be permanently deleted or otherwise irreversibly anonymised, except where retention for a later period is required for any litigation, requests by the competent authorities or pursuant to applicable legislation.
For each of the purposes mentioned in paragraph 3, your Data will be retained in accordance with the following:
- Management of booking/purchase requests submitted via links to the “BOOK A VISIT” Section: your Data will be retained for the time necessary to process your order, via the website, and for the performance of the sales contract, and will be subject to further retention for a period of 4 years from the last registration of tax documents exclusively for the fulfillment of tax obligations. Your data will be subject to further retention for a period of 10 years after purchase exclusively for purposes of protecting the rights of the Controllers as well as for the fulfillment of other legal obligations.
- Sending direct marketing communications: your Data will be retained for 24 months after your confirmation to receive commercial communications, unless your consent, in cases where it is required, is withdrawn earlier. After the 24-month period has passed, the data will be deleted. Upon withdrawal of consent, in cases where it is required, even if this occurs before the 24-month period has elapsed, the Controller will cease all data processing based on such consent.
- Defending rights in court: your Data will be retained for the time strictly necessary for the defense of rights in court;
The retention periods of your Data indirectly collected by the Controller via cookies are listed in the appropriate Cookie Policy.
6. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
You, as a data subject, have the right to:
- access and request copies of the Data;
- request rectification or updating of Data where inaccurate or incomplete;
- request, under certain circumstances, deletion of the Data or restriction of processing concerning the Data;
- withdraw consent where the processing of Data was based on the aforementioned condition of lawfulness.
- request Data portability (where applicable);
- object to its processing (where applicable);
Finally, you may at any time lodge a complaint with the Data Protection Authority. In order to obtain further information regarding your rights, you may contact the Controller or the DPO at the contact details provided in paragraphs 1 and 2 of this policy. You are free to exercise your rights in any way you choose and it is free of charge.
7. HOW TO LODGE A COMPLAINT
If you wish to lodge a complaint concerning the manner in which your Data is being processed, or concerning the handling of a complaint you have lodged, you may lodge a complaint directly with the Supervisory Authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 – Rome, Italy, Telephone +39 06696771, E-mail: protocollo@gpdp.it, www.garanteprivacy.it).
8. FINAL PROVISIONS
The Controller reserves the right to modify and/or update this policy.
[version last updated November 2024]