ADVISORY NOTICE RELATIVE TO THE PROTECTION OF personal data (PRIVACY NOTICE)
pursuant to art. 13-14 of the GDPR (General Data Protection Regulation) 2016/679
Pursuant to and in accordance with EU Regulation 2016/679 (abbreviated as GDPR), Cavit sc informs you that the personal data provided by yourselves, or acquired by our Company as part of the business activities that are required in order to fulfil the services offered, will be processed in full compliance with the norms governing privacy and the principles of fairness, lawfulness and transparency, and safeguarding your rights and your confidentiality.
The Data Controller is Cavit s.c. with registered offices in Via del Ponte 31, 38123 Trento (Italy).
TYPE OF DATA PROCESSED, PURPOSE AND LEGAL GROUNDS FOR PROCESSING
The personal data (identification data such as, by way of example: name and surname, company name, tax code, VAT code, address, telephone/telefax number, e-mail address, bank and payment details) are collected and processed:
- in order to conduct the working relationship with the client on the basis of the pre-contractual and contractual agreements; allow for and manage your registration on the website, manage and fulfil your purchase orders for the products, and respond to any requests for information received on the website.
- for internal administrative, fiscal and accounting purposes connected with the client-supplier relationship and to comply with the obligations in general applicable to the Data Controller by laws and regulations, EU norms, requirements of the judicial authorities or in order to exercise the Data Controller’s rights (e.g. the right of defence in judicial proceedings).
- if so specifically and expressly permitted by the Data Subject in the WEB access mode, for the following marketing purposes, the sending by e-mail, regular mail, text message or telephone contact) of:
updates concerning the activities of the Data Controller
publicity material or commercial communications about the products or services offered by the Data Controller and to measure the degree of satisfaction with the quality of the services.
The legal ground which legitimizes the processing of the data described in item “1” (pre-contractual and contractual agreements) and “2” (administrative, accounting or fiscal purposes) is the fulfilment of a contract for the supply of services to which the Data Subject is a party, or the performance of pre-contractual activities on request of the Data Subject.
In the cases expressly referred to in items “3” (marketing ), the legal ground is the freely-expressed consent of the Data Subject.
In addition, data relative to the use of the website may be collected: information regarding the way in which the website is used, including information collected by means of cookies:
- session cookies: these are temporary cookies memorized on your browser only until the end of the session. These cookies are necessary to the correct functioning of the site.
- tracking cookies: tracking cookies may be used in order to improve the user experience and to improve navigation. These cookies remain in the files of the browser for a longer period, depending on the settings entered on your browser. Tracking cookies transfer the information to a web server each time you visit our site.
In the event of the sending of curriculum vitae, exclusively for the purpose of the selection of personnel and for the establishment of an employment relationship, the legal ground which legitimizes the processing of the data is related to the execution of pre-contractual and contractual agreements.
WINE GROWER MEMBERS
As part of the PICA operational IT tool, and to guarantee the services of the agronomic staff to the individual winemakers, personal data are managed including name, surname, telephone number and e-mail address.
The aims are the sending of periodic information relating to proposals for agronomic activities to be carried out in the vineyards in order to pursue a precision and quality viticulture respecting the environment.
The legal ground is the execution of a contract of which the Interested Party is a party under the terms of the Statute (pursuant to article 6 paragraph 1 letter b) of the GDPR.) and for resolutions passed by the Board of Directors (pursuant to article 6 paragraph 1 letter f ) of the GDPR.)
METHODS OF PROCESSING
The processing of the Data Subject’s personal data comprises the collection, recording, organization, conservation, consultation, processing, modification, selection, extrapolation, comparison, utilization, interconnection, blockage, communication, cancellation and destruction of the data.
The Data Subject’s personal data are collected after being sent directly to the Data Processor by compiling forms or documents in general prepared for such purpose, via the WEB or included in contractual documents, or collected telephonically by the operator as part of their pre-contractual activities. The data are processed both manually in printed form and also using electronic, telematic and data processing instruments and devices.
The data so collected are recorded and conserved by the Data Processor in digital and/or printed files, and are supervised and controlled in order to minimize the risk of loss or destruction, whether accidental or otherwise, unauthorized access and processing which is not authorized or not in compliance with the purposes of their collection.
The data are processed by the Data Processor’s appropriately-trained employees or collaborators.
RECIPIENTS OR GROUPS OF RECIPIENTS OF PERSONAL DATA
The processing of the Data Subject’s personal data is carried out by employees of the Data Controller (employees, collaborators, system supervisors) who have been selected and authorized to process the data on the basis of a code of conduct drawn up in observance of current legislation concerning privacy and data protection.
Where necessary for the purposes of the processing, the personal data may be processed by third parties appointed as Data Processors (pursuant to art. 28 of the GDPR) or by independent Processors including:
- consultants, companies, associations or consulting firms providing the Data Controller with assistance or consultancy services in the areas of administration, accounting, taxation, or legal or personnel selection consultants;
- all Public Institutions set up under the law and, more in general, all organizations contemplated by current accounting and fiscal legislation as the recipients of compulsory communications;
- banks for collections and payments, for the management of payments using credit cards or electronic systems in general, couriers, specialist debt collection companies or companies engaged to audit the Data Controller’s financial statements.
An updated list of Supervisors and Data Processors is conserved at the legal offices of the Data Controller.
If you wish to see the list of authorized persons and any other subjects to whom the data are provided, please contact us by e-mail at: firstname.lastname@example.org.
PERIOD OF CONSERVATION OF THE PERSONAL DATA AND THE CRITERIA USED TO DETERMINE SAID PERIOD
As regards the purposes described in item “1” (pre-contractual and contractual agreements) and “2” (administrative, fiscal and accounting purposes), the Data Subject’s personal data will be processed and conserved by the Data Processor for the entire duration of the contract between the Data Subject and the Data Processor. Upon termination of the contract for any motive, the data will be conserved for the time contemplated – for each category of data – by current legislation governing accounting, fiscal, statutory and judicial matters.
As regards the purposes described in items “3” (marketing), the Data Subject’s personal data will be processed and conserved by the Data Processor until the revocation of the Data Subject’s consent or until such time as the Data Subject should exercise their right of objection to the processing or their right to their cancellation.
As regards the purposes regarding the management of curriculum vitae, the Data Subject’s personal data may be processed and conserved by the Data Controller for a maximum period of 24 months from their receipt.
WINE GROWER MEMBERS
The personal data of our Wine-Grower members will be kept by the Data Controller as long as these interested parties will be contributing members of the Cantine Sociale belonging to Cavit s.c.
The contact data for the Company which is the Data Controller are as follows:
Cavit SC – Via del Ponte, 31 – 38123 – TRENTO (ITALY)
telephone +39 0461 381711
fax +39 0461 912700
For specific enquiries concerning the processing of your personal data, please contact us by e-mail: email@example.com.
YOUR RIGHTS CONCERNING THE PROTECTION OF DATA AND YOUR RIGHT TO BRING COMPLAINTS BEFORE THE SUPERVISORY BODY
As the Data Subject and in relation to the processing described in this Advisory Notice, you enjoy the rights contemplated in articles 7, from 15 to 21, and 77 of the GDPR and, in particular:
right of access – article 15 GDPR: the right to obtain from the controller confirmation as to whether or not personal data concerning the Data Subject are being processed, and, where that is the case, to access to the personal data and obtain a copy;
right to rectification – article 16 GDPR: the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the Data Subject and/or the completion of incomplete personal data;
right to erasure (‘right to be forgotten’) – article 17 GDPR: the right to obtain from the controller the erasure of personal data concerning the Data Subject without undue delay;
right to restriction of processing – article 18 GDPR: the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the personal data are required by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to processing pursuant to Article 21 GDPR pending the verification whether the legitimate grounds of the controller override those of the Data Subject.
right to object – article 21 GDPR: the right to object, on grounds relating to their particular situation, to the processing of personal data concerning the Data Subject, based on lawfulness, legitimate interests or the exercise of public powers, including profiling, unless there are legitimate grounds for the Data Controller to continue the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.
The Data Subject shall have the right to object at any time to processing of personal data concerning them for direct marketing, which includes profiling to the extent that it is related to such direct marketing
right to withdraw – article 7 GDPR: the Data Subject shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
right to lodge complaints – article 77 GDPR: the Data Subject shall have the right to lodge a complaint with the Italian Data Protection Authority: Piazza di Montecitorio 121, 00186, Roma (RM).
PROCEDURE FOR THE EXERCISING OF RIGHTS
The Data Subject may at any time exercise their rights by sending an e-mail to firstname.lastname@example.org or by registered mail to Cavit sc, via del Ponte 31, 38123 Trento (TN)
The latest update to this Advisory Notice was made on 23.05.2018.