ARTICLES 13-14 of the european regulation N. 679/2016

ARTICLES 13-14 of the european regulation N. 679/2016

the writer

TENUTA DI SPINETO DI NICOLA E FRANCO TAGLIAPIETRA SAS – SOCIETA’ AGRICOLA
C.F. e P.I.V.A.: 00759740525
Numero Rea: SI-81548

PROCESSED DATA

The controller informs you that your personal data, also called simply “data” (for example name, surname, address, telephone number, email, bank details, etc.), that have been collected directly, verbally or through third parties, will be processed in compliance with the EU Regulation. The controller processes your data fairly and lawfully for the performance of contracts or the implementation of precontractual measures (for example an offer elaboration, etc.) that you may have requested (art.6 EU Regulation). “Data processing” means any activity regarding the collection, registration, organisation, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, block, transmission, spread, deletion, of data.

Legal basis and purposes of processing
Legal basis: EU Regulation n. 679/2016

2A) without your express consent (art. 6, b), c), e) of EU Regulation), for the following purposes:

– fulfil the contractual, precontractual and fiscal obligations, under the deals between you and the company;

– fulfil the obligations required by the law, regulations, Community legislation or by any order of the Authorities (as when it comes to anti-money-laundering);

– exercise the rights of the controller, as for the right to defence in court;

– keep the accounts;

– management purposes (invoicing, document management, etc.);

– management of claims;

– statistical analysis and quality control;

– insurance management;

– technical assistance.

In particular, your data will be processed to fulfil the following duties, according to legal or contractual obligations:

– technical and functional access to the site. No data will be kept after the closing the of Browser;

– Advanced navigation purposes or customized content management;

– Statistics and analysis purposes regarding navigation and users.

2B) Your personal data may also, prior your consent (art.7 EU Regualtion), be used for the following marketing and Advertising purposes:

– sending advertisement or informative email, sms or mail about products or services offered by the controller and/or about the collection of data regarding the level of Customer’s satisfaction on the service provision.

– sending commercial communication and advertisement email, mail, sms or voice calls by third parties (for example, business partners).

Means of processing

The processing of your personal data is carried by following the procedures stated in art.4 n.2) of the EU Regulation, regarding: the collection, registration, organisation, structure, storage, adaptation or modification, extraction, consultation, use, communication, spread or any other method of sharing, comparison or interconnection, limitation, deletion, block of data.

Your personal data are processed both manually and electronically/automatically (in any case in a way suitable to grant the safety and privacy of your personal data).

 

Conservation of data and other information

The Controller will process personal data for the time necessary to achieve the purposes mentioned above, and in any case, data won’t be processed beyond the legal bounds. The Personal data used for marketing and commercial purposes, will be kept respecting the principle of proportionality and until the achievement of the processing purposes or until the customer’s consent withdrawal. In particular, the data Controller will process data at the latest within 3 years from when they are collected. The Personal data you provide, will be processed lawfully, fairly and transparently, to guarantee your privacy and the respect of your rights.

 

Data access

Your data can only be accessed to pursue the purposes mentioned above at 2.A) 2.B) by:

– partners, employees and people associated to the controller, both in Italy and abroad, in their capacity as people in charge of and/or responsible for the data processing or the system administration;

– third parties or other subjects who perform outsourcing operations on behalf of the Controller, in their capacity of external responsible of the processing (as for example law firms, lawyers, data elaboration societies, certified institutions, forensic accountants/tax advisor, and in general all the authorities in charge of verify and control the correct implementation of the above-mentioned commitments, credit institutions, consultants, insurance companies, financial offices, local authorities, consultants and societies interested in the safety at the workplace. They can, in their turn forward the data or allow their access to their partners, users and other successors in titles, for market research purposes. Furthermore, the processed and collected data can be forwarded, both in Italy and abroad, to subcontractors, suppliers, transport operators, customs agents and couriers).

For the sake of brevity, he full list of all the professional figures is available at your disposal in our headquarter.

 

Communication of data

Communication of data
Without the necessity of an expressed consent, (art. 6, b)-c) of the EU regulation), the controller can, for the purposes mentioned in point 2.A), forward your data to supervisory bodies, legal authorities, insurance companies, as well as to those, to who the sharing of data is legally mandatory, for the completion of the above-mentioned purposes.

Those subjects will process your data in quality of independent controllers.

During, and after browsing, your data may be forwarded to third parties, and specifically to:

– Google: Advertising Service, Advertising Coverage, Analytics / Measurement, Content Customization, Optimization;

– Google AdWords: Advertising Service, Advertising Coverage, Analytics / Measurement, Content Customization, Optimization;

– Google Analytics: Advertising Coverage, Analytics / Measurement, Optimization.

Your personal data won’t be disclosed in any way.

Details on the processing of personal data

Personal data are collected for the following purposes and use the following services:

Contact the user

Contact form (this website)

By filling their personal data in the contact form, users agree with the use of their data to receive general information, quotes or any other answer to their questions.

Personal data collected: surname, name, email, and telephone number.

About TAGs

This kind of services is functional for the centralised management of the tags or scripts used on this website.

This service make use of the user’s data and sometimes it keeps them.

GOOGLE TAG MANAGER (GOOGLE LLC)

Google Tag Manager is a management tag service provided by Google LLC.

Personal data collected: Cookie and Usage Data.

Place of data processing: United States – Privacy Policy.

Requests for assistance and how to communicate with us

This service makes it easier for this website to handle any request for assistance, or contact request received by email or other sources (as for example the contact form).

The personal data processed depend on the information written by the User in the message text and on the mean of communication (for example, the email address).

Address management and email sending

These services make it easier to handle email addresses database, telephone numbers or any other contact information, used to communicate with the user.

These services could also contribute to collect information about the time and the date in which the message has been visualised by the user, as well as the user interaction with the services themselves and the information about the visits of websites linked in the message text.

Mailchimp

Personal data collected: email

Place of data processing: Italy– Privacy Policy.

 

Interaction with SOCIAL NETWORKs and esternal platforms 

These services make it easier to interact with social networks or with other external platforms, directly from this website.

The interactions and information acquired by this website are made subject to the user’s privacy settings of his profile in every social network.

If a service for the interaction with social networks is installed, it may happen that, even if the user doesn’t make use of the service, traffic data are collected anyway, in the pages in which the interaction service is active.

 

likes and facebook social widget (FACEBOOK, INC.)

The “like” button and Facebook social widget are services that interact with Facebook, and are provided by Facebook, Inc.

Personal data collected: Cookie and usage data.

Place of data processing: United States– Privacy Policy.

Youtube button and social widget (GOOGLE INC.)

The YouTube button and social widget are services that interact with YouTube, provided by Google Inc.

Personal data collected: usage data.

Place of data processing: United States– Privacy Policy.

+1 button and google+ social widget (GOOGLE INC.)

+1 button and Google+ social widget are social network interaction services, provided by Google Inc.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy.

SPAM protection

This service analyses the Website traffic that may contain user’s personal data, to avoid SPAM messages and contents.

GOOGLE RECAPTCHA (GOOGLE INC.)

Google RECAPTCHA is a SPAM protection service, provided by Google Inc.

The use of RECAPTCHA system is subjected to Google privacy policy and conditions of use.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy.

 

Registration and authentication

When registering or authenticating, the user allows the App to identify his/her identity and to provide him/her with the dedicated services.

As stated below, registration and authentication services may be provided through third parties. If this happens, the App might access some Data stored by the third-party service for registration or authentication purposes.

FACEBOOK AUTHENTICATION (FACEBOOK, INC.)

Facebook Authentication is a registration and authentication service provided by Facebook, Inc. and linked with Facebook itself.

Personal data collected: different kind of Data, as further specified in the service Privacy Policy. Place of data processing: United States– Privacy Policy.

INSTAGRAM AUTHENTICATION (INSTAGRAM, INC.)

Instagram Authentication is a registration and authentication service provided by Instagram Inc. and linked with Instagram itself.

Personal data collected: different kind of Data, as further specified in the service Privacy Policy. Place of data processing: United States– Privacy Policy.

LOG IN WITH PAYPAL (PAYPAL)

Log In with PayPal is a registration and authentication service provided by PayPal Inc. and linked with PayPal network.

Personal data collected: different kind of Data, as further specified in the service Privacy Policy. Place of data processing: please consult PayPal privacy policy– Privacy Policy.

YOUTUBE OAUTH (GOOGLE INC.)

YouTube OAuth is a registration and authentication service provided by Google Inc. and linked with YouTube.

Personal data collected: different kind of Data, as further specified in the service Privacy Policy. Place of data processing: United States– Privacy Policy.

REMARKETING E BEHAVIORAL TARGETING

This service allows the Website and its partners to communicate, optimize and provide the user advertisements based on the user’s previous usage of this Website.

This is made possible by the tracking of usage data and Cookies, that are shared with partners, with who the remarketing and behavioural targeting activity is connected.

Beside the user’s possibility to opt-out from the offers of the following services, the user can choose to avoid receiving third-party Cookies connected with a third-party service.  To do so, please visit the  opt-out page on the Network Advertising Initiative.

ADWORDS REMARKETING (GOOGLE INC.)

AdWords Remarketing is a remarketing and behavioural targeting service, provided by Google Inc. AdWords Remarketing links this Website activity to the Adwords advertising network and to Doubleclick Cookie.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy – Opt Out.

GOOGLE ANALYTICS remarketing for display advertising (GOOGLE INC.)

Google Analytics for display advertising is a remarketing and behavioural targeting service, provided by Google Inc., that links the tracking activity by Google Analytics and its Cookie, to Adwords advertising network and Doubleclick Cookie.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy – Opt Out.

FACEBOOK REMARKETING (FACEBOOK, INC.)

Facebook Remarketing is a remarketing and behavioural targeting service provided by Facebook, Inc., that links this Website activity to Facebook advertising network.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy – Opt Out.

DOUBLECLICK FOR PUBLISHERS AUDIENCE EXTENSION (GOOGLE INC.)

Doubleclick for Publishers Audience Extension is a remarketing and behavioural targeting service provided by Google Inc. that traces this Website visitors and allows selected partners to provide them with personalised advertising on the web.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy – Opt Out.

FACEBOOK CUSTOM AUDIENCE (FACEBOOK, INC.)

Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook, Inc. that links this Website activity to Facebook advertising network.

Personal data collected: Cookie and email.

Place of data processing: United States– Privacy Policy – Opt Out.

STATIstic

The services below, allow the Controller to control and analyse traffic data and to trace users behaviour.

GOOGLE ANALYTICS (GOOGLE INC.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses Personal data collected to trace and analyse how this website is used and to fill in reports and share them with other services developed by Google.

Google might use Personal Data to contextualize and customise its advertising.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy – Opt Out.

GOOGLE ADWORDS conversion monitoring (GOOGLE INC.)

Google AdWords conversion monitoring is a service for statistics provided by Google Inc, that links Google AdWords data with the actions taken on this website.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy.

Facebook Ads conversion monitoring (FACEBOOK, INC.)

Facebook Ads conversion monitoring is a statistic service provided by Facebook, Inc. that links Facebook advertisement network data with the actions taken on this website.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy.

DISPLAY ADVERTISERS extension for GOOGLE ANALYTICS (GOOGLE INC.)

On this website, Google Analytics might use advertising based on Google interests, third-parties audience data and DoubleClick Cookie information to extend statistics with demographic data, interests and data on the interaction with advertisement.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy – Opt Out.

GOOGLE ANALYTICS with anonymous IP (GOOGLE INC.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses personal data to trace and examine the use of this website, fill in reports and share them with other services developed by Google. Google might use Personal Data to contextualize and customise its advertisements.

This Google Analytics integration anonymizes your IP. The anonymization works by abbreviating the user’s IP address and is possible within the states of the European Union, or in other countries that took part in the agreement on the European Economic Area. Only in exceptional circumstances the IP address will be sent to the Google server and abbreviated within the United States borders.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy – Opt Out.

Contents and functionalities performance testing (A/B TESTING)

The services below, allow the Controller to trace and analyse the user’s answer, in terms of internet traffic and behaviour, in relation to the structure, text or other content adjustment.

Display of contents from external platforms 

This service allows to display the contents on external platforms, directly from this website and to interact with them.

In case this service was active, it might collect the traffic of the pages in which it is installed, even though the user doesn’t make use of the service.

GOOGLE FONTS (GOOGLE INC.)

Google Fonts is a viewing service of styles and fonts provided by Google Inc. that allows this website to integrate those contents in its webpages.

Personal data collected: different kind of Data, as further specified in the service Privacy Policy. Place of data processing: United States– Privacy Policy.

WIDGET VIDEO YOUTUBE (GOOGLE INC.)

YouTube is a video viewing service provided by Google Inc. that allows this website to integrate those contents in its webpages.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy.

WIDGET INSTAGRAM (INSTAGRAM, INC.)

Instagram is an image viewing service provided by Instagram, Inc. that allows this website to integrate those contents in its webpages.

Personal data collected: Cookie and Usage data.

Place of data processing: United States– Privacy Policy.

Data transfer

Personal data are kept on devices located in the Controller headquarters or at providers within the European Union. Anyway, when necessary the Controller can move the data even in extra-EU countries, in accordance with legal requirements, after the contract terms approval and standard verifications provided for by the European Commission.

The controller has implemented adequate technical and organisational measures to grant an appropriate security level with due regard for what is stated in art. 32 of the EU Regulation, both for the data stored in its devices and for data that may be collected by providers.

Navigation: your navigation data might be transferred, with regard to the abovementioned purposes, in the following states: -EU countries, -The United States.

Cookie management: if you have any doubt about Cookies and their use, you can always block them by modifying your browser privacy settings.

Since every browser, or different versions of the same browser, differ from each other, you will find detailed information on the necessary procedure in your browser guide.

Data provision and consequences for the refusal to answer

The provision of data for the purposes in 2.A) is mandatory. Without those data, we couldn’t grant you the services stated in 2.A).

The provision of data for the purposes in 2.B) is optional. You can therefore decide, whether to provide your data or not, or to block the access to your data at a later stage. In this case, you won’t receive newsletter, commercial communications and advertisement from the Controller anymore.

Anyway, you will still have access to the services mentioned in 1.A).

Rights of the data subject

In your role of data subject, you have the right under art.15 of the EU Regulation below, namely:

1. You have the right to request information about the personal data the Controller holds on you at any time, particularly about:

a) the purposes of the data processing;

b) the categories of personal data registered:

c) the subjects to which your personal data will be forwarded, especially if the addressee is in third-counties or international organisations;

d) when possible, the period of time in which your personal data will be kept or, if not possible, the criteria used to determine that period;

e) the existence of the right to request rectification of your personal data if the information is incorrect, including the right to have your personal data erased. You also have the right to object to the processing of your personal data or to limit it;

f) the right to file a complaint to any authority (Personal Data Protection Authority);

g) all the information about the source of data, if they have not been provided by the user himself:

h) the existence of an automatic decision-making system, including profiling under art. 22, paragraphs 1-4 of the EU Regulation and, at least in those situations, significant information about the logistic methods, as well as the importance and the consequences of the processing for the user.

2.if your personal data should be sent to a third country or an international organisation, you have the right to be informed about the existence of adequate warranties under art.46 of the EU Regulation concerning the transfer.

3.On your request, the Controller will provide you with a copy of your personal data processed.

In case you asked additional copies, the controller might charge you with a reasonable fee based on administrative costs. If you make your request by electronic means, unless otherwise specified, you will receive the information in electronic form.

4. the right to obtain a copy under paragraph 3, don’t have to adversely affect the rights or freedoms of others.

Besides, where applicable, you can benefit from the rights under art. From 16 to 21 of the EU Regulation, and you have:

– the right to correct your personal data;

– the right to erase your personal data;

– the right to restrict the data processing;

– the right of data portability;

– the right of opposition;

– the right to complain with the Competition authority.

In addition, you have the right to withdraw at any time your consent, without any prejudice to the lawfulness of processing based on the consent you gave before the withdrawal.

Personal data collected from other sources than the data subject

It may happen that the person writing is not the Controller to who you gave your personal data, but is a controller’s partner or the external responsible for the processing, and that your data have been transmitted to the writing person in a later moment, due to a contract that regulates parties. In this case, the writing person will do everything in its power to make sure that you have been informed and have given your consent to the processing. You can at any time ask the source of your data acquisition.

The controller and the people in charge

Here you will find some information you should be aware of, not only to comply with legal obligations, but also because transparency and fairness towards whoever visits this website, is an important aspect of our activity.

Controller. The controller of your personal data is TENUTA DI SPINETO DI NICOLA E FRANCO TAGLIAPIETRA SAS – SOCIETA’ AGRICOLA

You can get in touch with Comunello Sportfashion S.r.l. to ask any information or make your requests, at the following email address: info@abbaziadispineto.com

People in charge. The updated list of people in charge for the processing of your data, is kept in the Controller’s headquarters.

We invite you to always refer to the Italian legislation and to our updated privacy policy.  https://www.garanteprivacy.it/web/guest/home/provvedimenti-normativa/normativa/normativa-italiana