[Account] Statement on the processing of personal data
STATEMENT ON THE PROCESSING OF PERSONAL DATA
Alessi Paride S.r.l. (from now on, for the sake of brevity, “Enoteca Alessi”, or the “Company”, or “us” or “we”) informs you that the personal data of yours that it acquires when you create an account on the https://www.enotecaalessi.it portal shall be processed in accordance with the law on the protection of personal data.
With reference to the methods used for the management and processing of your personal data we are providing the following information pursuant to Article 13 of EU Regulation No. 679/2016:
1. Types of data collected
Data that you, as the user, supply voluntarily
Upon making a purchase and creating an account through the https://www.enotecaalessi.it portal, the following personal data are collected and processed:
- first name, surname and contact data;
- fiscal data;
- password.
2. Purposes and legal basis of the processing operations
The data you supply, which are then collected by Enoteca Alessi, shall be processed in order to:
- allow you to create an account, shop and create a wish list on the https://www.enotecaalessi.it portal. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6, section 1, letter b) of EU Regulation No. 679/2016 – i.e. processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
- comply with any legal obligations or regulations, or to requests made by the judicial authorities. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6, section 1, letter c) of EU Regulation No. 679/2016 i.e. processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
- send promotional material by means of emails relating to products of the Data Controller that are similar to those already purchased and/or requested by the Data Subject. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Art. 6, section 1, letter f) of EU Regulation No. 679/2016 – i.e. processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party;
- exercise or defend a right in court. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6 section 1, letter f) and Article 9, section 2, letter f) of EU Regulation No. 679/2016 – i.e. processing is necessary for the establishment, exercise or defence of legal claims of whenever courts are acting in their judicial capacity
- send you the Enoteca Alessi Newsletter, which has informative and promotional purpose,. The legal basis that legitimises the processing of personal data for this purpose is set out in the circumstances described by Article 6, section 1, letter a) of EU Regulation No. 679/2016 – i.e. processing is based on consent of the data subject.
3. Period of data storage
The personal data collected and processed for the purposes set out at Points 2 a), 2 b) and 2 d) shall be stored for a maximum of 10 years. The personal data collected and processed for the purposes set out at Points 2 c) and 2 e) shall be stored for a maximum of 2 years.
4. Methods of processing
Any personal data collected shall be processed, retained and analysed using electronic tools and shall be stored both in electronic format and in hard copy, organised into databases, and on any other appropriate type of media.
Specific security measures are implemented to prevent the loss, illegal or unfair use of the data, or unauthorised access to them.
The processing of your personal data carried out by Enoteca Alessi does not involve any automated decision-making.
5. Disclosure of your personal data
The disclosure of your data for the purposes set out at Points 2 a), 2 b) and 2 d) is necessary for the execution of the contractual relationship and for compliance with the legal requirements and is, therefore, compulsory for that purpose. Failure/refusal on your part to provide your personal data shall make it impossible for Enoteca Alessi to provide the requested service. The disclosure of your data for the purposes set out at Points 2 c) and 2 e) is optional –failure/refusal to provide your data for said purposes shall not have consequences for you.
6. Parties to which your personal data may be disclosed
Any personal data of yours that have been collected shall not be disclosed indiscriminately, but may be communicated to those parties that have the right to access your personal data to ensure compliance with legal and secondary and/or EU regulations, and to the Data Controller’s own personnel, and also to companies, associations or professional firms that provide services and operations on behalf of the Data Controller, operating as Data processors, to ensure compliance with legal obligations, and for every other organisational and/or administrative requirement that is necessary to provide the requested services (such as ICT service providers or E-Mail service providers).
The names of the additional parties to which your personal data may be disclosed, operating as Data processors, are shown in an up-to-date list that can be requested from Enoteca Alessi (using the data indicated at Point 9).
7. Transfer of data outside the European Union or to international organisations
Enoteca Alessi shall not transfer your personal data to countries situated outside the European Union or to international organisations.
8. Your rights as the Data Subject
In relation to the aforementioned processing operations carried out on your personal data, you are entitled to exercise at all times those rights set out by EU Regulation No. 679/2016 (GDPR), including, for example, the right to be informed as to:
- the origin of any personal data held that concerns you;
- the purposes and methods of the processing operations;
- the logic applied in the case of processing operations carried out using electronic instruments;
- the identification of the Data Controller, the Data Processors and the designated representative.
As the Data Subject, you have the right to obtain:
- access to the data, and their updating, rectification or (where in your interest) completion;
- the erasure, transformation into anonymous form or blocking of access to any data processed in breach of the law;
- the limitation of the processing of those data that concern you, or to request that the Data Controller or the Data Processor reduce the purposes and/or methods for/with which your data are being processed.
You can also request a copy of your data in a standard format (the so-called “Right to data portability”).
As the Data Subject, you also have the right to object, at any time and at no cost, wholly or partially:
- for legitimate reasons, to processing of your personal data, even if the processing operations are still relevant to the purpose for which the data were collected in the first place;
- to processing of your personal data carried out pursuant to Article 6, Paragraph 1 of the GDPR, Letters e. (“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”) or f. (“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”) including profiling on the basis of these provisions;
- to processing of your personal data for the purposes of sending Newsletter, advertising or direct sales material or for the completion of market research or commercial communications (direct marketing), including any relevant profiling operations.
You have the right to withdraw your consent for the processing operations when that consent is based on the circumstances described by Article 6, Paragraph 1, Letter a. (when “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”), or by Article 9, Paragraph 2, Letter a. (when “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”) of EU Regulation No. 679/2016, at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Should you consider the processing operations to have been carried out in breach of current legislation, you have the right to lodge a complaint with a supervisory authority, specifically in the Member State in which you habitually reside or work, or the Member State where the alleged breach has taken place. The Italian supervisory authority can be contacted using the contact data on its own website.
9. Data Controller – Contact data
The Data Controller is Alessi Paride S.r.l., Via delle Oche 27R, 50122 Firenze, P.IVA n. 00393150487. The company can also be contacted at the following email addresses info@enotecaalessi.it and alessiparidesrl@pec.it. the latter being the company’s “certified e-mail” address.
To exercise the rights listed above, you may submit a request to that end by writing to the following email address: info@enotecaalessi.it.