Information notice on processing of personal data pursuant to EU General Data Protection Regulation 2016/679
In compliance with the provisions of EU Regulation 2016/679, here is the necessary information on how we process your personal data; in detail, the categories of data processed, purposes, manner of processing, scope of communication and dissemination of the data, the expected time of retention of the data, the possibility of their being transferred to third countries and the existence of profiling processes which could involve processing your personal data.
1. Purpose of the processing
Depending on the services delivery of which has led you to provide us with your personal data, data processing will have the following purposes:
➢ Purposes associated with processing by our websites:
1. letting the data subject access web portals belonging to the data Controller, as well as enjoying and using them according to the implemented technologies and tools (reserved SERVICE area of the site);
2. managing booking of visits and stays at our estates or booking at our restaurants;
3. answering requests for information coming from the data subject
4. managing the reception of curricula sent by the data subject submitting a candidacy for a job with our business
5. Managing the registration needed to take part in competitions organised by us, distribution of tasting coupons
6. Managing registration with polls/quizzes which we may submit to the data subjects
7. Managing and activating subscriptions to our newsletter
➢ Purposes associated with free Wi-Fi services inside our premises:
8. Activating, delivering and managing access permits to the Wi-Fi service called Volare
➢ Purposes associated with the Cardscan app to scan calling cards:
9. Recording personal and contact data of visitors and consultants at the data bank for communications to the outside
➢ Purposes associated with the CRM Wines app recording visitors during events or activities:
10. Recording personal and contact data of visitors
➢ Purposes associated with marketing:
11. Delivery of commercial and promotional information by postal mail, email, phone and SMS
12. Subscription to the newsletter (should commercial content be involved);
13. Market research.
➢ Purposes associated with profiling:
14. Analysing habits, behaviour and consumer choices in order to define a profile of the data subject to deliver promotional messages, offers or other commercial communication of interest to the addressee.
The data will be retained for a period of time proportional to the specific purposes involved.
2. Nature of the data provided
Your personal data will be collected in order to respond to an explicit request by you, that is for the performance of one of our services which you intend to make use of. As an alternative, the data will always be processed on a consent basis.
You must provide your data whenever you request the activation/delivery/performance of one of the services we propose to you (that is for processing with the purposes described above and numbered from 1 to 8).
Personal data will be processed for marketing and profiling purposes only after free expression of explicit and specific consent by the data subject.
Consent to data processing for purposes of profiling implies consent for marketing purposes, since the latter is only carried out after developing a profile of the addressee’s interests. You will not be the subject of any direct marketing activities if we cannot carry out the preliminary profiling operations.
Refusal to consent to processing for marketing and profiling purposes will in no way affect the possibility for the data subject to receive the services being offered.
Consent expressed by the user may be freely recalled at any time. By accessing the page frescobaldi.microsoftportals.com you can see and change the data you sent us.
3. Manner of processing
Your data will be processed according to principles of correctness, legality and transparency, and will be carried out using electronic tools but also on paper files suitable for filing, management and transmission. Processing will be carried out using tools which, in a reasonable manner and according to the state of the art, can guarantee security and confidentiality through the use of procedures for preventing the risk of loss, unauthorised access, illicit use and dissemination.
4. Scope and purpose of communication and dissemination
Your data may be made known to employed and/or consultant company staff especially appointed as data processors or as people in charge of the processing.
The personal data may be communicated to third parties to fulfil legal obligations, that is to comply with orders coming from public authorities with the legitimate right to do so or to uphold or defend a right in court.
Your personal data, for the purposes mentioned above, may be made available to:
- The commercial network of the Data Controller
- Third parties carrying out specific tasks of collaboration on behalf of our company for advisory, commercial and promotional purposes;
- Companies associated with and controlled by the Marchesi Frescobaldi Group.
Your personal data will not be disseminated or communicated to third parties for reasons other than those mentioned above, unless required by a law or regulation or EU regulation
5. Transfer of personal data outside the European Union
The personal data provided by you and processed for the above purposes will in no case be transferred to countries not belonging to the European Union. Should a transfer become necessary in the future, this will be possible only following your informed and explicit consent
6. Data retention time
Your personal data will be kept solely for the time needed to activate/deliver/perform the service you have subscribed to and more in general as provided for by law or specific measures issued by the National or European Data Protection Authority.
The Data Controller is: Marchesi Frescobaldi soc. agricola s.r.l. unipersonale, Tax Code and VAT No. 01770300489 legal headquarters in Via S. Spirito 11 50125 Florence, Administrative Office in Via Aretina 120, 50065 Sieci (FI). The Data Processor is Mr Giuseppe Saracino. The complete list of appointed data processors is available from the Data Controller at the address listed above.
6. Exercise of your rights
We remind you that at any time you may exercise your rights as provided for by EU Regulation 2016/679 which can be read in the annex.
We therefore inform you that:
- You have the right to ask the Data Controller for access to data concerning you, rectification or erasure, additions to incomplete data, restriction of the processing; to receive the Data in a structured format, of common use and readable from an automatic device; to recall any consent you may have granted concerning processing of your sensitive data at any time, and to object, in whole or in part, to use of the Data;
- You have the right to lodge a complaint with the Authority for the Protection of Personal Data, following the procedures and instructions published on the official website of the Authority http://www.garanteprivacy.it.
- You have the right at any time to recall consent without prejudice to the legitimacy of the processing based on consent provided before such recall;
You may exercise such rights in writing by postal mail directly to the Data Controller or by email to the following email address firstname.lastname@example.org where you can
- recall previously granted consent
- Change your personal data
- Request erasure from the DBs of the Controller (except in cases where data retention is demanded by the law)
- Request extension of the data
- Request Transferability
If the request for access is submitted using electronic media, information will be provided in a commonly used electronic format. Exercise of your rights is not subject to any formal restriction and is free of cost. To afford greater detail, an extract is provided from articles 15 to 23 of the Regulation, which you can consult at this link:
Reference to EU Regulation 2016/679
Article 13: Information to be provided where personal data are collected from the data subject
Article 15: Right of access by the data subject
Article 16: Right to rectification
Article 17: Right to erasure
Article 18: Right to restriction of processing
Article 20: Right to data portability
Article 21; Right to object
Article 22: Automated individual decision-making, including profiling