Privacy policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
OPERATED VIA THE WEBSITE

EU Regulation 679/2016

Pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter also GDPR), we inform you that our company processes your personal data in accordance with the principles of lawfulness, fairness, and transparency. Personal data (e.g., first name/surname, tax code, tax information, contact details, billing address, etc.) are collected directly from the data subject via the website. Below, we provide the required information regarding this processing.
* Purposes and legal bases of processing
Below, we indicate the purposes for which we process your personal data, also indicating, for each of these, the relevant legal bases (or conditions of lawfulness) as set out in Article 13 of the GDPR. 6 of the GDPR:
1 - PROCESSING NOT REQUIRED BY CONSENT
1. Activities specifically designed to respond to requests for information related to the goods and/or services that are the typical subject of our company's business, sent by the data subject either by email or by completing a specific form. The legal basis for the aforementioned purpose is the implementation of pre-contractual measures adopted at the data subject's request.
2. Activities related to the performance of any contract to which you become a party if, where applicable, a supply agreement is reached, including through remote information exchange (examples of activities include: obtaining information prior to entering into a contract, managing correspondence, registering on the website to identify the other party and speed up online purchasing, etc.). The legal basis for the aforementioned purpose is identified in the contract and pre-contractual measures;
3. Activities related to the preparation and maintenance of accounting records, the issuance of mandatory documents, and other activities carried out in compliance with mandatory regulations or orders from the Authorities. The legal basis is identified in the legal obligation;
4. Activities that, although related to the establishment of the contractual relationship, are functional to the data controller's direct needs to ensure optimal management of customer relations. Such activities can be identified, for example:
* in the internal organization of data management activities (including through CRM systems: customer relationship management; telephone directories; internal company communications; etc.) functional to the optimal management of product and/or service supplies;
* in the management of credit lines and risk control (insolvency, fraud, etc.);
* in the management of disputes and the possible assignment of receivables;
* in the management of financial and insurance services instrumental to the management of supplies and the management of electronic payment instruments;
* in the processing of data for statistical purposes.
The legal basis for the aforementioned purposes is the legitimate interest of the data controller.
2 - PROCESSING SUBJECT TO CONSENT
* activities related to the sending of commercial information (including in the form of newsletters) - via email, post, and other communication systems - advertising, informational, and promotional material relating to products and/or services offered by our company. The legal basis is the data subject's consent (Article 6.1, letter a, GDPR);
* any other cases...
We do not carry out processing using automated decision-making processes or profiling.
With reference to the specific data processing related to the use of cookies, it is noted that suitable access to the information (and the consequent right to limit them) was offered via a specific banner that appeared upon first contact with this site.
* Data retention period
Personal data processed for the purposes referred to in point 1, letter a) are retained for a period of time compatible with the establishment of an efficient exchange of requests/information, as a matter of practice(subject to different periods required by the nature of the information requested) no longer than 12 months from the last communication.
The data processed for the purposes referred to in point 1, letters b), c), and d) are retained until the end of the contractual relationship and even thereafter, taking into account the mandatory accounting period and the statute of limitations for any claims arising from existing business relationships as provided by law. In the event of a dispute, the retention period will be extended for the duration of such dispute and for 10 years following its final resolution (e.g., settlement agreement or final judgment).
The retention of data processed for the purposes referred to in point 2, in light of the purposes for which they were collected, will cease after 2 years and, in any case, upon simple request of the data subject.
* Consent and optional/mandatory nature of provision.
As already highlighted above, the processing of data for the purposes identified in point 1 above does not require the data subject's consent. Providing your data is mandatory and essential for the performance of the services requested by the interested party, as well as for the related legal obligations. Any refusal to provide some of this data will make it impossible to process requests received and/or to continue the relationship.
Consent is required for the processing of the data specified in point 2 (sending commercial information, including in the form of a newsletter). To this end, you will be asked to express your consent to such processing by ticking the appropriate box in the section dedicated to sending communications/subscriptions. Please note that for the aforementioned purposes, providing the data and the required consent are optional and do not affect the ability to receive information upon request or any subsequent contractual services.
* Categories of data recipients
The data collected via the website for the sole purpose of responding to requests for information will not be disclosed to third parties or disseminated, nor will data processed for sending commercial information, including in the form of a newsletter.
Your personal data may be disclosed to third parties for technical and operational needs strictly related to the other purposes indicated in point 1, and in particular to the following categories of parties:
* Entities, professionals, companies, or other entities that perform processing related to the fulfillment of administrative, accounting, insurance, and management obligations related to the ordinary performance of our business, including for debt collection purposes;
* Companies specialized in third-party transportation and logistics management, whose role is in any case instrumental in delivering the goods covered by the contract between the data controller and the data subject;
* Public authorities and administrations for purposes related to the fulfillment of legal obligations or to persons authorized to access them pursuant to provisions of law, regulations, and EU legislation;
* * banks, financial institutions, or other entities to whom the transfer of the aforementioned data is necessary for the performance of our company's business in relation to our fulfillment of the contractual obligations undertaken towards you;
* providers of installation, assistance, and maintenance services for IT and telematic systems and systems, and all related services necessary for the performance of the contractual obligations.
These entities will operate as independent Data Controllers or will be designated as Data Processors.
Within our corporate organization, other individuals (typically employees) may also operate who, by virtue of our designation/authorization, will also process your personal data. These individuals, upon their designation, are committed to confidentiality and, as is the case with any designated "Data Processors," have also received operating instructions to ensure confidentiality and security in the processing of your data.
* Data Transfers
Personal data will not be transferred to countries outside the European Union (but please note that transport is carried out using logistics based outside the EU). If the data controller decides to transfer your personal data outside the European Union in the future, it will provide adequate notice and ensure compliance with the conditions set forth in Chapter V of the GDPR.

* Processing Methods
Personal data will be processed electronically, in compliance with data security and confidentiality precautions.
Regarding newsletters, this will be done using automated methods to simultaneously send them to all subscribers, by masking the email addresses of third-party recipients (so-called Blind Carbon Copy).
In any case, technical, IT, organizational, logistical, and procedural security measures are implemented to prevent the loss, illicit, or inappropriate use of data, and unauthorized access.

WINE'N MORE DI FILIPPO BEVILACQUA & C. S.A.S., in carrying out its business as required by its bylaws, will organize tasting events at appropriately organized and authorized facilities. During these events, some photos and/or videos will be taken for the sole purpose of promoting future events. By registering, participants authorize the organizing company to use their images, photos and videos free of charge and without time limits, pursuant to Articles 10 and 320 of the Italian Civil Code and Articles 96 and 97 of Law No. 633 of April 22, 1941, on Copyright, and to publish and/or disseminate them in any form on the organizing company's website and social media, in print, and/or on any other means of dissemination. Participants also authorize the storage of the photos and videos in the organizing company's electronic archives. They acknowledge that the purposes of such publications are strictly related to the institutional, promotional, educational, and advertising purposes of the company itself, in compliance with the principles of personal data protection established by Regulation (EU) 2016/679, in contexts that do not compromise personal dignity and decorum.

• Rights of the data subject and complaints to the Data Protection Authority
  Any data subject may exercise the following rights at any time:
  * Right to access your personal data: you may contact us to find out if your personal data is being processed and, if so, you have the right to obtain a copy and information regarding the source of the data, the categories of personal data processed, the recipients of the data, the purposes of the processing, the existence of an automated decision-making process, including profiling, the data retention period, or the criteria used to determine it.
  * Right to rectification: obtain the correction of your inaccurate personal data or the completion of incomplete data;
  * Right to erasure/right to be forgotten: obtain the erasure of your personal data, in the cases provided for by law;
  * Right to restriction of processing: obtain, in the cases provided for by law (in summary: challenges to the accuracy of the data; unlawful processing with opposition by the data subject to erasure, the need for the data subject to exercise a right in court; objection by the data subject during the verification period for the controller's legitimate grounds to prevail over yours), restriction of the processing of your personal data;
  * Right to data portability: in the cases provided for by law (processing carried out by automated means and based on consent or a contract), the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us;
  * Right to object: the right to cease further processing of your personal data for reasons relating to your particular situation, unless our compelling legitimate grounds prevail, in the cases provided for by law;
  * Right to withdraw consent: the right to withdraw consent at any time for cases in which processing is based on consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  To exercise the aforementioned rights, you can refer to the Data Controller's contact details provided in this policy and, if you wish, follow the downloadable form from the Italian Data Protection Authority's website at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924. We also inform you of your right to lodge a complaint with the competent Italian Data Protection Authority. You can also follow the downloadable form from the Italian Data Protection Authority's website at the following link: https://www.garanteprivacy.it/en/home/docweb/-/docweb-display/docweb/9041356.
• Please note that pursuant to Article 77.1 of the GDPR, the data subject may lodge a complaint with the competent authority in the place where the data subject habitually resides, works, or where the alleged violation occurred.
  * Data Controller
  WINE'N MORE DI FILIPPO BEVILACQUA & C. S.A.S., registered office CREAZZO (VI) VIA VALSCURA 54/B CAP 36051, Fiscal Code and VAT No. 04417120245 (hereinafter referred to as Wine 'n more)
  Email: info@bevilacqua.wine
  Telephone: +39 351 7102677