Login

Language

Cart

Your cart is empty

Privacy policy

PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Preamble

This information has been prepared in accordance with the provisions of EU Regulation No. 2016/679 (GDPR) and Legislative Decree 196/2003 and its amendments and additions (Privacy Code). GDPR and the Privacy Code establish rules regarding the protection of natural persons with regard to the processing of personal data, as well as rules regarding the free movement of such data. In order to protect the rights and fundamental freedoms of natural persons, the Privacy regulations require Data Controllers to provide the data subjects with information regarding the processing of personal data collected online and offline through various channels.

*****

1) Data Controller.

The Data Controller is Società Agricola Poderi Tesio s.s., with registered office at Via Verdi 4, 14049 Nizza Monferrato (AT), Italy, registered with the Asti Chamber of Commerce, VAT number: 01693930057; email: info@poderitesio.it.

Website to which this Privacy Policy refers: https://poderitesio.it/ (Site).

With this document, the Data Controller intends to inform you about the procedures adopted in the collection, processing, and storage of the Personal Data you provide on the Site.

2) Processed Personal Data.

The Data Controller informs you that, for the purposes of this information, "Personal Data" means any information concerning your person, suitable to identify you directly and/or indirectly, such as:

  • Personal data: name, surname, date of birth;
  • Contact details: address, phone number, e-mail.
  • Payment data: credit card number, cardholder;
  • Purchase data: information related to your purchases, such as dates and amounts of such purchases;
  • Demographic data and interests: geographical origin, preferences regarding purchases and/or events proposed by the Controller;
  • Data on the use of the Site (poderitesio.it), including information collected through cookies, whose information can be viewed at the following link (Cookie policy);
  • Profiling data: in case of your specific consent, your Data will be processed to assess personal aspects that concern you, in particular to analyze or predict aspects concerning your personal preferences, interests, behavior, to offer products or services in line with your preferences.

The Data Controller will not process "special data". "Special data" are those that can reveal racial and ethnic origin, religious, philosophical, or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, health status and sexual life.

Your Data will be collected and processed through registration on the e-commerce site of Società Agricola Poderi Tesio s.s., your online purchases, subscription to the newsletter, requests for assistance and/or information sent to the contacts of the Data Controller.

The processing of your Personal Data will be mainly carried out with the aid of electronic or otherwise automated means, according to the methods and with the tools suitable to ensure the security and confidentiality of Personal Data. The acquired information and processing methods will be relevant and not excessive in relation to the type of services rendered. Your Data will also be managed and protected in secure IT environments appropriate to the circumstances.

Technical Cookies are installed on the Site for the proper functioning of the Site and anonymized Google Analytics Cookies. Please view the related Cookie policy.

3) Purpose of Processing and Legal Basis.

Your Data, as described above, will be processed by the Data Controller for the following purposes:

a) To fulfill purchase orders and execute contractual agreements.

In order to fulfill purchase orders through e-commerce, manage payments, ensure proper fulfillment of legal obligations (e.g., tax obligations), respond to information requests related to purchased products and/or reports, provide assistance, your personal data, contact data, payment data, and purchase data will be processed.

 The processing of Data is necessary to meet pre-contractual needs, conclude and execute the contract. The provision of Data is mandatory, and failure to provide such data will make it impossible to fulfill your purchase order and respond to your assistance requests. Limited to the email address you provided during the purchase through the Site, the Data Controller may use your Data to allow direct offers of similar products and services (so-called soft spamming), provided that you do not object to such processing.

 The Data Controller may send e-mails to remind you to complete a purchase on the Site and other communications (e.g., tracking and order information) through tools such as SMS and/or WhatsApp.

b) Registration on the E-commerce Site.

To register on the e-commerce Site, access the reserved area of the Site, and use the online services offered by the Data Controller, your personal data, contact data, payment data, and/or purchase data will be processed. The processing of Data is necessary to meet pre-contractual needs and/or execute the contract. Providing Data is optional. Failure to provide such data will make it impossible to register on the Site and use the offered online services.

c) Responding to Requests Sent to the Data Controller's Contacts.

Your contact data may be processed to respond to requests sent to the Data Controller's contacts listed on the Site. The processing of Data is necessary to meet pre-contractual needs and/or respond to your requests. Providing Data is optional, and failure to provide such data will make it impossible to respond to your request.

d) Profiling Activities.

The personal data described in point 2) may be used – with your consent – for profiling activities, such as data processing to examine your purchasing habits, preferences, purchased goods, purchase frequency, reference geographic area, etc., to create profiles (individual and/or aggregated) and possibly propose personalized commercial communications if consent is given for the purposes described in the next point.

 Providing Data for this purpose is optional. The basis for this processing is the data subject's consent; it can be revoked at any time as described in point 7 (Rights of the Data Subject). Processing carried out before the revocation is considered lawful. Lack of consent for this purpose does not affect contractual relationships.

e) Sending Advertising Material – Newsletter (Generic Marketing).

Your contact data may be used – with your consent – to send advertising material (commercial information, promotions, event invitations, etc.) and/or newsletters related to products/services of the Data Controller or third parties via email, SMS, messaging tools like WhatsApp, or traditional contact methods such as phone calls or postal mail. Providing Data for this purpose is optional. The basis for this processing is the data subject's consent; it can be revoked at any time as described in point 7 (Rights of the Data Subject). Processing carried out before the revocation is considered lawful.

Lack of consent for this purpose does not affect any contractual relationships between the parties but will result in the inability to receive advertising material related to the Data Controller's and/or third-party products/services and the inability for the Data Controller to conduct market surveys, including those aimed at assessing user satisfaction, and to send newsletters.

f) Aggregate Analysis.

Your Data may be used in aggregate form to improve the Company's services and for internal statistics. The basis for this processing is the pursuit of a legitimate interest of the Data Controller to improve its services. No additional data will be requested for this purpose. The Data Controller will use Data already collected for other purposes considered compatible with this one.

g) Responding to Requests from Competent Authorities, Complying with Legally Binding Requests.

Your Data may be processed to respond to requests from competent authorities and comply with legally binding requests. The basis for this processing is the need to fulfill a legal obligation. The Data Controller will use Data already collected for the pursuit of other purposes if considered compatible with this one.

h) Protection of Rights.

Your Data may be processed to protect your rights or those of the Data Controller or to take legal action. The basis for this processing is the pursuit of a legitimate interest of the Data Controller to protect its rights. No additional data will be requested for this purpose. The Data Controller will use Data already collected for other purposes considered compatible with this one.

4) Data Communication.

Your Personal Data will be processed by the Data Controller for the purposes described above through subjects (employees and/or collaborators) who have access to your Data to fulfill their work duties. These subjects have been specifically authorized with a letter of assignment. In the exercise of its activities, the Data Controller makes use of external subjects and/or categories of subjects, who process the data as data processors, in this case, regularly appointed by the Data Controller. Therefore, your Personal Data may be communicated, for example but not limited to, the following categories:  external consultants and suppliers, banks and credit institutions, insurance companies, carriers, post offices, couriers, web platform managers, subjects providing services for the management of the IT system and telecommunications networks, professional firms, public administrations, police forces, judicial offices, if the communication is necessary or functional to the correct functioning of the Site, the provision of products and/or the delivery of services offered, the correct fulfillment of legal obligations, and/or within the framework of assistance and consultancy relationships.

In no case will your Data be transferred to third parties.

The list of data processors can be requested from the Data Controller according to the methods provided in point 7 (Data Subject's Rights).

5) Data Transfer to third countries.

The Data Controller is based in a country that has an adequate level of security from a regulatory perspective. The management and storage of your Data take place on servers located in the European Union. To ensure the correct operation of the Site, where necessary, your personal data may be transferred abroad.

If the transfer of your personal data takes place in a non-EU country for which the European Commission has expressed an adequacy decision, the transfer is considered safe from a regulatory perspective. This article will indicate from time to time the countries to which your personal data may be transferred and where the European Commission has expressed an adequacy decision. In particular, your payment data may be transferred to the United States, under the conditions provided for by the Adequacy Decision of 10 July 2023 and its amendments, pursuant to Article 45 GDPR. 

Notwithstanding the above paragraph, your Data may also be transferred to non-EU countries for which the European Commission has not expressed an adequacy decision. You are therefore invited to regularly check this article to ascertain which of these countries your Data may be transferred to.

 If such transfer is necessary to provide services and/or execute the contract for the purchase of products, the Data Controller will ensure that such personal data is processed in accordance with this Privacy Policy.

In the absence of local privacy laws that ensure adequate protection of personal data, the Data Controller will enter into agreements that ensure an adequate level of data protection. In that case, the transfer of data outside the EU will be carried out in compliance with applicable legal provisions, stipulating, if necessary, agreements that ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

6) Data Retention Period.

Please note that, pursuant to Article 5 of the GDPR, in compliance with the principles of lawfulness, purpose limitation, data minimization, and storage limitation, the Data collected for the purposes listed in points a), b), c), f), g), h) will be processed according to law and for the time necessary to carry out the activities related to the aforementioned purposes, and subsequently stored for the necessary time imposed by legal obligations.

For the purposes listed in point d) (profiling), the Data will be processed with your consent and will be stored for a maximum period of 12 months.

For the purposes listed in point e) (generic marketing), the Data will be processed with your consent and will be stored for a maximum period of 24 months.

Consent can be revoked at any time, and the processing carried out before its revocation is considered lawful.

7) Security Measures.

Personal Data is collected electronically, recorded in digital format, using organizational and technical security measures designed to ensure confidentiality and avoid the risk of loss or destruction, unauthorized access, unauthorized processing, or processing that does not comply with the purposes described above.

8) Minors.

This Site is not intended for use by minors, and Personal Data of minors are not knowingly collected or processed. In accordance with applicable laws, the parental responsibility holder must provide consent for the collection of the minor's Personal Data. If minors' data are inadvertently processed, the Data Controller will promptly delete them upon written request from the parental responsibility holder.

9) Rights of the Data Subject.

As a Data Subject, with regard to the processing of your Data, you can exercise the following rights with the Data Controller:

  • Obtain confirmation of the existence or non-existence of personal data processing concerning you; obtain access to your Data with a request for the release of a copy of the Data being processed in a structured format;
  • Obtain the rectification and/or integration and/or modification of your Data if they are outdated and/or inaccurate and/or incomplete;
  • Obtain the deletion of your Data where the processing is unnecessary or otherwise unlawful; • Obtain the limitation of the processing of your personal Data, meaning that such Data are not subject to further processing and can no longer be modified;
  • Exercise the right to data portability, obtaining a copy of your personal Data, in a structured, commonly used, and machine-readable format, as well as obtaining the transmission of such Data to another specifically identified data controller;
  • Object to the processing of personal Data which concern your person;
  • Withdraw your consent at any time, if the processing of Data is based on the data subject's consent;
  • Lodge a complaint with the competent authority. The above rights can be exercised by sending a request to the address of the registered office or by writing to the following e-mail address info@poderitesio.it.

10) Automated Decision-Making Process.

The Data Controller informs you that, for the purposes of processing your Personal Data, it does not use automated decision-making processes, i.e., processes aimed at making decisions solely based on technological means according to predetermined criteria (i.e., without human involvement).

11) Changes to the Privacy Policy.

The Data Controller reserves the right to modify and update this information at any time. Any updates will be published on this page of the Site. In case of substantial changes to this Privacy Policy, the Data Controller may also communicate them via email.

Version 12/2024

 

STAY UPDATED!

Sign up to our newsletter to stay up to date with our latest news, exclusive offers and special events

Sign up now

Safe shipping

With express delivery in Italy

Free delivery

For orders starting from €90

Curiosity about our wines?

Contact us!

Subscribe to the newsletter

To get discounts and promotions