Dear user, pursuant to art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”), we inform you that the processing of the data you provide will be carried out with methods and procedures aimed at ensuring that the processing of personal data is carried out in compliance with the fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality and security, personal identity and the right to personal data protection.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 GDPR).
This policy describes how to manage the website www.champagnerialucca.it with reference to the processing the personal data of users who consult it. This information does not concern other websites that may be reached via our links, for which Shaner Ciocco srl is in no way responsible.
DATA SUBJECT TO THE PROCESSING
The data processed by Shaner Ciocco srl refer to:
- personal data (e.g. name, surname);
- contact details (e.g. e-mail, telephone);
- address data (e.g. address, postal code, city).
LEGAL BASIS FOR THE PROCESSING AND DATA ORIGIN
The legal basis for this processing is your explicit consent and unambiguous consent (pursuant to Article 6.1, lett. A) of the GDPR).
The personal data held by the Data Controller are collected directly from the data subject and only eventually can come from third parties, registers or public lists.
PURPOSE OF THE PROCESSING
The personal data and any changes that you will communicate in the future to Shaner Ciocco srl are collected and processed for the following and sole purposes:
- How to book online;
- Any accounting purposes;
- Contact and customer care;
The processing is restricted to the following operations and methods:
- Collection of data from the data subject, by filling in online forms;
- Registration and processing on computerized support;
- Organization of archives in a mainly automated form, through company applications and computerized personal data;
- Dissemination of your data to third parties Partner of the Data Controller.
The processing of data will take place using suitable tools to guarantee confidentiality, integrity and availability, in compliance with adequate technical and organizational security measures provided for by the GDPR.
The processing is carried out on paper and through information and/or automated systems and will include all the operations or set of operations provided for in art. 4 of the GDPR and necessary for the processing concerned, including communication to the subjects in charge of the processing itself.
The concerned data will not be disclosed, but they will be or may be communicated to subjects, public or private, who operate within the scope of the purposes described above.
The Data Controller will process your personal data for the time necessary to fulfill the aforementioned purposes, in particular, within the ten-year period of ordinary prescription.
ACCESS TO PROCESSING
Data will be made accessible, for the purposes referred to in point n. 3:
– To employees / collaborators in their capacity as authorized to process, subject to appropriate appointment;
– To third parties who carry out outsourced activities on behalf of the Data Controller.
DISCLOSURE OF DATA
Your data will not be disclosed to unauthorized third parties.
Your data will not be disclosed in any way. To this end, the processing is carried out with the use of appropriate security measures to prevent unauthorized access to the data by third parties and to guarantee its confidentiality.
The management and storage of personal data will take place on servers, located within the European Union, of the Data Controller and/or third-party companies duly appointed as Data Processors.
The data will not be transferred outside the European Union.
NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF REFUSAL TO RESPOND
The provision of data is necessary for the provision of our services; without it, we will not be able to provide you with the features of our online platform.
RIGHTS OF THE DATA SUBJECT
According to the provisions of the GDPR, the data subject has the following rights in respect of the Data Controller:
- obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, obtain access to personal data (Right of access art. 15);
- obtain the rectification of inaccurate personal data concerning him or her without undue delay (Right of Rectification art. 16);
- obtain the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay, where certain grounds apply (Right to be forgotten art. 17);
- obtain restriction of processing in certain cases (Right to restriction of processing art. 18);
- receive the personal data concerning him or her which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and has the right to transmit such data to another controller, without hindrance from the Data Controller to which the personal data have been provided, in certain cases (Right to data portability art. 20);
- object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her (Right to object article 21);
- receive communication from the Data Controller of a personal data breach without undue delay (Art. 34);
- withdraw his or her explicit consent at any time (Conditions for consent art. 7).
Where applicable, the data subject has also the right to lodge a complain with the Data Protection Authority.
HOW TO EXERCISE THE RIGHT
Sending an e-mail to the dedicated address of the Data Controller: email@example.com
The Data Controller is: Shaner Ciocco S.r.l.
A list of data processors and persons authorized to processing data can be consulted at the headquarters of the aforementioned Data Controller.
UPDATING OF THIS POLICY
This Policy is subject to change. Any substantial changes will be communicated to the interested parties by notice or publication on the company website.