Legal basis of the processing
This site processes data based on consent. The provision of data and therefore the consent to the collection and processing of data is optional, the User can deny consent, and may revoke at any time a consent already provided. However, denying consent may make it impossible to provide certain services and the browsing experience on the site may be compromised. Starting from 25 May 2018 (date of entry into force of the GDPR), this site will process some of the data based on the legitimate interests of the data controller.
Data collected and purposes
Like all websites, this site also makes use of log files in which information collected in an automated manner is kept during user visits. The information collected could be the following:
- internet protocol (IP) address;
- type of browser and device parameters used to connect to the site;
- name of the Internet service provider (ISP);
- date and time of visit;
- web page of origin of the visitor (referral) and exit;
- possibly the number of clicks.
The above information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site, and for security reasons (from 25 May 2018 such information will be treated according to the legitimate interests of the owner). For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, but only for the purposes of protection of the site and its users (from 25 May 2018 such information will be treated according to the legitimate interests of the owner).
The data received will be used exclusively for:
- provision of the E-Commerce service including shipping services through third parties.
- for possible dispatch on request of the Monterinaldi newsletter
The data collected by the site during its operation are used exclusively for the purposes indicated and kept for the time necessary to carry out the specified activities or if necessary up to the request for cancellation of any account registered on the site itself. In any case, the data collected from the site will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided by law.
The data controller in accordance with the laws in force is Società Agricola Monterinaldi, Radda in Chianti, Siena, Italy Place and responsible for processing The data collected by the site are processed at the Register SpA datacenter, Viale della Giovine Italia 17 - 50122 Firenze - Italy, which is responsible for processing the data, processing the data on behalf of the holder.
- session (which are deleted when the browser is closed)
- persistent (which are eliminated after a certain fixed period)
- first-party (which are readable only by the domain you are visiting)
- third-parties (which are created and subject to domains external to the one you are visiting)
Social Network Plugin
This site processes the data of users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, may have access to the data categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies).
Pursuant to European Regulation 679/2016 (GDPR) and national regulations, the User can, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him (right of access);
- to know its origin;
- receive intelligible communication;
- to have information about the logic, methods and purposes of the processing;
- request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- in cases of treatment based on consent, receive only the cost of any support, its data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
- the right to file a complaint with the Supervisory Authority (Garante Privacy);
- as well as, more generally, exercise all the rights that are recognized by the current provisions of the law.
Requests should be addressed to the Data Controller. In the event that the data are processed on the basis of legitimate interests, the rights of data subjects are guaranteed (with the exception of the right to portability that is not provided for by the regulations), in particular the right to oppose the treatment that can be exercised by sending a request to the data controller.