Privacy Policy

Privacy Policy ITA

Through this privacy policy, drafted in accordance with Article 13 Regulation (EU) 679/2016 (hereinafter also only "General Data Protection Regulation" or "GDPR") and in compliance with the principles contained therein, Excantia S.r.l. intends to inform each user (hereinafter also only "User") of the processing of personal data collected through the site of its ownership www.thewinesider.com.

  1. Data controller

The Data Controller is Excantia S.r.l. (hereinafter also just "DataController"), VAT No. 11108030013, with registered office in Corso Castelfidardo No. 30 A, 10129 - Turin.

Contact address: [email protected]

 

  1. Purpose of processing, type of personal data, legal basis and data retention period

 

Purpose

Personal Data

Legal Basis

Retention period

1

Provide information and/or send the catalog upon user request, following completion of data collection forms on the Site

- Biographical information (first and last name of the data subject of the data subject)

- Contact details (email address)

- Phone Number

- Region and city of affiliation

Execution of pre-contractual measures [Art. 6(1)(b) GDPR]

For the period required for the response

2

Account creation and management

- Biographical information (first and last name of the data subject of the data subject)

- Contact details (email address; Tax code of the person concerned, telephone number)

Execution of pre-contractual measures [Art. 6(1)(b) GDPR]

Until the account is deleted, but no later than 24 months from the date of last contact

3

Managing the purchase and shipment of products

- Biographical information (first and last name of the data subject of the 'data subject)

- Contact and shipping details (shipping address, email address, phone number)

- Billing details

Performance of a contract [Art. 6(1)(b) GDPR]

10 YEARS

4

Contact and customer care

- Biographical information (first and last name of the data subject of the data subject)

- Contact details (email address, phone number)

Execution of pre-contractual and/or contractual measures [Art. 6(1)(b) GDPR]

For the period required for the response

5

Sending newsletters and mailing lists

- Biographical information (first and last name of the data subject of the data subject)

- Contact details (email address, phone number)

Consent [Art. 6, 1(4) GDPR]

Until consent is revoked, but no later than 24 months from the date of last contact

6

Sending promotional communications for marketing purposes of the Data Controller, for sending advertising material or direct sales, the performance of market researchor commercial communication by automated (electronic mail, sms, mms, or other) and traditional (paper mail, telephone calls with operator) contact methods

- Biographical information (first and last name of the data subject of the data subject)

- Contact details (email address and phone number)

Consent [Art. 6, 1(4) GDPR]

Until consent is revoked, but no later than 24 months after registration for marketing purposes

 

7

Profiling aimed at analyzing the User's consumption habits in order to target commercial proposals of interest, in the manner set forth in Section 6 above

- Biographical information (first and last name of the person concerned, telephone number)

- Contact details (email address)

Consent [Art. 6, 1(4) GDPR]

Until consent is revoked, but no later than 12 months after registration for profiling purposes

8

Fulfillment of legal obligations, including tax obligations.

- Biographical information (first and last name of the data subject of the data subject)

- Contact details (email address)

- Contract data

Legal obligation [Art. 6(1)(c) GDPR]

According to the applicable regulations

9

Prevention of fraudulent activities and exercise of Holder's rights in court

- Biographical information (first and last name of the person concerned)

- Contact details (email address)

- Contract data

Legal obligation [Art. 6(1)(c) GDPR]

10 years

10

Statistical analysis and reporting activities, put in place by the Data Controller in order to create reports and statistics inherent to Excantia's business activities, to evaluate, analyze and improve its products and services.

- Biographical information (first and last name of the person concerned)

- Contact details (email address)

- Navigation data

Legitimate interest of the Data Controller

(Art. 6, 1(f) GDPR)

Up to two years from the date of termination of the contractual relationship

The User may seek clarification of the legal basis of each processing at any time.

  1. Provision of data and consequences of refusal

The provision of data for the purposes referred to in paragraph 2, points 1,2,3,4, 8, 9 (Purpose of providing information and the catalog, creation and management of account, management of the purchase and shipment of products, contact and customer care, fulfillment of legal obligations, prevention of fraudulent activities) is necessary, as it is an essential requirement for the satisfaction of user requests and/or for the conclusion of the contract for the fulfillment of legal obligations. Your refusal or the provision of inaccurate and/or incomplete information may prevent us from carrying out the activities, stated therein. The processing of personal data for these purposes does not require your consent, according to Article 6, 1 letter b) and c) of the GDPR.

The provision of data for the purposes referred to in paragraph 2, points 5,6,7 (Purposes of sending newsletters, marketing, profiling) is optional, the Owner will provide the pursuit of the purposes only if expressly and specifically authorized by the user to the processing of the data provided for each individual purpose. Any refusal or the provision of inaccurate and/or incomplete information may prevent the performance of the activities, indicated therein, but will not prevent the execution of the Contract.

The processing of personal data for these purposes requires the informed consent of the data subject expressed individually for each of the stated purposes in accordance with Article 6(a) of the GDPR and in accordance with Italian harmonizing legislation.

In any case, the data subject may revoke the consent given at any time without affecting the lawfulness of the processing based on the consent given before revocation in the manner described in paragraph 5 below.

By virtue of the assessments made regarding the balance of interest between the Data Controller and the data subject, the processing of data for the purposes set out in paragraph 2 point 10 (Purpose statistical analysis and reporting activities) is based, pursuant to Article 6(1)(f) of the GDPR, on the legitimate interest of the Data Controller.

You may in any case object under Art. 21 para. 1 of the GDPR to the processing of your personal data for the purposes e. to i. by contacting the Data Controller at any time at the contact details given in paragraph 5 below.

  1. Mode of treatment

The data will be processed using computer and telematic tools, with logic strictly related to the purposes highlighted above and, in any case, by individuals authorized to perform these tasks, suitably aware of the constraints imposed by the GDPR, equipped with security measures to ensure the confidentiality of personal data and to prevent undue access to third parties or unauthorized personnel.

In particular, the data may be communicated, to the extent strictly necessary for the purposes pursued, to professionals and companies that may be entrusted with specific processing, to firms of accountants and consultants in charge of bookkeeping, to banks, to associated companies, to third party suppliers such as, by way of example, the companies that provide the management, maintenance and hosting of the Site, or companies that provide the management of the newsletter service, specifically appointed as data processors pursuant to the provisions of Article 28 of the GDPR. These providers, if operating in Non-EU countries, offer their services on the basis of standard contractual clauses or on the basis of adequacy decisions of the European Commission. These parties come into possession only of the personal data necessary for the performance of their functions and may use it only for the purpose of performing such services on behalf of the Data Controller or to comply with legal requirements. The data may also be communicated to police bodies, judicial authorities, and to subjects who can access them by virtue of legal provisions or secondary or EU regulations.

The Data Controller undertakes to carry out data processing in compliance with the provisions of the GDPR, as well as current national privacy legislation as well as to process data lawfully and fairly, collecting and recording the same for specific, explicit and legitimate purposes, taking care to verify that the same are relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed.

  1. Rights of the data subject

The User may exercise all rights under Articles 15-21 of the GDPR at any time and without unjustified restriction by contacting the Controller at . Requests are filed free of charge and processed by the Holder within 30 days.

In particular, the User may:

  • Obtain confirmation that processing is taking place (Article 15 of the GDPR);
  • Obtain rectification of inaccurate or incomplete data (Art. 16 of the GDPR);
  • Obtain the deletion of data without undue delay (Article 17 of the GDPR);
  • Restrict processing to only part of the personal data (Art. 18 of the GDPR);
  • Receive copies of personal data held by the Data Controller in a commonly used, machine-readable format; obtain unimpeded transfer to another Data Controller (Art. 20 GDPR);
  • object at any time to the processing of personal data (Article 21 of the GDPR);
  • with respect to the purposes of processing that are based on consent, withdraw it at any time (Art. 7 of the GDPR).
  1. Complaints

The User may, at any time, lodge a complaint with the competent Authority (Data Protection Authority), pursuant to Article 77 of the GDPR, if he/she believes that the Controller processes his/her personal data in violation of the applicable legislation.

  1. Changes

The Owner reserves the right to modify and update the following Privacy Policy as a result of any new national or European Union data protection law provisions.

Last modified:07/28/2022

Privacy Policy EN

Through this privacy policy, drafted in accordance with Article 13 Regulation (EU) 679/2016 (hereinafter also only "General Data Protection Regulation" or "GDPR") and in compliance with the principles contained therein, Excantia S.r.l. intends to inform each user (hereinafter also only "User") of the processing of personal data collected through the site of its ownership www.thewinesider.com.

1. Data Controller
The Data Controller is Excantia S.r.l. (hereinafter also only "Data Controller"), VAT No. 11108030013, with registered office in Corso Castelfidardo No. 30 A, 10129 - Turin.
Contact address: [email protected]

2. Purposes of processing, types of personal data, legal basis and data retention period

 

Purpose

Personal Data

Legal Basis

Retention period

1

Provide information and/or send the catalog upon user request, following completion of data collection forms on the Site

- Biographical information (first and last name of the data subject)
- Contact details (email address)
- Phone number
- Region and city of affiliation

Execution of pre-contractual measures [Art. 6(1)(b) GDPR]

For the period required for the response

2

For the period required for the response

- Biographical information (first and last name of the data subject)
- Contact details (email address; Tax code of the data subject, telephone number)

Execution of pre-contractual measures [Art. 6(1)(b) GDPR]

Until the account is deleted, but no later than 24 months from the date of last contact

3

Management of product purchasing and shipping

- Biographical information (first and last name of the data subject)
- Contact and shipping details (shipping address, email address, phone number)
- Billing details

Performance of a contract [Art. 6(1)(b) GDPR]

10 years

4

Contact and customer care

- Biographical information (first and last name of the data subject)
- Contact details (email address, phone number)

Execution of pre-contractual and/or contractual measures [Art. 6(1)(b) GDPR]

For the period required for the response

5

Sending newsletters and mailing lists

- Biographical information (first and last name of the data subject)
- Contact details (email address, phone number)

Consent [Art. 6, 1(4) GDPR]

Until consent is revoked, but no later than 24 months from the date of last contact

6

Sending promotional communications for marketing purposes of the Data Controller, for sending advertising material or direct sales, the performance of market researchor commercial communication by automated (electronic mail, sms, mms, or other) and traditional (paper mail, telephone calls with operator) contact methods - Biographical information (first and last name of the data subject)
- Contact details (email address and phone number)

Consent [Art. 6, 1(4) GDPR]

Until consent is revoked, but no later than 24 months after registration for marketing purposes

 

7

Profiling aimed at analyzing the User's consumption habits in order to target commercial proposals of interest, in the manner set forth in Section 6 above

- Biographical information (first and last name of the person concerned, phone number)

- Contact details (email address)

Consent [Art. 6, 1(4) GDPR]

Until consent is revoked, but no later than 12 months after registration for profiling purposes

8

Fulfillment of legal obligations, including tax obligations.

- Biographical information (first and last name of the person concerned)

- Contact details (email address)

- Contractual data

Legal obligation [Art. 6, 1(c) GDPR]

According to the applicable regulations

9

Prevention of fraudulent activities and exercise of Holder's rights in court

- Biographical information (first and last name of the person concerned)

- Contact details (email address)

- Contractual data

Legal obligation [Art. 6, 1(c) GDPR]

10 years

10

Statistical analysis and reporting activities, put in place by the Data Controller in order to create reports and statistics inherent to Excantia's business activities, to evaluate, analyze and improve its products and services.

- Biographical information (first and last name of the person concerned)

- Contact details (email address)

- Browsing data

Legitimate interest of the Data Controller

(Art. 6, 1(f) GDPR)

Up to two years from the date of termination of the contractual relationship

 

The User may ask for clarification of the legal basis of each processing at any time.

3. Provision of data and consequences of refusal
The provision of data for the purposes referred to in paragraph 2, points 1,2,3,4, 8, 9 (Purpose of providing information and the catalog, creation and management of account, management of the purchase and shipment of products, contact and customer care, fulfillment of legal obligations, prevention of fraudulent activities) is necessary, as it is an essential requirement for the satisfaction of user requests and/or for the conclusion of the contract for the fulfillment of legal obligations. Your refusal or the provision of inaccurate and/or incomplete information may prevent us from carrying out the activities, stated therein. The processing of personal data for these purposes does not require your consent, pursuant to Article 6, 1 letter b) and c) of the GDPR.
The provision of data for the purposes referred to in paragraph 2, points 5,6,7 (Purposes of sending newsletters, marketing, profiling) is optional, the Data Controller will only pursue the purposes if expressly and specifically authorized by you to process the data provided for each individual purpose. Any refusal or the provision of inaccurate and/or incomplete information may prevent the performance of the activities, indicated therein, but will not prevent the execution of the Contract.
The processing of personal data for these purposes requires the informed consent of the data subject expressed individually for each of the purposes indicated in accordance with Article 6, letter a, of the GDPR and in accordance with the Italian harmonizing legislation.
In any case, the data subject may revoke the consent expressed at any time without affecting the lawfulness of the processing based on the consent given before revocation in the manner described in paragraph 5 below.
By virtue of the assessments made regarding the balance of interest between the Data Controller and the data subject, the processing of data for the purposes set out in paragraph 2 point 10 (Purpose statistical analysis and reporting activities) is based, pursuant to Article 6(1)(f) of the GDPR, on the legitimate interest of the Data Controller.
You may in any case object pursuant to Article 21 para. 1 of the GDPR to the processing of your personal data for the purposes e. to i. by contacting the Data Controller at any time at the contact details given
in paragraph 5 below.

4. Modalities of processing
The data will be processed using computer and telematic tools, with logic strictly related to the purposes highlighted above and, in any case, by parties authorized to perform these tasks, duly informed of the constraints imposed by the GDPR, equipped with security measures to ensure the confidentiality of personal data and to prevent undue access to third parties or unauthorized personnel.
In particular, the data may be communicated, to the extent strictly necessary for the purposes pursued, to professionals and companies that may be entrusted with specific processing, to firms of accountants and consultants in charge of bookkeeping, to banks, to associated companies, to third party suppliers such as, by way of example, the companies that provide the management, maintenance and hosting of the Site, or companies that provide the management of the newsletter service, specifically appointed as data processors pursuant to the provisions of Article 28 of the GDPR. These providers, if operating in Non-EU countries, offer their services on the basis of standard contractual clauses or on the basis of adequacy decisions of the European Commission. These parties come into possession only of the personal data necessary for the performance of their functions and may use it only for the purpose of performing such services on behalf of the Data Controller or to comply with legal requirements. The data may also be disclosed to police bodies, judicial authorities, and to parties who may have access to it under provisions of the law or secondary or EU regulations.
The Data Controller undertakes to carry out data processing in compliance with the provisions of the GDPR, as well as with current national privacy legislation as well as to process the data in a lawful and fair manner, collecting and recording the same for determined, explicit and legitimate purposes, taking care to verify that the same are relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed.

5. Rights of the data subject
The User may exercise all rights under Articles 15-21 of the GDPR at any time and without undue restriction by contacting the Controller at the email address [email protected]. Requests are filed free of charge and processed by the Controller within 30 days.
In particular, the User may:
- obtain confirmation that processing is taking place (Article 15 of the GDPR);
- obtain rectification of inaccurate or incomplete data (Art. 16 of the GDPR);
- obtain the deletion of data without undue delay (Art. 17 of the GDPR);
- limit processing to only part of the personal data (Art. 18 of the GDPR);
- receive a copy of personal data held by the data controller in a commonly used, machine-readable format; obtain unimpeded transfer to another data controller (Art. 20 of the GDPR);
- object at any time to the processing of personal data (Art. 21 of the GDPR);
- with regard to the purposes of processing that are based on consent, withdraw it at any time (Art. 7 of the GDPR).

6. Complaints
The User may, at any time, lodge a complaint with the competent Authority (Garante per la Protezione dei Dati Personali), pursuant to Art. 77 of the GDPR, if he/she believes that the Controller processes his/her personal data in violation of the applicable legislation.

7. Changes
The Controller reserves the right to amend and update the following Privacy Policy as a result of any new provision of national or European Union data protection law.
Last modified 28/07/2022