Política de privacidad

Política de privacidad ITA

Through this privacy policy, drawn up pursuant to art. 13 Regulation (EU) 679/2016 (hereinafter also just “ General Data Protection Regulation ” or “ GDPR ”) and in compliance with the principles contained therein, Excantia Srl intends to inform each user (hereinafter also just “ User ”) of the processing of personal data collected through the website owned by it www.thewinesider.com .

  1. Data controller

The Data Controller is Excantia Srl (hereinafter also just “ Data Controller ”), VAT number 11108030013, with registered office in Corso Castelfidardo n. 30 A, 10129 – Turin.

Contact address: [email protected]

  1. Purpose of processing, type of personal data, legal basis and data retention period

 

Propósito

Personal data

Legal basis

Período de conservación

1

Provide information and/or send the catalog at the user's request, following completion of the data collection forms on the Site

· Personal information (name and surname of the interested party)

· Contact details (email address)

· Telephone number

· Region and city to which you belong

Execution of pre-contractual measures [art. 6, 1, lett. b) GDPR]

For the period necessary for the response

2

Account creation and management

· Personal information (name and surname of the interested party)

· Contact details (email address; Tax Code of the interested party, telephone number)

Execution of pre-contractual measures [art. 6, 1, lett. b) GDPR]

Until the account is canceled and in any case no later than 24 months from the date of last contact

3

Management of the purchase and shipping of products

· Personal information (name and surname of the interested party)

· Contact and shipping details (shipping address, email address, telephone number)

· Billing details

Execution of a contract [art. 6, 1, lett. b) GDPR]

10 YEARS

4

Contacto y atención al cliente

· Personal information (name and surname of the interested party)

· Contact details (email address, telephone number)

Execution of pre-contractual and/or contractual measures [art. 6, 1, lett. b) GDPR]

For the period necessary for the response

5

Envío de boletines y listas de correo

· Personal information (name and surname of the interested party)

· Contact details (email address, telephone number)

Consent [art. 6, 1, lett. 4) GDPR]

Until consent is revoked and in any case no later than 24 months from the date of last contact

6

Sending promotional communications for marketing purposes of the Data Controller, for sending advertising or direct sales material, carrying out market research or commercial communication with automated contact methods (email, sms, mms, or other types ) and traditional (paper mail, telephone calls with operator)

· Personal information (name and surname of the interested party)

· Contact details (email address and telephone number)

Consent [art. 6, 1, lett. 4) GDPR]

Until consent is revoked and in any case no later than 24 months from registration for marketing purposes

7

Profiling aimed at analyzing the User's consumption habits to address commercial proposals of interest, in the manner referred to in the previous point 6

· Personal information (name and surname of the interested party, telephone number)

· Contact details (email address)

Consent [art. 6, 1, lett. 4) GDPR]

Until the revocation of consent and in any case no later than 12 months from registration for profiling purposes

8

Compliance with legal obligations, including those of a fiscal nature.

· Personal information (name and surname of the interested party)

· Contact details (email address)

· Contractual data

Obligación legal (Art. 6(1)(c) GDPR)

According to applicable legislation

9

Prevention of fraudulent activities and exercise of the Owner's rights in court

· Personal information (name and surname of the interested party)

· Contact details (email address)

· Contractual data

Obligación legal (Art. 6(1)(c) GDPR)

10 años

10

Statistical analysis and reporting activities, carried out by the Data Controller in order to create reports and statistics relating to Excantia's commercial activities, to evaluate, analyze and improve its products and services.

· Personal information (name and surname of the interested party)

· Contact details (email address)

· Browsing data

Interés legítimo del responsable del tratamiento

(art. 6, 1, letter f) GDPR)

Hasta dos años desde la fecha de finalización de la relación contractual

The User can request clarification on the legal basis of each processing at any time.

  1. Provision of data and consequences of any refusal

The provision of data for the purposes referred to in paragraph 2, points 1,2,3,4, 8, 9 (Purpose of providing information and the catalogue, creation and management of accounts, management of the purchase and shipping of products, contact and customer care, fulfillment of legal obligations, prevention of fraudulent activities) is necessary, as it constitutes an essential requirement for the satisfaction of the user's requests and/or for the conclusion of the contract for the fulfillment of legal obligations. Your refusal or provision of inaccurate and/or incomplete information could prevent us from carrying out the activities indicated therein. For the processing of personal data for these purposes, your consent is not required, pursuant to article 6, 1 letter. b) and c) of the GDPR.

The provision of data for the purposes referred to in paragraph 2, points 5,6,7 (Purpose of sending newsletters, marketing, profiling) is optional, the Data Controller will pursue the purposes only if expressly and specifically authorized by the user to process of the data provided for each individual purpose. Any refusal or the provision of inaccurate and/or incomplete information could prevent the carrying out of the activities indicated therein, but will not prevent the execution of the Contract.

The processing of personal data for these purposes requires the informed consent of the interested party expressed individually for each of the purposes indicated pursuant to Article 6, letter a, of the GDPR and pursuant to Italian harmonization legislation.

In any case, the interested party may revoke the consent expressed at any time without this affecting the lawfulness of the processing based on the consent given before the revocation according to the methods described in the following paragraph 5.

By virtue of the assessments carried out regarding the balance of interest between the Data Controller and the interested party, the processing of data for the purposes referred to in paragraph 2 point 10 (Purpose of statistical analysis and reporting activities) is based, pursuant to article 6, paragraph 1, letter. f) of the GDPR, on the legitimate interest of the Data Controller.

In any case, you may object pursuant to art. 21 par. 1 of the GDPR to the processing of your personal data for the purposes to and. to i. by contacting the Data Controller at any time at the contact details indicated in paragraph 5 below.

  1. Treatment methods

The data will be processed using IT and telematic tools, with logic strictly related to the purposes highlighted above and, in any case, by subjects authorized to carry out these tasks, appropriately informed of the constraints imposed by the GDPR, equipped with security measures aimed at guaranteeing the confidentiality of personal data and to avoid undue access to third parties or unauthorized personnel.

In particular, the data may be communicated, within the limits strictly necessary for the purposes pursued, to professionals and companies possibly in charge of specific processing, to accounting firms and consultants responsible for keeping the accounts, to banks, to associated companies, to third party suppliers. such as, by way of example, the companies that provide the management, maintenance and hosting of the Site, or companies that provide the management of the newsletter service, specifically appointed as data controllers pursuant to the provisions of the art. 28 of the GDPR. These suppliers, if operating in non-EU countries, offer their services on the basis of standard contractual clauses or on the basis of adequacy decisions of the European Commission. These subjects only come into possession of the personal data necessary to carry out their functions and can use them only for the purpose of carrying out these services on behalf of the Data Controller or to comply with legal provisions. The data may also be communicated to police bodies, judicial authorities, and to subjects who can access it pursuant to legal provisions or secondary or community legislation.

The Data Controller undertakes to process the data in compliance with the provisions of the GDPR, as well as the national legislation in force on privacy as well as to process the data lawfully and correctly, collecting and recording the same for specific purposes, explicit and legitimate, taking care to verify that they are relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed.

  1. Rights of the interested party

The User can exercise all the rights provided for by the articles. 15-21 of the GDPR at any time and without unjustified limitations, by contacting the Data Controller at the email address. Requests are filed free of charge and processed by the Data Controller within 30 days.

In particular, the User can:

  • obtain confirmation that processing is underway (art. 15 of the GDPR);
  • obtain the rectification of inaccurate or incomplete data (art. 16 of the GDPR);
  • obtain the deletion of data without unjustified delay (art. 17 of the GDPR);
  • limit the processing of only part of the personal data (art. 18 of the GDPR);
  • receive a copy of the personal data held by the owner, in a commonly used and machine-readable format; obtain unhindered transfer to another Data Controller (art. 20 of the GDPR);
  • object at any time to the processing of personal data (art. 21 of the GDPR);
  • with regard to the purposes of the processing which are based on consent, revoke it at any time (art. 7 of the GDPR).
  1. Complaints

The User may, at any time, lodge a complaint with the competent Authority (Guarantor for the Protection of Personal Data), pursuant to Art. 77 of the GDPR, if you believe that the Data Controller processes your personal data in violation of the applicable legislation.

  1. Changes

The Data Controller reserves the right to modify and update the following Privacy Policy following any new provision of national or European Union law on the protection of personal data.

Last modified:28/07/2022

Política de privacidad ES

Through this privacy policy, drafted in accordance with Article 13 Regulation (EU) 679/2016 (hereinafter also only "General Data Protection Regulation" or "GDPR") and in compliance with the principles contained therein, Excantia Srl intends to inform each user ( hereinafter also only "User") of the processing of personal data collected through the site of its ownership www.thewinesider.com.

1. Data Controller
The Data Controller is Excantia Srl (hereinafter also only "Data Controller"), VAT No. 11108030013, with registered office in Corso Castelfidardo No. 30 A, 10129 - Turin.
Contact address: [email protected]

2. Fines del tratamiento, tipos de datos personales, base jurídica y período de conservación de los datos

 

Propósito

Datos personales

Base legal

Período de conservación

1

 Proporcionar información y/o enviar el catálogo a petición del usuario, tras la cumplimentación de los formularios de recogida de datos en el Sitio

- Biographical information (first and last name of the data subject of the data subject)
- Contact details (email address)
- Phone number
- Region and city of affiliation

Ejecución de medidas precontractuales [Art. 6(1)(b) GDPR].

Para el período requerido para la respuesta

2

Para el período requerido para la respuesta

 - Biographical information (first and last name of the data subject of the data subject)
- Contact details (email address; Tax code of the data subject, telephone number)

Ejecución de medidas precontractuales [Art. 6(1)(b) GDPR].

Hasta que se elimine la cuenta, pero a más tardar 24 meses después de la fecha del último contacto

3

Gestión de la compra y el envío de productos

- Biographical information (first and last name of the data subject of the data subject)
- Contact and shipping details (shipping address, email address, phone number)
- Billing details

Ejecución de un contrato [Art. 6(1)(b) GDPR].

10 años

4

Contacto y atención al cliente

 - Biographical information (first and last name of the data subject of the data subject)
- Contact details (email address, phone number)

Ejecución de medidas precontractuales y/o contractuales [Art. 6(1)(b) GDPR].

Para el período requerido para la respuesta

5

Envío de boletines y listas de correo

 - Biographical information (first and last name of the data subject of the data subject)
- Contact details (email address, phone number)

Consentimiento [Art. 6, 1(4) GDPR].

Hasta que se revoque el consentimiento, pero a más tardar 24 meses después de la fecha del último contacto

6

 Sending promotional communications for marketing purposes of the Data Controller, for sending advertising material or direct sales, the performance of market researcher or commercial communication by automated (electronic mail, sms, mms, or other) and traditional (paper mail, telephone calls with operator) contact methods - Biographical information (first and last name of the data subject of the data subject)
- Contact details (email address and phone number)

Consentimiento [Art. 6, 1 (4) GDPR].

Hasta que se revoque el consentimiento, pero a más tardar 24 meses después del registro con fines de comercialización

7

Elaboración de perfiles destinados a analizar los hábitos de consumo del Usuario para dirigirle propuestas comerciales de interés, en la forma prevista en el apartado 6 anterior

- Información biográfica (nombre y apellidos del interesado, número de teléfono)

- Datos de contacto (dirección de correo electrónico)

Consentimiento [Art. 6, 1 (4) GDPR].

Hasta que se revoque el consentimiento, pero a más tardar 12 meses después del registro con fines de elaboración de perfiles

8

Cumplimiento de las obligaciones legales, incluidas las fiscales.

- Información biográfica (nombre y apellidos del interesado)

- Datos de contacto (dirección de correo electrónico)

- Datos contractuales

Obligación legal (Art. 6(1)(c) GDPR)

De acuerdo con la normativa aplicable

9

 Prevención de actividades fraudulentas y ejercicio de los derechos del titular ante los tribunales

- Información biográfica (nombre y apellidos del interesado)

- Datos de contacto (dirección de correo electrónico)

- Datos contractuales

Obligación legal (Art. 6(1)(c) GDPR)

10 años

10

Actividades de análisis e informes estadísticos, establecidas por el Controlador de Datos con el fin de crear informes y estadísticas inherentes a las actividades comerciales de Excantia, para evaluar, analizar y mejorar sus productos y servicios.

- Información biográfica (nombre y apellidos del interesado)

- Datos de contacto (dirección de correo electrónico)

- Datos de navegación

Legitimate interests of the Data Controller

(Art. 6, 1(f) GDPR)

Hasta dos años desde la fecha de finalización de la relación contractual

El usuario puede solicitar en cualquier momento la aclaración de la base legal de cada tratamiento.

3. Provision of data and consequences of refusal
The provision of data for the purposes referred to in paragraph 2, points 1,2,3,4, 8, 9 (Purpose of providing information and the catalog, creation and management of account, management of the purchase and shipment of products, contact and customer care, fulfillment of legal obligations, prevention of fraudulent activities) is necessary, as it is an essential requirement for the satisfaction of user requests and/or for the conclusion of the contract for the fulfillment of legal obligations. Your refusal or the provision of inaccurate and/or incomplete information may prevent us from carrying out the activities, stated therein. The processing of personal data for these purposes does not require your consent, pursuant to Article 6, 1 letter b) and c) of the GDPR.
The provision of data for the purposes referred to in paragraph 2, points 5,6,7 (Purposes of sending newsletters, marketing, profiling) is optional, the Data Controller will only pursue the purposes if expressly and specifically authorized by you to process the data provided for each individual purpose. Any refusal or the provision of inaccurate and/or incomplete information may prevent the performance of the activities, indicated therein, but will not prevent the execution of the Contract.
The processing of personal data for these purposes requires the informed consent of the data subject expressed individually for each of the purposes indicated in accordance with Article 6, letter a, of the GDPR and in accordance with the Italian harmonizing legislation.
In any case, the data subject may revoke the consent expressed at any time without affecting the lawfulness of the processing based on the consent given before revocation in the manner described in paragraph 5 below.
By virtue of the assessments made regarding the balance of interest between the Data Controller and the data subject, the processing of data for the purposes set out in paragraph 2 point 10 (Purpose statistical analysis and reporting activities) is based, pursuant to Article 6( 1)(f) of the GDPR, on the legitimate interest of the Data Controller.
You may in any case object pursuant to Article 21 para. 1 of the GDPR to the processing of your personal data for the purposes e. to i. by contacting the Data Controller at any time at the contact details given
in paragraph 5 below.

4. Modalities of processing
The data will be processed using computer and telematic tools, with logic strictly related to the purposes highlighted above and, in any case, by parties authorized to perform these tasks, duly informed of the constraints imposed by the GDPR, equipped with security measures to ensure the confidentiality of personal data and to prevent undue access to third or parties unauthorized personnel.
In particular, the data may be communicated, to the extent strictly necessary for the purposes pursued, to professionals and companies that may be entrusted with specific processing, to firms of accountants and consultants in charge of bookkeeping, to banks, to associated companies, to third party suppliers such as, by way of example, the companies that provide the management, maintenance and hosting of the Site, or companies that provide the management of the newsletter service, specifically appointed as data processors pursuant to the provisions of Article 28 of the GDPR. These providers, if operating in Non-EU countries, offer their services on the basis of standard contractual clauses or on the basis of adequacy decisions of the European Commission. These parties come into possession only of the personal data necessary for the performance of their functions and may use it only for the purpose of performing such services on behalf of the Data Controller or to comply with legal requirements. The data may also be disclosed to police bodies, judicial authorities, and to parties who may have access to it under provisions of the law or secondary or EU regulations.
The Data Controller undertakes to carry out data processing in compliance with the provisions of the GDPR, as well as with current national privacy legislation as well as to process the data in a lawful and fair manner, collecting and recording the same for determined, explicit and legitimate purposes, taking care to verify that the same are relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed.

5. Rights of the data subject
The User may exercise all rights under Articles 15-21 of the GDPR at any time and without undue restriction by contacting the Controller at the email address [email protected]. Requests are filed free of charge and processed by the Controller within 30 days.
In particular, the User may:
- obtain confirmation that processing is taking place (Article 15 of the GDPR);
- obtain rectification of inaccurate or incomplete data (Art. 16 of the GDPR);
- obtain the deletion of data without undue delay (Art. 17 of the GDPR);
- limit processing to only part of the personal data (Art. 18 of the GDPR);
- receive a copy of personal data held by the data controller in a commonly used, machine-readable format; obtain unimpeded transfer to another data controller (Art. 20 of the GDPR);
- object at any time to the processing of personal data (Art. 21 of the GDPR);
- with regard to the purposes of processing that are based on consent, withdraw it at any time (Art. 7 of the GDPR).

6. Complaints
The User may, at any time, lodge a complaint with the competent Authority (Guarantor for the Protection of Personal Data), pursuant to Art. 77 of the GDPR, if he/she believes that the Controller processes his/her personal data in violation of the applicable legislation.

7.Changes
The Controller reserves the right to amend and update the following Privacy Policy as a result of any new provision of national or European Union data protection law.
Last modified 07/28/2022