it
de
en
Endrizzi
History
Endrizzi - Vineyards in Trentino
Autochthonous Trentino vines
Eco-sustainability
All of us
Contacts
Trentino wines
Trentodoc Endrizzi
DALIS Endrizzi
Classica Endrizzi
Masetto Endrizzi
Grappa Endrizzi
Serpaia
Serpaia – Tuscan vineyards
Philosophy
Olio Serpaia
Tuscan wines
Sangiovese
Cabernet & Merlot
Hospitality
Weddings
Tours and tastings
Dinners and meetings
Vinoteca Endrizzi
E-shop
Blog
menu
Disclosure
DISCLOSURE ON PROTECTION OF PERSONAL DATA PURSUANT TO ART. 3 OF EU GDPR 2016/679
We protect your data. EU Regulation 2016/679 (General Data Protection Regulation – GDPR) applies to
the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
This Disclosure informs you with regard to the type of data we process, the purposes for which we process and possibly share it, how long we store it, and the rights of the data subject and how they can be exercised.
The
data controller
is Endrizzi Srl, loc. Masetto, 2 - S. Michele all'Adige (TN), Italy, email
info@endrizzi.it
, in the person of its legal representative, domiciled for the purpose c/o the company, to whom you may send requests for the exercise of your rights pursuant to the GDPR.
1)
WHAT PERSONAL DATA REGARDING NATURAL PERSONS CAN BE COLLECTED?
We collect only common personal data, excluding all other types of special data or data referring to criminal convictions and crimes (sensitive data).
Contact details
. Personal data regarding customers and suppliers operating as natural persons; legal representatives, employees or other persons who, due to their roles or responsibilities, may be a reference for customer companies, suppliers, or other bodies and institutions. The following data is collected from such persons:
first name, last name, position, telephone number and email address
, physical address
(if not domiciled c/o the company/body)
.
Data from information requests
. These regard requests for estimates and information about products and services provided by Endrizzi Srl. In addition to contact details, they may regard
preferences for products or services
and other information needed to respond to requests.
Tax data, identity data, and other common personal data regarding transactions and payments.
These data regard natural-person customers and suppliers with whom contracts/agreements have been or are to be stipulated. Data regarding legal representatives of companies or other bodies are collected to the extent needed to comply with contractual or legal obligations.
2)
HOW DO WE COLLECT PERSONAL DATA?
C/o or directly from the data subject.
Your data may be collected in the following circumstances
:
by entering your data and sending an information request to websites linked to our company;
during preliminary activities related to the execution of contracts/agreements or in relation to economic relations maintained with the data subject;
by data collection performed c/o the data subject and transmitted to our offices by our agent or representative so that we may reply to an information request, provide an estimate, or fill an order;
supplied in correspondence, emails, messages, telephone calls, or other communication systems.
From public records, from lists available to the public or disseminated by websites.
This information is needed to check and draw up the terms and conditions of a contract/agreement to be stipulated or to acquire preliminary consent to the processing of personal data for informative and business purposes.
3)
PURPOSES AND
GROUNDS OF INTENDED PROCESSING OF PERSONAL DATA
No profiling activities are conducted and no automated decision-making processes are used.
Personal data may be processed for:
A) Compliance with obligations specified by laws, regulations or other rules, by court orders, or based on contractual, retributive, welfare, or tax obligations.
The provision of personal data needed for such purposes is mandatory and the processing of same does not require the data subject’s consent.
The data subject is required to cooperate to keep such data correct and updated,
promptly reporting any errors in or changes to
such data.
B) Purposes related to the execution of contracts/agreements or regarding business relations maintained with the data subject
.
This category includes:
execution of a contract/agreement or of precontractual compliances requested by the data subject;
improvement of the quality of the product and/or service and management of any complaints;
elaboration of business analyses and statistics through the use of anonymous and/or aggregate data.
The provision of personal data needed for such purposes is not mandatory
, but refusal to provide it (with regard to the data and the required compliance) may make it impossible for the company to execute the contract/agreement in whole or in part or to comply with specific requests by the data subject prior to stipulation of a contract/agreement.
If such data are provided, the consent to their processing is deemed implicit in the data subject’s request.
C) Purposes related to the fulfilment of a legitimate interest of Endrizzi Srl, to the prevention of contraband goods, and to the maintenance and development of business relations with the data subject.
This category includes:
documentation of the transactions conducted by the data subject and the prevention of contraband goods;
information, promotion and/or direct sale in relation to products, services or new initiatives (similar or in addition to those already included in current or previous business relations
for which implicit or explicit consent has already been acquired and not subsequently revoked
) proposed by the company or by third parties on behalf of the company. For contacts, direct promotion and transmission of advertising material, the company will use the data and communication channels already acquired for the execution of previous contracts/agreements or during analogous business activities with the data subject, by means of letters, telephone (land line or mobile for call with operator), and email address previously used. Nevertheless,
if the data subject wishes to object to the processing of his/her personal data in relation to these purposes, he/she may do so at any time by means of written request or email sent to the company, specifying the channels through which he/she no longer wants to be contacted.
D) Activities related to marketing and to company operations.
This category includes:
information, promotion and sale of new initiatives and/or products and services of the company, or of third-party companies, conducted by means of automated communication systems;
elaboration of studies, surveys and statistics on activities in the wine and/or food industry conducted by elaborating data already possessed by the company or acquired by means of specific collection or by a combination of these two activities,
without analyzing consumer habits or choices or defining the profile or personality of the data subject
;
measurement of customer satisfaction with the quality of services provided, by means of activities conducted by the company itself or by specialized companies by means of personal interviews;
public relations activities.
The provision of personal data needed for such purposes is not mandatory. If such data are provided, specific consent is required for their processing.
4)
HOW LONG DO WE STORE PERSONAL DATA?
Personal data are stored only for the time needed to achieve the purposes for which they were collected or for any other related legal purpose. If personal data are processed for two or more purposes, they will be stored until the purpose with the longer required storage time has been achieved. Personal data that are no longer needed or for which there is no longer a legal requirement for storage are permanently anonymized and may be stored in this form or destroyed in a secure way.
Unless the law imposes specific storage requirements, personal data are stored
for the entire duration of the contract/agreement and for an additional 10 years and 6 months or 15 years and 6 months from termination of the relationship
, in consideration of the statute of limitations of rights with regard to which Endrizzi Srl may need to defend itself or of storage requirements imposed by regulations if such data are needed to perform current contracts/agreements with the data subject or to satisfy a legitimate interest of the data controller.
With reference to
data useful for establishing a relationship that is not subsequently finalized, such data will be stored for a maximum of 36 months
, so that we may be able to satisfy specific requests from the data subject.
Personal data processed by means of consent
for
marketing purposes will be stored to the end of the then-current duration of the relationship or contact with the data subject and for an additional 24 months
, unless such deadline is changed pursuant to intervening regulations.
5)
SECURITY OF PERSONAL DATA
The company takes all measures needed to improve the protection and maintenance of the security, integrity, and accessibility of the personal data it collects.
All personal data are stored on protected servers or on appropriately archived hard copies or on those of our suppliers or business partners who have been specifically authorized to process same, and are accessible in conformity to our standards and security policy or to equivalent standards. Details of the technical and organizational methods used for processing and of the security measures applied are available on request at the company (“Controller”).
6)
ACCESS TO PERSONAL DATA AND/OR ITS SHARING WITH OTHER PARTIES
Personal data may be accessed by duly authorized employees as well as by outside suppliers, appointed as processors if necessary, who provide support for the provision of services.
Such processing will be performed on behalf of the company for the same purposes and with the above-described methods. The list of such bodies, companies or businesses is available at the company’s offices.
The Controller does not transfer personal data to Extra-EU countries except in cases of some IT service or general-purpose software companies with registered office in Extra-EU countries that guarantee a Privacy Shield in compliance with GDPR principles unless specifically stated otherwise; in such case the data subject will be informed in advance and his/her consent will be requested if necessary.
7)
RIGHTS OF THE DATA SUBJECT
WITH REGARD TO DATA PROTECTION; RIGHT TO LODGE COMPLAINTS WITH SUPERVISORY AUTHORITY
As provided by Articles 15-21 and 77 of the GDPR, you have the right to request:
access to your personal data,
a copy of the personal data that you have provided us (portability),
the rectification of your data in our possession,
the erasure of any data for which we no longer have any legal grounds for processing,
objection to processing where provided by applicable regulations,
revocation of consent in cases where processing is based on consent;
limitation of the way your personal data are processed, within the limits provided by the GDPR.
The exercise of such rights is subject to a few exceptions aimed at safeguarding the common good (for example, the prevention or identification of crimes) and the company’s interests, such as, for example, maintaining professional secrecy. If you exercise any one of the above-mentioned rights, it will be our responsibility to check you are entitled to exercise it and to give a prompt reply (in all cases within one month). We will take all steps to respond to your requests in case of complaints or reports regarding the ways your data are processed. Nevertheless, if you are not satisfied by our support, you may forward any complaints or reports to the data protection supervisory authority by using the following contact information: Garante per la protezione dei dati personali - Piazza di Monte Citorio n. 121 - 00186 ROMA, ITALIA.
Share this information with your friend
Endrizzi
blog
Visit the blog!
The underlying connection was closed: An unexpected error occurred on a send.