Privacy Policy

HomePrivacy Policy
Close

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
Dievole spa – Località Dievole 6, 53019 Vagliagli, Siena, VAT number IT 00800530529, as Data Controller, is constantly committed to protecting the privacy of its users.

This document has been drawn up in accordance with Articles 13 and 14 of EU Regulation 2016/679 in order to allow you to learn about our privacy policy and understand:
– how your personal information is handled when you use our website and the services made available
– how to give informed consent to the processing of your personal data.

The information and data you provide or otherwise acquired in the context of using the services made available by Dievole spa, hereinafter referred to as ‘Services’, will be processed in compliance with the provisions of the Regulation and confidentiality obligations.
The processing carried out will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality.

Browsing data

The computer systems and software procedures used to operate the Website, during their normal operation, acquire personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. While browsing the Website, certain technical data is automatically collected, including IP addresses, domain names of the devices used, URI (Uniform Resource Identifier) addresses of the resources requested, time of the request, method of transmission, size of the file obtained in response, status code of the server response (e.g. successful, error) and other parameters relating to the user’s operating system and IT environment. This data is processed exclusively for anonymous statistical purposes, to monitor the proper functioning of the Website and to identify any anomalies or abuses. The data is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website or third parties: except for this possibility, at present, web contact data does not persist for more than seven days.

Third-party data voluntarily provided by the data subject

When using the services of the Website, personal data of third parties communicated by you may be processed. In such cases, you act as an independent data controller, assuming all the obligations and responsibilities provided for by current legislation. Therefore, you exempt the Data Controller from any dispute, claim or request for compensation arising from the processing of such data in violation of applicable legislation.
In any case, if you provide or process personal data of third parties through the Website, you guarantee that you have previously obtained the consent of the data subject to the processing, assuming all related responsibilities.

Cookie

Specifically, the cookies sent through the Website are listed in the Cookie Policy, which can be found directly in the Cookie Policy section.

Purpose of processing

The processing we intend to carry out, with your specific consent where necessary, has the following purposes:
a) to allow navigation of the Website;
b) to respond to specific requests sent to our organisation via email or through the booking of your stay and/or the booking of other activities that may be available;
c) to comply with any obligations under applicable laws, regulations or EU legislation, or to satisfy requests from authorities;
d) send you promotional and marketing communications to the email address you have provided; please note that the Data Controller collects a single consent for the marketing purposes described here, in accordance with the General Provision of the Data Protection Authority ‘Guidelines on promotional activities and combating spam’ of 4 July 2013; if, in any case, you wish to object to the processing of your data for marketing purposes carried out by the means indicated herein, as well as to revoke the consent given, you may do so at any time by contacting the Data Controller at the addresses indicated in this policy, without prejudice to the lawfulness of the processing based on the consent given prior to the revocation, or by clicking on the appropriate link at the bottom of each email you receive.
e) registration and access to the D’Wine Club reserved area

Legal basis and mandatory or optional nature of processing

The legal basis for the processing of Personal Data for the purposes referred to in points (a-b) is:
– Article 6(1)(b) of the Regulation, as processing is necessary for the provision of the Services or to respond to requests from the data subject. The provision of Personal Data for these purposes is optional, but failure to provide such data would make it impossible to activate the Services provided by the Website.
The legal basis for the processing of Personal Data for the purpose referred to in letter (c) is
– lawful processing of Personal Data pursuant to Article 6(1)(c) of the Regulation. The processing is necessary to comply with a legal obligation to which the Data Controller is subject.
The legal basis for processing for the purposes indicated in letters (d- e)):
– is Article 6.1.a) of the Regulation, i.e. consent. The provision of your Personal Data for the purposes referred to in letter d) is optional; there will be no consequences if you refuse.
Destination of personal data

Your Personal Data may be shared, for the purposes referred to in the section above, with:
– entities that typically act as data processors pursuant to Article 28 of the Regulation, i.e.
– entities, bodies or authorities, independent data controllers, to whom it is mandatory to communicate your personal data pursuant to legal provisions or orders from the authorities;
– persons authorised to process Personal Data pursuant to Article 29 of the Regulation, necessary to perform activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality, e.g. employees.

Transfer of personal data

Users’ personal data may be transferred to countries outside the European Union. In particular, the data is processed on servers located in Uruguay, a country recognised by the European Commission as having an adequate level of data protection pursuant to Article 45 of Regulation (EU) 2016/679 (GDPR).
Furthermore, exclusively for the provision of the newsletter service and with the prior consent of the data subject, some personal data (name and email address) may be transferred to the United States of America to service providers acting as Data Processors and who guarantee an adequate level of personal data protection by adhering to the EU-US Data Privacy Framework, pursuant to Article 45 of the GDPR.
In any case, the transfer of personal data takes place in compliance with the guarantees, security measures and rights provided for by the GDPR.

Data retention

Personal Data processed for the purposes specified above will be retained for the time strictly necessary to achieve those purposes in accordance with the principles of minimisation and storage limitation pursuant to Article 5.1.e) of the Regulation. In any case, the Data Controller will process Personal Data for the time necessary to fulfil contractual and legal obligations.
Further information regarding the data retention period and the criteria used to determine that period may be requested by writing to the Data Controller.

Rights of data subjects

You have the right to access your data at any time, in accordance with Articles 15-22 of the GDPR. In particular, you may request the rectification, erasure or restriction of the processing of your data in the cases provided for in Article 18 of the GDPR, the withdrawal of consent, the portability of your data in the cases provided for in Article 20 of the GDPR, and lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR (Personal Data Protection Authority).
You may submit a request to object to the processing of your data pursuant to Article 21 of the GDPR, providing evidence of the reasons justifying the objection: the Data Controller reserves the right to evaluate your request.

Requests should be addressed in writing to the Data Controller at the above addresses.

Changes

The Data Controller reserves the right to modify or update the content, in part or in full, including due to changes in applicable legislation, informing you of such changes as soon as they are introduced. They will be binding as soon as they are published on the Website. The Data Controller therefore invites you to visit this section regularly to view the most recent and updated version of the privacy policy.

Tenuta Le Colonne

Via Vecchia Aurelia, 418, 57022 Donoratico (LI)

Sede legale: Soc. Agr. Dievole S.p.A. – Località Dievole 6, 53019 Vagliagli, Siena, ITALIA. – T. +39 0577 322613 – F. +39 0577 322574 – PEC: [email protected] – REA SI-92695 – Società con socio unico soggetta ad attività di direzione e coordinamento di “IAG Toscana S.r.l.” – Codice fiscale e Registro Imprese Siena 00814520136 – P. IVA IT00800530529 – Capitale Sociale € 17.000.000 i.v.

Flag_of_Europe

CAMPAIGN FINANCED ACCORDING TO (EU) REGULATION NO. 1308/2013

Prenota un tavolo

Are you of
legal drinking age?

You must be of legal drinking age to use this site. If you are not, do not enter this site.

Drink wine responsibly.