LOG-IN

PRIVACY POLICY

Information pursuant to Article 13 of REGULATION (EU) 2016/679

Dear User,

The F. Lamonarca Wine and Oil Company (‘Lamonarca’), Data Controller, pursuant to Article 13 of EU Regulation 2016/679 (hereinafter, ‘GDPR’) and Legislative Decree 196/2003, as amended by Legislative Decree 101/18, intends to describe the methods of processing the personal data of users who consult the website accessible electronically at the following address:

www.lamonarca.it

This information does not apply to other websites, pages or online services accessible via hyperlinks that may be published on the website.

In this document, we wish to explain:

  1. What is meant by “data processing”?

Pursuant to Article 4 of EU Regulation 2016/679, the term “processing of personal data” means ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying’.

Who is the Data Controller of your data?

The Data Controller is Azienda Vinicola ed Olearia di F. Lamonarca, VAT number 01095670723, with registered office in Via Ravanas n. 1, 70037, Ruvo di Puglia (BA).

The Data Controller can be contacted at the following email address: vinicola@lamonarca.it.

What data is processed?

Lamonarca uses two types of personal data, namely data related to access to our website (‘browsing data’) and data provided directly by the user (‘identification data’).

Browsing data

This category of data includes all data whose transmission is implicit in the use of Internet communication protocols and, in particular, the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the users’ IT environment.

This data may also be collected through the use of cookies. In this case, the information is not collected for the purpose of associating it with identified data subjects, but, despite this, given its very nature, it could still allow third parties to identify the user through processing and association with other data already in their possession.

Information on cookies and automated systems similar to cookies is made available to the user by clicking on the appropriate link called ‘COOKIE POLICY’ on the website.

Identification data

The optional, explicit and voluntary sending of messages to the Data Controller’s contact addresses, private messages sent by users to related profiles/pages on social media (where this option is available), as well as the completion and submission of the contact form on the website, entail the acquisition of the sender’s contact details, which are necessary to respond, as well as all personal data included in the communications.

In particular, data such as name, surname, place and date of birth, residence, telephone number and email address may be acquired.

Why do we process your data?

The purposes of processing browsing data are as follows:

to allow navigation of the website;
to obtain statistical information on the use of services (most visited pages, number of visitors by time slot or by day, geographical areas of origin, etc.);
to check the proper functioning of the services offered.

The purposes of processing the identifying personal data provided by the user are as follows:

use of the services offered by Lamonarca;
responding to requests for information. In fact, the contact details of the Data Controller (email, registered office, telephone, other possible contacts) are indicated on the website. The user who uses these contacts to request information about the Controller’s activity provides their personal data (such as name, surname, and personal details), which will be processed exclusively to fulfill the request for clarifications, questions, or other inquiries;
responding to information requests made by the user through the contact form. The user’s data (name, email, phone number, other) provided by filling out the contact form will be processed by the Controller to handle the user’s request for information;
sending advertising communications (so-called Direct Marketing). The following information applies whenever, during navigation on this website, the user is asked to provide their data and consent to receive from the Controller advertising material or commercial communications, offers and promotions, direct sales, or to participate in market research or opinion surveys (hereinafter collectively defined as “direct marketing” activities). The purpose of processing is to carry out “direct marketing” activities towards the user.
Management of purchase orders made on the Controller’s Website: users can place orders and purchase products sold on the Website; therefore, personal data will be processed to complete, manage, and ship orders.
Reviews: we may use your contact details to invite you by email to leave a review after purchasing products. This can help other users choose our e-commerce. If you submit a review, it may be published on our website.
Payment management: users who make purchases on the Website can make payment by bank transfer, credit card, or through the PayPal platform. In the case of payment by credit card, reference is made to the respective Privacy Policy of the payment network used from time to time, while if payment is made via PayPal, PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg, will collect the user’s data necessary to process the payment and handle them in accordance with its own privacy policy, available at the following link: https://www.paypal.com/webapps/mpp/ua/privacy-full

The identifying personal data of users may also be processed for the following legally required purposes:

to fulfill legal obligations. The data provided by the data subject will be used to comply with legal obligations under national, European, or supranational law;
for purposes of establishing, exercising, or defending legal claims. The data provided by the data subject will also be processed, if necessary, to establish, exercise, or defend the Controller’s rights in court.

On what legal basis do we process your data?

The processing of personal data indicated on this page is based on the cases described in Article 6 of the GDPR.

In particular, with regard to browsing data, the legal basis for processing lies in Article 6(1)(f) of the GDPR, which provides for the lawfulness of processing when it is necessary for the purposes of the legitimate interests pursued by the Controller or by third parties.

With reference, instead, to the identifying personal data provided by the user (aimed at the use of services, requests for information, management of purchase orders, and payment processing), the legal basis for processing is found in Article 6(1)(a) of the GDPR, which states that processing is lawful when the data subject has given consent to the processing of their personal data for one or more specific purposes, as well as in Article 6(1)(b) of the GDPR, which identifies as a legal basis the execution of pre-contractual or contractual measures taken at the request of the data subject.

The processing of personal data for commercial purposes (sending commercial communications, reviews) is based on the following legal bases: on the (optional) consent provided by the data subject pursuant to Article 6(1)(a) of the GDPR; on Article 130(4) of the new Privacy Code, but only in the case of processing via email and for communications concerning services similar to those already “sold” to the Customer; on the legitimate interest under Article 6(1)(f) of the GDPR (in combination with Recital 47), when the data subject can reasonably expect such processing by the Controller and it does not infringe their rights and freedoms.

Finally, the processing of personal data in cases of compliance with legal obligations and for the purposes of establishing, exercising, or defending legal claims is based on Article 6(1)(c) of the GDPR, according to which the legal basis lies in the fulfillment of a legal obligation to which the Controller is subject, and on Article 6(1)(f) of the GDPR.

  1. How are your data processed, communicated and disseminated?

    The data will not be disseminated but communicated to subjects formally appointed as persons in charge (e.g. employees, if applicable) or designated as data processors (e.g. companies providing hosting services, web agencies that manage the website), who will process the data by adopting appropriate and adequate security measures to prevent unauthorised access, disclosure, modification or destruction of your data.

    In order to comply with legal or contractual obligations, the data subject’s data may be disclosed to the following parties: insurance companies in the event of claims; public bodies where required by law; lawyers, law enforcement agencies, judicial authorities (for example) in the event of illegal acts, breach of contract, or other legally relevant facts caused by the data subject or by the Data Controller itself in relation to the data subject.

    For all the above purposes, the data may be disclosed to parties who carry out certain technical and organisational activities on behalf of the Data Controller, including in their capacity as data processors, such as administrative, accounting and tax services.

    Pursuant to Article 28 of the GDPR, the Data Controller shall appoint third parties who process personal data on its behalf as data processors; a list of external data processors is available at the Data Controller’s headquarters.

    For more information on the persons in charge or data processors, please contact the Data Controller at the email address indicated in the epigraph.

     

  2. How long are your data stored?

    With regard to browsing data, except as stated below regarding cookies or other tools similar to cookies, the Data Controller does not store any data potentially provided through simple browsing.

    Personal data provided by the data subject for the purpose of requesting information will be stored for the time necessary to provide the information service: once this period has expired, the data will be immediately deleted.

    Personal data provided for the use of services in the event of the conclusion of a contract, on the other hand, will not be deleted but will be managed correctly in accordance with the GDPR. For all information regarding this processing, please refer to the specific privacy policy.

    In cases of processing due to compliance with legal obligations, the retention period depends on the regulation applied by the Data Controller at the time of processing.

    In the event of processing due to the need to ascertain, exercise or defend rights, the Data Controller will retain the data subject’s data for this exclusive purpose only if there is a reasonable likelihood of having to take legal action. In the event of a dispute, the data will be retained until the judgement becomes final.

    Finally, personal data processed for commercial purposes will be retained, in the event of consent, until such consent is revoked in accordance with Article 7 of the GDPR. However, in the case of processing carried out pursuant to Article 130, paragraph 4, of the new Privacy Code and Article 6, no. 1, letter f) of the GDPR, the data will be retained for this purpose until the data subject objects pursuant to Article 21 of the GDPR, to be exercised from the start of the processing or during its continuation.

     

  3. Where is your data processed? Can your data be transferred to countries outside the EU?

    Data processing is carried out at the Data Controller’s operational headquarters and in any other place where the parties involved in the processing are located.

    The Data Controller undertakes not to transfer users’ data to countries outside the EU. In the event of transfers, the Data Controller guarantees the application of the rules set out in Articles 44 et seq. of the GDPR.

    For any information, please contact the email address provided above.

  1. What are your rights?

    The data subject may exercise their rights as set out in Articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.

    In particular, the data subject has the right to:

    – request confirmation of the existence of their personal data among the data collected by the company;

    – know their origin, the logic and purposes of their processing;

    – obtain their updating, rectification and integration;

    – request their erasure and oblivion, transformation into anonymous form or blocking in the event of unlawful processing;

    – object to their processing for legitimate reasons or in the case of use of the data for sending advertising material, commercial information, market research, direct sales and interactive commercial communication if consent has not been given;

    – request the transfer of their data to third parties, where possible and necessary;

    – revoke their consent at any time;

    The above rights may be exercised by sending a direct request to the Data Controller, using the contact details provided in this policy.

    Upon receipt of the communication from the data subject, the Data Controller will take charge of the request, processing it within the time necessary to complete the procedure (maximum 14 days) and subsequently confirming this to the data subject.

    If the data subject is aware of a breach of the rules on the processing of personal data, or of the loss or unlawful disclosure of such data, they must urgently notify the Data Controller, using one or more of the contact details indicated in this policy;

    The Data Controller must, within 72 hours, notify the breach to the Data Protection Authority, together with the measures taken to address the breach.

    The data subject also has the right to lodge a complaint with the Supervisory Authority. For more information on the procedures, please visit www.garanteprivacy.it.

    The Data Controller who becomes aware of the breach, loss or accidental disclosure from other control sources (DPO where present – Data Processor – Data Processors) must notify the Privacy Authority within 72 hours, also indicating the measures taken to address the breach, as well as the data subject.

    The Data Protection Authority www.garanteprivacy.it is responsible for reports relating to the breach of personal data or damage suffered as a result of such breach.

    In the event of disputes relating to the interpretation of this document, the Consumer Court shall have jurisdiction, pursuant to Legislative Decree 206/2005.

Cookie Policy

Information on cookies and automated systems similar to cookies is made available to users by clicking on the link entitled ‘COOKIE POLICY’ located in the footer of the website.

For any information, clarification or to exercise your rights, please contact the Data Controller at the email address above.

Privacy Policy updated on 18 April 2023.