Consorzio Vino Chianti
Area Aziende

INFORMATION ON THE PROTECTION OF PERSONAL DATA

Issued to companies of the supply chain

PURSUANT TO ARTICLE 12 AND FOLLOWING OF EU REGULATION 679/2016

***

Consorzio Vino Chianti (hereinafter also “the Consortium“) is constantly attentive to ensuring the protection of personal data and the maintenance of principles of confidentiality and dignity of individuals, pursuant to EU Regulation 679/2016.

In accordance with the principle of accountability, any Processing of personal data must be lawful and correct. Likewise, the manner in which data is collected, accessed or otherwise processed, as well as the extent to which it is or will be processed, must be transparent. The principle of transparency requires that information and communications relating to the processing of such data be easily accessible and understandable, and that clear and simple language be used.

With this in mind, please take note of the following information.

1 – TYPE OF DATA COLLECTED

The personal data collected by Consorzio Vino Chianti may include:

  • company names, e-mail addresses, certified e-mail addresses, telephone numbers, addresses of the registered offices or any operative offices, bank data, personal data of the Legal Representatives, and/or other information useful to carry out the ordinary business activity;

  • production data, marketing data, organoleptic and chemical data of Your products;

  • balance sheet data and/or economic data relating to the company;

  • professional quality certificates and/or product quality certificates.

Unless otherwise specified, all the data requested are compulsory, therefore any refusal to provide them or to their subsequent processing may make it impossible for the Consortium to proceed with contractual relations or with the relative legal obligations.

In cases where the Consortium indicates some data as optional, the Companies belonging to the chain will be free to refrain from communicating such data, without this affecting the existing relationship.

2 – DATA CONTROLLER

The Data Controller is Consorzio Vino Chianti (VAT no. 02072860485), with registered office in Viale Belfiore 9, Florence, Italy, e-mail: info@consorziovinochianti.it, certified e-mail: consorziovinochianti@legpec.it, telephone: +39 05 533 3600, fax: +39 05 533 3601 in the person of Giovanni Busi, acting as President pro tempore of the Consortium.

3 – PURPOSE AND LAWFULNESS OF PROCESSING

Pursuant to EU Regulation 679/2016, personal data:

  • are processed in relation to contractual requirements and the consequent fulfilment of legal, fiscal, accounting and contractual obligations, as well as for effective management of business relations;

  • are processed in a lawful, transparent and correct manner with regards to the Data Subject;

The data are collected for specific, explicit and legitimate purposes, and subsequently processed in a way that remains consistent with such purposes.

The Data processing is carried out by the Consortium in the performance of its protection activities pursuant to Article 41 of Italian Law no. 238/2016 (Consolidated Law on vineyards and wine), more specifically in performing the functions of protection, promotion, development, consumer communications and general care of the interests relating to “Chianti” DOCG, “Colli dell’Etruria Centrale” DOC, “Vin Santo del Chianti” and “Bianco dell’Empolese” DOC.

In more detail, the Data provided by the Data Subjects are processed, by computerised and other means, for the following purposes:

  • maintenance of business files and address lists, general accounting, tax accounting, studies and research;

  • fulfilment of statutory obligations, fulfilment of legal obligations, determination of membership fees and generally applicable contributions;

  • analysis, checks and audits, management of service agreements and credit guarantees, appointments concerning audit and supervision;

  • activities for the promotion and enhancement of your products;

  • activities involving the sale of state seals and marks, goods or services.

4 – METHODS OF PROCESSING THE DATA COLLECTED

The Data Controller applies appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the personal data.

Processing is carried out using paper and/or computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated.

In some cases, in addition to the Data Controller, other subjects involved in the Consortium organisation may have access to the data. Such subjects may be internal to the Consortium (administrative, management, commercial, legal, systems administrators), or external (payroll processing centre, accountant), and, where necessary, shall be appointed as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

All Processing operations are carried out in a manner that guarantees the integrity, confidentiality and availability of personal data.

5 – LEGAL BASIS FOR PROCESSING

The Data Controller processes your personal data lawfully, given that the Processing:

  • is necessary for the performance of a contract or fulfilment of the Data Controller’s legal obligations;

  • is necessary for the performance of a task carried out in the public interest or for the exercise of public powers vested in the Data Controller;

  • is necessary for the pursuit of the legitimate interests of the Data Controller or of third parties.

However, at any time, the Data Subject may ask the Controller to clarify the legal basis of each processing operation, and in particular to specify whether the processing is based on law, provided for by a contract or necessary to conclude a contract.

6 – PLACE OF PROCESSING

The data are processed at the registered office of the Data Controller, who reserves the right to store the data on paper or on computer media in its own buildings.

7 – DATA RETENTION

Data are processed and stored for the time required by the original purposes, up to a maximum of 10 (ten) years. Given this:

  • personal data collected for reasons concerning the purposes set forth in this Information Notice shall be retained until the protection, promotion, development and communications activities are completed;

  • personal data collected for purposes concerning the Data Controller’s legitimate interests shall be retained until such interests are satisfied;

  • the data will be processed for the fulfilment of all legal obligations.

The Data Controller may be obliged to retain personal data for a longer period, in compliance with a legal obligation or by order of public Authority. The personal data will be deleted at the end of the retention period, meaning that the Data Subject will no longer be able to exercise the rights of access, erasure, rectification or data portability concerning the deleted data.

8 – OBLIGATION OF CONFIDENTIALITY

Data processing is carried out using computer technologies and/or paper media, by persons committed to confidentiality, with logic related to the purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data. The data collected shall not be disclosed or disseminated to third parties in accordance with law.

9 – COMMUNICATION TO THIRD PARTIES

Your personal data may be communicated to third parties that are known to the Consortium exclusively for the above-mentioned purposes, and, in particular, to the following categories of parties:

  • credit institutions;

  • debt collection companies;

  • credit insurance companies;

  • companies operating in the certification and protection sector as per article 41 of Italian Law 238/2016 (Consolidated law on vineyards and wine);

  • Public Bodies and Administrations, for legal fulfilments;

  • professionals and service companies working on behalf of the Consortium in company administration and management (management consultants, IT consultants, legal consultants, etc.);

  • professionals who provide support in fulfilling legal obligations.

The data may also be disclosed to the following categories of contractors and/or managers, for the sole purposes of credit protection and better management of the Consortium’s rights concerning the individual business relationship:

  • professionals and consultants.

10 – DETAILS OF PERSONAL DATA PROCESSING

The Personal Data collected for the purposes set out in this Notice are used in the following services:

  • address management and sending of e-mail and certified e-mail messages;

  • telephone contact for communications related to the activities described in this Notice;

  • banking;

  • fulfilment of legal obligations, and, in particular, those connected with the performance of the functions of protection, promotion, development, consumer communications and general care of the interests referred to in Article 17, paragraphs 1 and 4, of Italian Legislative Decree no. 61 of 8 April 2010.

11 – AUTOMATED PROFILING AND/OR DECISION-MAKING

The data collected will not be used for purposes of profiling or automatic processing.

12 – RIGHTS OF THE INTERESTED PARTY

In relation to the data processing described in this Notice, the Data Subject can exercise the rights provided for by the EU Regulation 679/2016 (Articles 15-21), including:

  1. supplementing, updating or rectification of their personal data;

  2. erasure of their personal data;

  3. restriction of the processing of their personal data;

  4. portability of their personal data;

The Data Subject also has the right to:

  1. object to the processing of their personal data;

  2. revoke their consent to the processing of their personal data;

  3. exercise, in general, all the rights provided by EU Regulation 2016/679, including those indicated in Articles 15 (Right of access), 16 (Right to rectification), 17 (Right to erasure), 18 (Right to restriction of processing), 19 (Right of notification regarding rectification or erasure of data or restriction of processing), 20 (Right to data portability), 21 and 22 (Rights to object to processing and automated decision making).

The request for the exercise of any of these rights can be sent to Consorzio Vino Chianti, in the person of Giovanni Busi, President, Viale Belfiore 9, Florence, 50100, Italy, by registered letter with return receipt or to the e-mail address info@consorziovinochianti.it or the certified e-mail address consorziovinochianti@legpec.it.

Data Subjects may lodge a complaint with the Italian Data Protection Authority through the website https://www.garanteprivacy.it/home_en.