Privacy Policy

This information notice describes the processing of the personal data of those who use the services of the Consorzio Vino Chianti website, available at the address:

http://www.consorziovinochianti.it,

and successive web pages, and provides information concerning the protection of their personal data pursuant to Article 13 of EU Regulation 2016/679 (henceforth GDPR).

The information is provided only for the Consorzio Vino Chianti website and not for other websites that the user may consult through the links contained.

The information is also based on Recommendation no. 2/2001 that the European authorities for the protection of personal data, meeting in the Group established by Article 29 of Directive no. 95/46/EC, adopted on 17 May 2001. The Recommendation identifies minimum requirements for the online collection of personal data, and in particular, the procedures, timing and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

The purpose of this privacy policy is to provide transparent information about the data collected by the Consorzio Vino Chianti website and on the methods of their use.

The process of using the website results in the release of personal data, for which the DATA CONTROLLER is CONSORZIO VINO CHIANTI, with registered office in Viale Belfiore 9, Florence, Italy.

The user’s personal data are processed by subjects specifically appointed and instructed by the Data Controller, and authorised to access the data by virtue of provisions of laws and regulations. The user’s personal data are also processed by “System Administrators”, as defined by the Provision of the Italian Data Protection Authority of 27 November 2008 and subsequent amendments.

This information notice is subject to changes due to the issue of any new regulations in regards to the processing of personal data. For this reason, we advise the user to consult this page periodically.

Pursuant to GDPR Article 13, we inform you that your personal data will be processed in Europe, using manual and electronic means, including through the use of social networks.

DATA PROCESSOR

The Data Processor is the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller.

TYPE OF DATA COLLECTED

Navigation data:

During normal operation, the computer systems and software used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.

This data is not collected for association with identified subjects, but, by their very nature, and through processing and association with data held by third parties, they could allow users to be identified.

This category of data includes IP addresses, the domain names of the computers used to connect to the site, uniform resource identifiers (URIs), the addresses of the resources requested from the server, the times of requests, the methods used to submit requests, the sizes of the files obtained in response, the numerical code indicating the status of the response (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to monitor its correct operation. They are deleted from the server not more than 7 days after processing.

The data could also be required to ascertain responsibility in case of hypothetical computer crimes against the site. Except for this possibility, the data on web contacts are deleted within not more than 3 days.

Data voluntarily provided by the user:

The explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.

This data is kept for the time necessary to respond to the requests received, and is then immediately anonymised or deleted, unless it is necessary to keep it for other purposes provided for by law (e.g. archiving).

Cookies:

A “cookie” is a small text file that a website creates and stores on the device used to access a given website. The cookies serve for purposes of storing and transporting information. The cookies are sent by the website server to the user’s browser, stored on their device, and then sent back to the server on subsequent visits.

The Consorzio Vino Chianti website uses cookies to improve the browsing experience and to provide both webpage content and other services that are as close as possible to the interests of the users. The following is a general description of the types of cookies used.

The Consorzio Vino Chianti website uses performance cookies from Google Analytics and Google Search Console.

No cookies are used to collect personal data about users, meaning that no user identification is possible through the use of the cookies.

Some of the cookies sent by the website are temporary, meaning that their existence on the user’s device is limited to the duration of the browsing session, and they are deleted from the user’s device once the user has left the website and closed the browser. Other cookies may be persistent, meaning that they are stored on the user’s device until they are deleted or until they reach a specified expiry date. This means that they are not automatically deleted from the user’s device when they leave the website or browser, but may be removed by a voluntary action.

Most internet browsers are initially set up to accept cookies automatically, however at any time, you can refuse or block cookies by adjusting the settings of the browser to reject or disable all or some of them. Most browsers also allow the user to set preferences so that a notice is provided whenever a cookie is stored on their device. Finally, at the end of each browsing session, the user can delete the cookies collected on their device. Please note that the procedures for deletion of cookies are different depending on the browser used.

PURPOSE OF DATA PROCESSING

The data collected during browsing of the website are used exclusively for the purposes indicated above and are stored for the time strictly necessary to carry out the activities specified.

Any data used for security purposes, such as blocking attempts to damage the site, are kept for the time strictly necessary to achieve this specific purpose.

PROCESSING METHODS

Like all others, this website makes use of “log files” for the storage of data automatically collected during user visits, which may include any or all of the following information:

• the user’s internet protocol (IP) address;

• the type of browser and parameters of the device used to connect to the site (device ID);

• the name of the internet service provider (ISP);

• the date and time of visit;

• the user’s referring and exit web pages;

• if applicable, the number of clicks.

These data are automatically processed and collected solely in aggregate form, in keeping with the legitimate interests of the data controller, for the proper functioning of the site and for security reasons.

For security purposes (filters, anti-spam, firewalls, virus detection, etc.), the automatically recorded data may include personal data such as the IP address, which, in accordance with the laws in force, could be used to block attempts to damage the site or to cause damage to other users, or to block other harmful or criminal activities. Such data are never used to identify or profile the user, but only for the purpose of protecting the site and its users and in keeping with the legitimate interests of the data controller.

Where the site allows the user to insert comments or make requests for specific services, some identification data of the user will be automatically detected and recorded, including the e-mail address. This data is understood to be voluntarily provided by the user at the time they manually insert the request for the provision of the service. In voluntarily providing the information, the user expressly accepts the Privacy Policy, and in particular agrees that the data inserted may be distributed to third parties, exclusively for the provision of the service requested and only for the time necessary for the provision of the service.

The information that users of the site decide to make public by means of the services and tools made available to them is provided by the user knowingly and voluntarily, exempting this site from any liability with regard to possible violations of the law.

The user shall be held responsible for verifying that they have the permissions to enter third-party data or content protected by national or international regulations.

LEGAL BASIS AND LAWFULNESS OF PROCESSING

The collection and processing of personal data for the purposes described above, except for the data that are voluntarily inserted, are necessary for purposes of accessing and using the Consorzio Vino Chianti website, and therefore such collection and processing do not require your consent. The personal data provided by users who voluntarily insert personal data, including in requests for receipt of informational material (newsletters, publications, etc.), are used only for the purposes of providing the specific services requested.

DATA RETENTION

The processing operations relating to the services of this website are carried out at the registered office of Consorzio Vino Chianti, solely by subjects specifically authorised for occasional maintenance operations.

No data deriving from the website is communicated or disclosed to third parties, except in the case of data voluntarily provided for specific purposes, as described above.

Personal data are retained solely for the time necessary to achieve the purposes as stated above, except for any further periods that may be imposed by law or for purposes of resolving possible disputes or legal obligations.

COMMUNICATION AND TRANSFER OF DATA

Personal data will be processed exclusively by subjects authorised to process them and in compliance with the GDPR, for the purposes set out in this Information Notice. The data may also be communicated to public bodies or judicial authorities, where required by law or to prevent or suppress the commission of a crime.

Solely in the case of your explicit and voluntary provision of personal data (such as name, family name, address, e-mail, telephone, province, sex, user name, IP and device ID), these data may be communicated to the following categories of third-party companies and other subjects:

• subjects who are legitimate recipients of communications required by law or regulations, such as Public Administrations and Authorities;

• subjects who are legitimate recipients of communications required to perform the obligations arising from the website services.

Personal data may also be communicated, for the purposes set out in this Information Notice, to:

• companies and/or employees who manage administrative services used by Consorzio Vino Chianti to fulfil legal or contractual obligations;

• other subjects (businesses, companies, individuals) who operate in the implementation of the website Service.

THE RIGHTS OF THE DATA SUBJECT

Pursuant to and for the purposes of the GDPR, the Data Subject may exercise the following rights with respect to the Data Controller:

1. the right to obtain confirmation as to whether or not personal data concerning the data subject are being processed, and if so, to obtain access to the data and to the information provided for in Article 15 of the GDPR, in particular those concerning the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be communicated, the storage period, etc.;

2. the right to obtain the rectification of the personal data concerning the data subject, where these are inaccurate, as well as to supplement them in the case that the Data Subject considers them incomplete, always limited to the purposes of the processing (Article 16);

3. right to erasure of the data (“right to be forgotten”), where one of the cases referred to in Article 17 applies;

4. right to restriction of processing, in the cases provided for by Article 18;

5. right to data portability, pursuant to Article 20;

6. right to object to the processing, pursuant to Article 21;

7. the right to withdraw consent to the data processing, at any time, solely in cases where the legal basis of the processing is consent, and without prejudice to the lawfulness of the processing based on consent given prior to the withdrawal (Article 7).

These rights may be exercised by means of a request sent to the DATA CONTROLLER:

• by registered letter with return receipt to Viale Belfiore, 9, 50144 Florence (FI), Italy;

• by e-mail to info@consorziovinochianti.it;

• by certified e-mail consorziovinochianti@legpec.it.

To send the request, please use the form available on the website of the Italian Data Protection Authority (www.garanteprivacy.it/home/modulistica).

Finally, we remind you that you have the right to lodge a complaint with the Italian Data Protection Authority or another supervisory Authority pursuant to Article 13, paragraph 2, letter D of the GDPR.