The Processing of Personal Data
The Consorzio di Tutela della Denominazione di Origine Controllata Prosecco (hereinafter “CONSORZIO PDO PROSECCO”) as the Data Controller, informs you that access to the website and/or registration to the various sections of it and/or any requests for information or services require the provision of personal data that will be processed in full compliance with European Regulation 2016/679 (hereinafter “GDPR”). Through this information, users will be able to know, in advance, the processing methods necessary for the use of certain areas of the website and/or subscription to the newsletter. In accordance with the aforementioned Law, such processing will be based on principles of correctness, lawfulness and transparency, protecting your privacy and your rights. The information is effective exclusively for this website and does not extend to other websites that may be consulted by the user through external links.
Changes to this Policy
The Data Controller and Data Processors
The owner of the treatment is Consorzio di Tutela della Denominazione di Origine Controllata Prosecco with headquarters in Piazza Filodrammatici, 3 – Treviso. The complete list of those responsible for the processing of personal data is available upon written request to the Data Controller by writing to the head office or by sending an email to firstname.lastname@example.org.
The purposes of the processing and the legal basis
According to the needs expressed from time to time by the user accessing the various sections of the Site (and except for special rules and information for individual operations involving the provision of specific personal data, published from time to time on the Site), below are the purposes of the processing of personal data, i.e. those provided directly by users by filling out online forms or direct access, via links, to the email address relating to the service requested, or those acquired automatically through navigation (see the following section “Categories of Personal Data subject to processing”) (hereinafter, “Personal Data”):
- Reply to requests received by direct request (“contact us” web area). Legal basis for the processing: execution of pre-contractual measures (Article 6(1)(b));
- In order to fulfill the requests regarding the supply of services provided by CONSORZIO PDO PROSECCO as well as register in the reserved area on our website. Legal basis of the treatment: execution of pre-contractual and/or contractual measures (art. 6 (1)(b));
- Subject to the user’s consent and until revocation of the same, to carry out marketing activities such as, by way of example but not limited to: market research, sending information and promotional material, sending free product samples, marketing and advertising activities regarding the products and services of the CONSORZIO PDO PROSECCO using the e-mail address provided. Legal basis for the processing: consent (art. 6 (1) (a))
Data processing means any operation or set of operations, carried out with or without the aid of electronic or automated means, concerning the collection, recording, organization, storage, processing, modification, extraction, comparison, use, communication, dissemination, interconnection, blocking, deletion, destruction and selection of data.
Personal Data will be processed mainly in automated form but also on paper, with logic strictly related to the above purposes, through the Data Base, the Electronic Platforms managed by the Data Controller or by third parties appointed as Data Processors (for the updated list the user can contact the Data Controller at the address indicated) and/or integrated computer systems and/or websites owned or used by CONSORZIO PDO PROSECCO. The Owner has adopted appropriate technical and organizational security measures to protect users against the risk of loss, abuse or alteration of Data. In particular, it uses the protected data transmission protocols known as HTTPS. In addition, it stores users’ data on Servers located in the European territory. The Servers are subject to an advanced, daily backup and disaster recovery system.
The duration of treatment
The data communicated are stored for a period of time not exceeding that necessary to achieve the purposes for which the personal data are processed, or for a longer period, for purposes permitted by law, and in any case deleted without undue delay.
For the purposes of information request: in relation to the type of request for the time necessary to comply with the regulatory obligation to retain and/or for any legal requirements. For general requests: maximum 12 months.
The place of treatment
Personal Data are processed mainly at the headquarters of the Data Controller and/or in the places where the Managers are located. For further information, users can contact the Data Controller by writing an email to email@example.com or by telephone at +39 0422 1572383.
The nature and methods of providing Personal Data of users
The provision of personal data is optional, however, failure to provide it will not allow the request to be processed. Personal Data can be provided by filling in the appropriate fields in the various sections of the Site or by sending requests via e-mail where required.
The categories of Personal Data subject to processing
In addition to the Personal Data provided directly by users (such as name, surname, postal address, e-mail address, etc.), when connecting to the Site, the computer systems and software procedures used to operate the Site itself automatically and/or indirectly acquire certain information that could constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (such as, for example, but not limited to, the c.d. “cookies” (as better specified below), “IP” addresses, domain names of the computers used by users who connect to the Site, the addresses in “Url” notation of the resources requested, the time of the request to the server, navigation on the Site.
Categories of persons who may become aware of your Personal Data
Personal Data may be brought to the attention of employees or collaborators of the Data Controller who, operating under the direct authority of the latter, process data and are appointed as data processors or authorized to do so pursuant to Articles 24-29 of European Reg. 2016/679 or system administrators and who will receive appropriate operating instructions from the Data Controller; the same will be done – by the Managers appointed by the Data Controller – with regard to employees or collaborators of the Managers themselves. The Managers, appointed by the Owner, may be third party companies or other subjects (by way of example, but not limited to subjects entrusted with assistance, communication, promotion and sale of products and/or services, IT service providers, managers and/or developers of websites or applications contained therein, managers of electronic platforms, partners) who carry out outsourcing activities on behalf of CONSORZIO PDO PROSECCO.
Scope of communication or dissemination of Users’ Personal Data
Personal Data will not be communicated to third parties or disseminated.
Transfer of Personal Data of users outside the EU
Personal Data will not be transferred to countries outside the EU.
The site does not process data of minors.
Contributing to the processing of statistical data with Facebook
For the official Prosecco DOC Consortium Pages, Facebook offers Insights of the Page, a function that offers aggregated data to help understand how people interact with the Facebook Pages.
For the Facebook Page https://www.facebook.com/proseccodoc/, Consorzio PDO Prosecco, is Co-Titular of the statistical data processing jointly with Facebook Ireland Limited (“Facebook Ireland”).
At this link you can consult the appendix on the Data Controller for Insights of the Facebook Page, which indicates the division of responsibilities between Facebook Ireland and Consorzio PDO Prosecco, as administrator of the https://www.facebook.com/proseccodoc/ page.
On this page you can consult the information on the processing of personal data of Facebook and find, among others, the following information: What types of information Facebook collects
How Facebook uses this information
How this information is shared
The legal basis for data processing
How to exercise your rights under the GDPR
Facebook Ireland’s contact details for data protection issues
The contact details of the Data Protection Officer for Facebook Ireland
Facebook visitor rights under GDPR The data retention period
Users may exercise their rights under Articles 16-21 of European Reg. 2016/679 (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object). Finally, users can lodge a complaint with the Guarantor Authority if necessary, or contact it to request information about the exercise of their rights under European Regulation 2016/679. Specifically:
- The right of access: to obtain confirmation as to whether or not personal data concerning him/her are being processed and to obtain access to such data and specific information (e.g. the purposes of the processing, the categories of data concerned, the recipients to whom the data will be disclosed);
- The right of rectification: to have inaccurate data concerning him corrected without undue delay. In this case, the data controller is obliged to communicate the rectification to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;
- The right to deletion: data concerning him/her must be deleted without undue delay and the data controller is obliged to delete them without undue delay if there are certain reasons (e.g. personal data are no longer necessary for the purposes for which they were collected; if the data subject withdraws consent; if they must be deleted for a legal obligation). In this case, the data controller is obliged to communicate the deletion to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;
- The right of limitation of data processing: the data controller may be restricted to the processing of data, for example to the sole storage with the exclusion of any other use, in certain cases (e.g. if the processing is unlawful and the data subject opposes the deletion of the data; if the data subject contests the accuracy, within the limits of the period of verification of accuracy …). In this case, the data controller is obliged to communicate the limitation of the processing to all recipients to whom the data have been transmitted, unless this involves a disproportionate effort;
- The right to data portability: to obtain the return of the personal data provided and to transmit them to others or to request transmission from one holder to another, if technically feasible;
- The right to object: to object at any time to the processing for purposes of public interest or legitimate interest; for marketing purposes; for scientific, historical or statistical research.
Interested parties may complain to the Guarantor Authority (www.garanteprivacy.it) if necessary, or simply contact it for information regarding the exercise of their rights under EU Reg. 2016/679.