Policy is intended for the site www.gialdi.ch (hereinafter referred to as the “Site”) and applies in all cases where reference is made or there is a link to this information; it is an integral part of the Site and the services we offer and is provided to those who interact with the web services of the Site. The processing of your personal data will be based on the principles of correctness, lawfulness, transparency, limitation of purpose and storage, minimization and accuracy, integrity and confidentiality, as well as on the principle of accountability. Your personal data will therefore be processed in accordance with the legal provisions and confidentiality obligations in force. We inform you that the personal data being processed may consist – also depending on your decisions on how to use the services – of textual information, photographic images or any other information capable of making the person concerned identified or identifiable, depending on the type of services requested.
The data controller is Gialdi Vini SA, with registered office in Via Vignoo 3 / CH 6850 Mendrisio.
PERSONAL DATA SUBJECT TO PROCESSING
We inform you that the personal data being processed may consist – also depending on your decisions on how to use the services – of an identifier such as a name, a number, one or more characteristic elements of your identity capable of making you identified or identifiable, depending on the type of services requested (hereinafter only “personal data”).
The personal data processed through the Site are the following:
During their normal operation, the computer systems and software procedures used to operate the Site acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties and the Data Controller will not attempt in any way to relate the data contained in the protocols of its servers to the persons who have visited the Site. However, this data, through processing and merging with data held by third parties, could by its very nature make it possible to identify users. By way of example, this category of data includes IP addresses or domain names of the computers used by users who connect to the Site, URI (Uniform Resource Identifier) sequences of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the user’s operating system. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site, to check its correct functioning, identify anomalies and/or abuses, and to better structure the Site itself. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site or third parties.
Data voluntarily provided by you
Data of third parties provided voluntarily by you
In the use of particular services, the personal data of third parties communicated by you to the Data Controller may be processed. With respect to these cases, you act as autonomous data controller, assuming all the obligations and responsibilities of the law. In this respect, you hereby grant the widest possible indemnity against any dispute, claim or request for compensation for damage caused by processing, which may be received by the Data Controller from third parties whose personal data have been processed through your use of the Site services in violation of the applicable data protection regulations. In any case, if you provide or otherwise process personal data of third parties in the use of the Site, you warrant as of now – assuming all related liability – that this particular case of processing is based on the prior acquisition – by you – of the consent of the third party to the processing of information concerning him.
Information on the cookies served by the Site is available at the following link.
PURPOSE OF PROCESSING
Your personal data will be processed, where necessary with your consent, for the following purposes to fulfil any obligations provided for by applicable laws, regulations or Community legislation, as well as to meet requests from the authorities; to allow navigation of the Site and the provision of the Owner’s services, in addition to the purposes strictly connected and/or instrumental and/or necessary for the fulfilment of contracts entered into with the interested party; to respond to specific requests made to the Owner, in order to provide the information, services or products requested, as well as to respond to messages sent by you; to send the newsletter you have subscribed to, without prejudice to the possibility of unsubscribing from the list of recipients, by selecting the appropriate link in each message; for statistical purposes, without it being possible to trace your identity. The processing of your data may be carried out using manual, computerised and telematic tools, also by means of automated methods for storing, managing and transmitting them; it will be carried out by means of tools suitable (insofar as reasonably necessary and in accordance with the state of the art) to guarantee security and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorised access, unlawful use and dissemination.
The data are stored in computer and telematic archives, and – residually – on paper, with full assurance of the security measures provided for by the legislator.
Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access.
LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF THE PROCESSING
The purpose referred to in section 3.1 represents a legitimate processing of personal data since it is necessary to comply with a legal obligation to which the Controller is subject. Once the personal data have been provided, in fact, the processing is indeed necessary to comply with legal obligations to which the Controller is subject. The legal basis for the processing of personal data for the purposes referred to in sections 3.2, 3.3 and 3.4 is the need to perform a contract to which the data subject is party or pre-contractual measures taken at the request of the data subject, since the processing is necessary for the provision of services. The provision of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services requested. With particular reference to the processing of your data belonging to specific categories (such as, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or life, respectively sexual orientation), in the unlikely event that, despite our contrary opinion, you communicate them to us, it has its legal basis in your express consent. Finally, we point out that the processing referred to in section 3.5 is not performed on personal data; consequently, it can be freely carried out by the Controller.
RECIPIENTS OF PERSONAL DATA
PERSONAL DATA TRANSFERS
Your personal data are processed in the country where the Data Controller is based, as well as in Italy. For the sake of clarity, please be advised that Switzerland is a country where personal data may also be processed and transferred under the GDPR, as it provides adequate protection to the standard required by European rules, pursuant to Article 45 of Regulation (EU) 2016/679. In fact, the European Commission adopted the Decision of 26 July 2000, in which it determined that Swiss legislation offers a level of protection that is adequate to European standards. According to the Regulation, this Decision remains valid until it is amended, replaced or repealed by a Commission Decision. The Data Controller also ensures that the processing of your personal data by the Recipients is carried out in compliance with the Regulation.
RETENTION OF PERSONAL DATA
The personal data processed for the purposes of section 3.1 will be kept for the time required by the specific obligation or legal provision. Personal data processed for the purposes referred to in sections 3.2, 3.3 and 3.4 will be kept for the time strictly necessary to achieve the aforementioned purposes, in the performance of the services you requested. In any case, since the processing is carried out for the provision of services, the Data Controller will keep the personal data for the period of time foreseen and permitted for the fulfilment of contractual, administrative, fiscal or judicial requirements.
RIGHTS OF THE INTERESTED SUBJECT
You are granted: the right to access, i.e. to obtain confirmation from the Controller that personal data is or is not being processed, as well as to obtain information regarding the purposes and methods of processing, the recipients of the data, the criteria used to determine the period of data retention, the origin of the data (if not collected from the data subject), and the existence of an automated decision-making process. the right to obtain a copy of the personal data being processed; the right to have incomplete personal data corrected and supplemented, including by providing a supplementary declaration; the right to have the data erased (this right may be limited if the processing is necessary for the establishment, exercise or defence of a legal claim); the right to have the processing restricted by the Controller; the right to withdraw consent, in cases where consent has been given previously without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal; the right to object, on legitimate grounds, to the processing of one’s personal data, including in the case of processing for direct marketing purposes; the right to data portability; the right to object to automated decision-making relating to natural persons, including profiling; the right to lodge a complaint with the supervisory authority. These rights may be exercised by sending an e-mail to the address provided by the Data Controller.
Should your request be unfounded or excessive, the Controller reserves the right to charge a fee and the right to refuse to comply with your request.
EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS
There is no automated decision-making process for customer profiling.
REPRESENTATIVE OF THE CONTROLLER
In order to provide an interlocutor for all matters concerning the processing, the Data Controller has appointed a representative established in the EU pursuant to Article 27 of Regulation (EU) 2016/679, in force at the Legal Affairs Department which can be reached at the e-mail address firstname.lastname@example.org.
To exercise the above rights or for any other request, please send an e-mail to email@example.com.