The protection of our users’ personal data is a fundamental aspect for us. In this privacy statement you can find all the information required for the user to understand what data we collect, why we collect them and how we use them, in compliance with current legislation (Legislative Decree 196/03, as amended by Legislative Decree 101/18 and EU Regulation 2016/679, also known as GDPR).
For any questions, please contact the Data Controller at the contact numbers shown in Table 1. We will answer as soon as possible.
1. Data Controller
Table 1 shows is in reference to the Data Controller and how to contact them:
|Data Controller:||Cantine Bava A.V.I. S.p.A.|
|Address||Str. Monferrato, 2 – 14023 Cocconato (AT)|
In the following statement, Cantine Bava A.V.I. S.p.A. may also be referred to as “Data Controller” or “Cantine Bava”.
2. Legal basis of the data processing
Il trattamento dei dati verrà effettuato per le seguenti finalità:
The personal data indicated on this page are processed by the Data Controller for the functioning of the website, based on the legitimate interest of the Data Controller.
The direct marketing activity carried out with the data released voluntarily will occur only following explicit and informed consent issued by the interested party.
3. Data collected and processed through the website
Access to and navigation of the website does not require any provision of personal data by the user.
Following the mere navigation in the publicly accessible pages of the Site, some navigation data
may in any case be collected automatically, including:
- IP addresses;
- URI addresses – Uniform Resource Identifier – of the requested resources;
- Time and method used to formulate requests to the server;
- Numerical code indicating the status of the response given by the server (successful, error, etc.);
The navigation data are related to the operating system and the user’s computer environment, and their transmission is implicit in the use of Internet communication protocols.
The Data Controller uses a third-party tool (Google Analytics 4), exclusively for statistical and traffic analysis purposes, in order to make the website more amenable to regular users.
Upon first connecting with the website a banner appears, containing some information about the presence of cookies, giving users the opportunity to accept the policy and express their consent.
The interested party can contact the website’s Data Controller through the communication channels provided and reported in Table 1 of this notification.
On that occasion, he or she may provide data, spontaneously or through the use of various communication channels, such as:
- Email address (intrinsically to the sending of the request);
- Telephone number (in case of contact through that channel);
- First name;
- Last name.
4. Purpose of the data processing
Cantine Bava processes the personal data that the user has provided through the website exclusively for the purposes indicated below:
- Answer to questions asked through the communication channels made available by the Data Controller;
- If the interested party has expressed his/her explicit consent, for promotional activities;
The data acquired will not be used for purposes other than those indicated above, nor transferred or sold to third parties. In the case of a change in the purposes, this statement will be updated to inform all interested parties. Therefore the user is invited to visit this page from time to time, to stay updated on the activities carried out by the website www.bava.com.
5. Retention of personal data
The Data Controller will retain the user’s information for the period required by current legislation and, in any case, for as long as necessary to provide the services requested.
After this period of time has elapsed, the user’s data will be permanently deleted (subject to legal obligations).
6. Security and transfer of personal data
The transfer, storage and processing of user data collected through the Service and the website are ensured through appropriate technical measures. User data is collected, filed and stored on a secure server hosted in European territory (Netherlands). The communication occurs using an HTTPS protocol in order to increase the level of intrinsic security of the website itself and protect communications to and from users.
7.Transfer of data to third parties
The Data Controller will not automatically transfer the user’s personal data to third parties.
However, it may communicate some information to data processors such as IT consultants, developers and marketing consultants.
Personal data will be provided to the competent authorities only in the case that the Data Controller is obligated to do so by law.
8.Data transfer abroad
The processed data will not be transferred to countries outside the European Union. If some software or procedures should require it in the future, the Data Controller will make sure that the transfer takes place only to countries that guarantee an adequate level of security, also demonstrated through adequacy decisions, standard contractual clauses or BCR (Binding Corporate Rules).
9.Rights of the user (interested party)
The user has the full right to exercise the rights provided for by current legislation, including the following rights, at any time:
- Right to access and obtain a copy of personal data: the interested party has the right to know if the Data Controller possesses data concerning him or her, the origin, purposes and categories of data collected, the recipients to whom these data are sent (both within and outside the EU), the existence or nonexistence of automated decision-making processes or profiling and the period of data retention.
- Right to rectification and cancellation of your personal data: the interested party may request the Data Controller to modify, update, integrate or delete the data in their possession.
- Right to restriction of processing: the interested party may ask the Data Controller that access to the data in their possession be limited, or no longer used for treatment.
- Right to withdraw consent: the interested party may revoke the consent to the processing at any time, regardless of the lawfulness of the processing itself.
- Right to data portability: the interested party may exercise this right in the event that the processing is necessary for the execution of a contract and has given consent to the processing of data. The interested party may request that the data be sent to him or her in a clear format, legible by devices not equipped with proprietary software, or, if technically feasible, that they be automatically transmitted to the new Data Controller.
- Right of objection: the interested party can lodge claims and make complaints by contacting the Data Controller or the Oversight authority.
- Right to object: the interested party may oppose the processing in the event that their interests prevail over the legitimate interest of the owner. To exercise one or more of the rights listed above, you can contact the Data Controller at the contacts listed in Table 1.