Information on the processing of personal data for the use of e-commerce
Personal data processing notice for e-commerce
Tenuta San Giorgio s.r.l. Società Agricola of Via Piave 11, 31052 Maserada sul Piave (TV), tax code/VAT number: IT 00296500267 (hereinafter the “Company”), as personal data controller (hereinafter the “Controller”), provides this notice to the Data Subject in compliance with European and Italian personal data protection legislation.
Purposes and legal basis of data processing
The Controller will process your personal data for the following purposes:
- allowing the User to perform all purchasing procedures, and allowing the Controller to perform all administrative, commercial, accounting and fiscal operations involved in online sales and fulfil all its legal obligations of all kinds;
- using the Data Subject’s contact information (e-mail address) to conduct surveys of customers’ opinions and satisfaction, sending commercial correspondence containing information on products or services, information on products in the shopping cart which have not been ordered, promotions, or invitations to events in which the Controller participates: express consent is required for these purposes.
Data storage time
The Controller will process the data on the basis of the following time criteria:
- for the purposes identified in point 1), once the purchase has been completed, for the amount of time required by law to complete all connected or related obligations, and on the basis of the limitation period for rights arising as a result of the commercial relationship; data may be kept longer if required for settlement (in any way) of any disputes that may arise;
- for the purposes identified in point 2), the data will be stored and processed for twenty-four months following the most recent correspondence, via any channel; the Data Subject may revoke his or her consent or object to processing of the data at any time by writing to the email address: email@example.com
Nature of data conferral and consequences of refusal to provide the data
Conferral of data for the purposes identified in point 1) is necessary, and refusal to provide any or all of the data may make it impossible for the Controller to pursue the purposes identified above. Conferral for additional purposes is optional; in its absence, the Controller will not be able to perform the corresponding activities, but will be authorised to use data for the purposes identified in point 1).
Categories of recipients
The Controller will not disclose the data, but may provide it to its own employees authorised to process the data in the course of their tasks, and to banks, carriers/shipping agents, insurers, credit collection companies, advertisers, factoring companies, consultants, business associations and/or organisations, professionals or companies supplying services, and to public and private organisations, also as a result of inspections and controls.
These recipients, if processing data on the Controller’s behalf, will be appointed data processors under a contract or other legal document.
Transfer of data to a non-EU country and/or international organisation
If necessary for the purposes outlined above, your personal data may be transferred to parties in non-EU nations and/or to international organisations, in compliance with the specific conditions and adequate guarantees required under the GDPR.
Data subjects’ rights
The data subject is entitled to ask the Controller for access to his or her own personal data and to correct the data if it is incorrect, to erase it or limit its processing with good reason, to object to its processing for the legitimate interests pursued by the Controller, and to obtain data portability of the data personally supplied only if subjected to automated treatment on the basis of consent or a contract. The data subject is entitled to revoke the consent given for processing that requires consent, sending notification of revocation to the email address firstname.lastname@example.org; data may be lawfully processed until notification of revocation is received.
Data subjects may use the form available here to exercise their rights, sending it to the Controller at the following email address: email@example.com. The data subject is also entitled to file a complaint with the competent controlling authority, which is Italy’s personal data protection authority, the Garante per la protezione dei dati personali ( www.garanteprivacy.it).