Privacy policy for Users

BRUNELLI S.R.L. with registered office in via A. Righi, 18 – 47122 Forlì FC – Italy, VAT no. 04570620403 (hereinafter „Data Controller“), provides below the privacy policy for the website www.brunellidino.com (hereinafter the „Website“), as data controller of the personal data of users who visit and are registered on the Website (hereinafter the “Users”) pursuant to art. 13 of Italian Legislative Decree 196/2003 (hereinafter the „Privacy Code“) and pursuant to art. 13 of EU Regulation 2016/679 of April 27, 2016 (hereinafter „Regulation“, the Regulation and the Privacy Code together being defined as „Applicable Regulations“).

The right to privacy and protection of personal data of Users is of utmost importance for the Data Controller.

For further information related to this privacy policy, Users may contact the Data Controller at any time, using the following methods:

  • By sending a registered letter with return receipt to the registered office of the Data Controller
  • By sending an email to the address info@brunellidino.com.

 

 

1. Purposes of the processing

Users‘ personal data will be processed lawfully by the Data Controller pursuant to art. 6 of the Regulations for the following purposes:

  1. Browsing of the website, with respect to the possibility of detecting User data that are necessary on a technical level, such as the IP address, while browsing the website.
  2. Responding to your requests for information, sent to us through the contact form provided.
  3. Legal obligations, i.e. to fulfil obligations envisaged by the law, an authority, a regulation or European legislation.

The provision of personal data for the processing purposes specified above is optional but necessary, as failure to provide the data will make it impossible for the user to browse the Website, register with the Website, and take advantage of the services offered by the Data Controller on the Website.

With regard to the purposes set out in points 1/a, 1/b, 1/c, the legal basis for the processing is in fact the execution of the services provided through the Website and requested by you (pursuant to article 6, paragraph 1 , letter b of Privacy Regulation 2016/679).

 

 

2. Processing methods and data retention times

The Data Controller will process the Users‘ personal data using manual and IT tools, with logic strictly related to the purposes themselves, and, in any case, in order to guarantee the security and confidentiality of the data.
The personal data of the Website’s Users will be kept for the time strictly necessary to carry out the purposes described in paragraph 1 above, or in any case as necessary for the legal defence of the interests of both the Users and the Data Controller.

 

 

3. Scope of disclosure and dissemination of the data

The Users‘ personal data may be disclosed to the employees and/or contractors of the Data Controller who have been appointed to manage the Website. These parties, who are formally appointed by the Data Controller as „appointed processors,“ will process the User’s data exclusively for the purposes specified in this policy and in compliance with the provisions of the Applicable Regulations.
The Users‘ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller as „External Data Processors,“ like, by way of example, suppliers of IT and logistics services involved in the operation of the Website, outsourced or cloud computing service providers, professionals, and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller by submitting a request to the Data Controller in the manner outlined in paragraph 4 below.

 

 

4. Rights of Data Subjects

Users may exercise the rights granted to them by the Applicable Regulations by contacting the Data Controller in the following ways:

  • By sending a registered letter with return receipt to the registered office of the Data Controller
  • By sending an email to the address info@brunellidino.com

Pursuant to the Applicable Regulations, the Data Controller informs Users that they have the right to know

  1. the origin of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied in the event of processing carried out with the aid of electronic instruments;
  4. the identity of the data controller and data processors;
  5. the parties or categories of parties to which the personal data may be disclosed or that may come to know them as processors or appointees.

Furthermore, Users have the right to:

  1. Access, update, correct, or, if interested, complete the data.
  2. Erase, transform into anonymous form or block data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed.
  3. Confirmation that the operations referred to in letters a) and b) have been brought to the attention of those to whom the data have been disclosed or disseminated, except in the case in which this obligation proves impossible or involves a use of means manifestly disproportionate to the right protected.

Furthermore, Users have:

  1. The right to withdraw consent at any time if the processing is based on their consent.
  2. The right to the portability of the data (the right to receive all their personal data in a structured format, commonly used and readable by automatic devices), the right to restrict the processing of personal data, and the right to their erasure („right to be forgotten“).
  3. The right to object:
    1. In whole or in part, to the processing of their personal data for legitimate reasons even if pertinent to the purpose of their collection.
    2. In whole or in part, to the processing of their personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications.
    3. If personal data are processed for direct marketing purposes, at any time, to the processing of their data for such purposes, including profiling in so far as it is related to such direct marketing.
  4. If they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a supervisory authority (in the member state where they usually reside, work or where the alleged violation occurred). The Italian Supervisory Authority is the Personal Data Protection Authority – www.garanteprivacy.itwww.gpdp.itE-mail: garante@gpdp.it