Preamble
Abrigo Giovanni’s Farm of Abrigo Giorgio places its utmost attention to the confidentiality, protection and security of personal data to the people with whom it comes into contact.
The user of this site is therefore invited to first visit all the sections of this document, which describes how to manage the site in relation to the processing of personal data of the people who consult it.
This document also has an information function, pursuant to artt. 12 and 13 of EU Regulation n. 679/2016 and of the applicable national legislation on the processing of personal data, for all those who interact with the Abrigo Farm web services, accessible electronically to the address www.abrigo.it;
This information is provided and is valid only on this site and not even for other websites that may be consulted by the user by links on the sites. Abrigo Farm has no control over these sites or the procedures they apply to respect the confidentiality of data and, therefore, we suggest to consult the privacy regulations of all the subjects with whom you come into contact before communicating personal information.
***
A) CONTROLLER AND CONTACTS
Data Controller is Farm Abrigo Giovanni Di Abrigo Giorgio, which is based in Via Santa Croce, 9, Diano D’Alba – 12055 (CN) Italy.P.Iva 02574980047, Tel. +39.0173.69345 – Mail: info@abrigo.it
Farm Abrigo informs you that your personal data will be processed:
– in accordance with artt. 12 and 13 of the EU Regulation n. 679/2016 (General Data Protection Regulation, below also “GDPR”) and of the applicable national legislation on the processing of personal data, by specifically authorised individuals, limited to the purposes and the modalities that will be specified below with reference to the functionality of the web portal www.abrigo.it.
B) CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The activity carried out of the purposes referred to in this informative note of the Abrigo farm is not part of assumptions provided by art. 37 of the EU Regulation n. 679/2016.
C) OBJECT AND PURPOSES OF THE PROCESSING
Abrigo farm, as Controller, informs you that it will process your personal data, and specifically, the registry data municipalities, as name and surname, email address, phone numbers and identifiers and IP addresses or domain names.
Your data, as described above, will be processed in the manner and form prescribed by the GDPR, to carry out the functions of the Website, with particular- but not exhaustive – reference to the procedures described therein for data collection through the contact form, where present on the site, direct contact by telephone, fax or email.
In particular, the personal data you provide to the Data Controller will be processed for the following purposes:
– to respond to the specific requests you make to the Owner through the Website and its communication tools (contact area and similar);
– for communications of an informative nature relating to the services of the same Owner, following your request for information by e-mail, filling out the form “visite in cantina” and other communication tools such as by telephone or fax;
– for sending newsletters (with filling out the form),of commercial proposals, reporting of advertising events, sending of promotional communications for a similar service, management of direct reports and company /client user contacts, by e-mail, telephone or fax and so for direct marketing activities with the specific consent you provided by selecting the relevant box.
– for other ancillary or related purposes to those indicated above and however within the scope of the activities of the Website;
The processing of the data provided in a generic way will be carried out, also following automatic collection during navigation, for the sole purpose of ascertaining and controlling access to the Website. This also applies to any technical cookies, to be understood as session, feature or analytics cookies that meet the requirements specified by the Guarantor. More specifically, with regard to the latter, it is clarified that they can be assimilated to technical cookies where these are created and used directly from the Website. Anyway, for these analytics cookies, the Website, also in compliance with the Guarantor’s clarifications, has provided for the anonymisation of IP addresses and the data processing amendment; the collection and use of the aforementioned navigation data (without prejudice to the anonymisation of IP addresses) allow monitoring of the progress of the Website and allow the service offered to be improved, offering the User a better browsing experience. Please refer to the appropriate Cookie Information for further information.
This information is effective only with reference to the aforementioned web portal www.abrigo.it, but not instead with reference to the services provided by Facebook /other social networks or websites that may be consulted through the links therein, of which the Abrigo Farm is in no way the holder and, by effect, we invite you to view the privacy policies of the respective platforms.
LAWFULNESS OF PROCESSING
Except as specified for navigation data, the communication by you to the Data Controller of the personal data above better specified, it has as preconditions for the lawfulness of the treatment, the following legal bases:
has the following legal bases as a basis for the lawfulness of the processing:
– Art. 6, par. 1, lett. a) of GDPR, concerning your freely given, specific, informed and unambiguous consent, to ensure that we inform you that the aforementioned consent can be issued only if you have reached the age of 14 (fourteen), otherwise you will not be able to proceed but only the holder of parental responsibility.
– Art. 6, par. 1, lett. b) of GDPR, concerning the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject to entering into contract.
Both legal bases as above described are, therefore, purely optional and not compulsory, having no further consequences if not impossibility for the Controller to carry out properly the aforementioned services direct communication. Furthermore, the consent from you possibly given may be from yourself revoked at any time with immediate effect tripping callbacks activities and business services.
D)THE TREATMENT IS NOT BASED ON ART. 6 PAR. 1 LETT. F)
E) RECIPIENTS AND CATEGORIES OF RECIPIENTS OF COLLECTED DATA AND F) DATA TRANSFER
In particular, in relation to the aforementioned purposes, the data could be communicated to the following subjects and/or to the categories of subjects indicated below, or they may be communicated to companies and/or people, who provide services, also external, on behalf of the Controller. Among these, they are indicated for greater clarity, by way of example but not exhaustive: subjects – internal or external to the company- that provide IT and telematic services for the management of the information system used by the Owner and telecommunications networks (including e-mail and web portal management and internet hosting sites), subjects that in the eventual the Holder reserves the right to appoint data controllers; financial administration and other companies or public agencies fulfilling legal requirements; competent authorities and/or supervisory bodies for the performance of legal obligations; company and consulting firms; companies and law firms to protect the contractual rights; subjects who carry out operations of control, revision and certification of the activities carried out by the Data Controller, who act as external data processing managers pursuant to art. 28 of GDPR, or in total autonomy as distinct Data Controllers.
This site may share some of the data collected with services located both with in the EU and outside the EU (in the latter case, they will exclusively be subjects of the Privacy Shield protocol). The transfer is authorized based on specific decisions of the European Union and the Guarantor for the protection of personal data, in particular decision 1250/2016 (Privacy Shield – here the information page of the Italian Guarantor), for which no further consent is required. In particular the following are indicated:
Google Analytics with anonymized IP (Google Inc.) Google analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Information collected in order to trace and examine the use of this website, compiling reports and share them with other services developed by Google.
Place of processing: USA – Privacy Policy – Opt Out
A) DATA RETENTION PERIOD
We inform you that, in compliance with the principles of lawfulness, limitation of purpose and storage and minimization of data, in accordance with art. 5 of GDPR 2016/679, the retention period of your personal data is established for a time frame not exceeding the attainment of the purposes for which they are collected and processed, or for the entire duration of the fulfillment of the aforementioned purposes.
B) RIGHTS OF THE DATA SUBJECT
– RIGHT OF ACCESS AND RECTIFICATION
Pursuant to art. 15 of GDPR, as data subject, you have the right to obtain from the controller confirmation of the existence or otherwise of processing of personal data concerning you, to obtain access to them and to all the information referred to in the same art. 15, par. 1, lett. a) to h), by issuing a copy of the data processed in a structured format, in common use, readable by an automatic and interoperable device.
Pursuant to art. 16 of GDPR, as data subject, you also have the right to obtain from the data controller the rectification and/or the integration of the data object of processing, if they are not updated and/or inaccurate and/or incomplete.
– RIGHT TO ERASURE AND RIGHT TO RESTRICTION
Pursuant to art. 17 of GDPR, as data subject, you have the right to obtain, without undue delay by controller exclusively in the cases referred to in art. 17, par.1, lett. a) to f) of GDPR, the erasure of the data concerning you- with the exception of specific cases provided for by art. 17, par. 3.
Pursuant to art. 18 of GDPR, as data subject, you have the right to request and obtain from the controller the restriction of processing your personal data, i.e. that such data are not subjected to additional processing and can no longer be modified. The Controller ensure that the restriction of processing to be carried out by technical devices adapted to ensure their inaccessibility and immutability.
– RIGHT TO DATA PORTABILITY
Pursuant to art. 20 of GDPR, as data subject, you have the right to receive by the controller, the personal data concerning you, whose processing is performed by automated means, in structured, commonly used and machine-readable format, and you also have the right to transmit such data to another controller, i.e. to obtain from the controller, where technically feasible, the direct transmission of such data to another controller specifically identified.
– RIGHT TO OBJECT
Pursuant to art. 21 of GDPR, as data subject, you have the right to object in any moment to the processing of personal data concerning you, for reasons related to your particular situation, in cases where the processing of your personal data is necessary (1) for the execution of a task in the public interest and/or connected to the exercise of public power which is invested the controller; (2) for the pursuit of a legitimate interest of the controller or a third party; (3) for profiling activities performed by the controller on the basis of the preceding points. You have the right to object the processing of your personal data for reasons related to your particular situation where the same data are processed for the purposes of scientific research or historical or for statistical purposes in accordance with art. 89, par. 1 of GDPR, except in the case where the processing is necessary for the execution of a public interest task.
You have the right to object to the processing even if your personal data is processed by the Data Controller for the purposes of direct Marketing and/or profiling linked to direct Marketing.In such cases the Abrigo farm, the Data Controller, having received your communication in the manner indicated below, will refrain from further processing your personal data.
DETAILED OPERATING MODE FOR THE EXERCISE OF THE RIGHTS
You may exercise rights listed above by request to be sent to the email address info@abrigo.it for the attention of the controller Abrigo farm; or by registered letter with return receipt to the address Farm Abrigo, sitting in Via Santa Croce, 9, Diano D’Alba – 12055 (CN).
The controller will confirm receipt of your request and will give you the information relating to the action taken with reference to the exercise of your rights provided for in art. 15 to 22 of GDPR, within one (1) month after receipt of the request. If necessary, and taking into account the complexity and the number of requests, the controller may extend this period of two (2) months after communication motivated by transmitting within one (1) month after receipt of the request.
The controller will communicate any rectification, cancellation, limitation, opposition to all recipients, as identified by the art.4, par.1, n.9 of GDPR, to which such data have been transmitted, unless this proves impossible and/or involves a disproportionate effort.
Following the sending of your request for correction, cancellation, opposition, limitation, if the controller has reasonable doubts about your identity will ask you more information to confirm it. These notifications will be sent by email from address info@abrigo.it, and they will be processed by the person authorized for the specific purpose.
In the case where the controller does not comply with the request within a period of one (1) month after receipt of the request, it will inform you of the reasons for the non-compliance and of your faculty to lodge a complaint with a Supervisory Authority (i.e. the italian “Autorità Garante per la protezione dei dati personali”), as specified pursuant to art. 13, par. 2, lett. d) and governed by art. 77 ff. of GDPR.
C) REVOCATION RIGHTS
Pursuant to art. 6, par.1, lett. a) of GDPR, if you have given consent to the processing of your data, for the purposes specified above, your express consent is purely optional and not mandatory, having no other consequence if not the impossibility for the controller to properly perform the aforementioned direct communication services. And, in any case, the consent you may have provided may be revoked by you pursuant to art. 7 of GDPR at any time, with immediate effect on the aforementioned business activities and services. It should be noted that this revocation will not affect the lawfulness of the processing based on the consent given prior to the revocation.
D) RIGHT OF COMPLAINT
Pursuant to art. 77 of Gdpr, as well as of the art. 140 bis of D.Lgs. 196/2003 updated to D.lgs. 101/2018, in your capacity as interested party you have the right to lodge a complaint with the Guarantor for the protection of personal data, www.garanteprivacy.it, according to the methods indicated in the aforementioned articles, or to appeal to the judicial authority.
E) CONSEQUENCES FOR FAILURE TO DISCLOSE YOUR DATA
The communication of your data is not a legal obligation. But as previously specified, it is based on the lawfulness of the processing, or your express consent, free, specific, informed and unequivocal or, perhaps, the execution of a contract of which you are part or the execution of pre-contractual measures by you.
Both legal bases, as above described, have a purely optional and not compulsory nature, as they have no other consequence other than the impossibility for Controller to properly perform the aforementioned direct communication or contractual/pre-contractual execution services. And, in any case, the consent you may have given, as mentioned, may be revoked by you at any time, with immediate interruption of the aforementioned company activities and services.
F) THE DECISION-MAKING PROCESSES AND AUTOMATED PROFILING
The controller informs you that, for the purposes of the personal data processing, does not avail itself of the decision-making automated processes, i.e. those directed to take decisions based only on technological means on the basis of predetermined criteria (i.e. without the human involvement), nor does it perform automated profiling activities, namely that directed to use your personal data to analyze or predict aspects concerning the professional performance, the economic situation, health, personal preferences, interests, reliability, conduct, the location or the movements etc.
METHOD OF PROCESSING
The processing of the personal data communicated by yourself is realized by means of the operation indicated in Art. 4 n. 2) of GDPR, and precisely: “collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data”.
The personal data communicated by you are subjected to automated processing for the time strictly necessary to achieve the purposes for which they were collected, using technical and organizational methods, adopted to prevent the loss of data, illicit or incorrect use and unauthorized access, and such, therefore, to guarantee and adequate level of security to the risk pursuant to art. 32 of GDPR, by specially authorized parties, in compliance with the provisions of art. 29 of GDPR, or employees and /or collaborators of the Data Controller in their capacity as authorized parties and/or system administrators, who can carry out operations of consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of the law necessary to guarantee, among other things, the confidentiality and security of data as well as accuracy, updating and relevance of the data with respect to the declared purposes and methods.
It should be noted, in particular, that the personal data communicated by you will be processed only at the headquarters of the data Controller, except as specified below, they will not be disclosed, and, pursuant to art. 13, paragraph 1, lett. (e), they may only be processed by authorized parties and/or external processors (in the person of individual professionals and/or complex professional associations), among which there is, explicitly, the hosting company and/or technical personnel in charge of the management and/or maintenance of the website, but only and exclusively for the purposes expressly and specifically indicated above.