Privacy Policy on www.enotecapirovano.com

This Privacy Policy includes terms that are mentioned frequently. They will be indicated as follows:

  • The above-mentioned website, www.enotecapirovano.com, will be referred to as “the Website” or “from the Website” or “the Website's”.
  • Our company e-mail address is "vendite@enotecapirovano.com", will be referred to as “company e-mail address”.
  • The data controller is Pirovano Flavio & C s.n.c., VAT number 01382160131, will be referred to as “the Data Controller”.

Pirovano Flavio & C s.n.c., as the Data Controller under the Italian Legislative Decree of June 30, 2003 no. 196 (Code concerning the Protection of Personal Data), and the new EU Policy 2016/679 informs you that this policy protects users and other entities in terms of personal data processing. Data processing is based on the principles of necessity, correctness, lawfulness and transparency and protection of your confidentiality and your rights. Your personal data will be processed in compliance with the rules of the above-mentioned regulation. Data processing will be confidential.
Personal data processing applies to all those interacting with web services provided by Pirovano Flavio & C s.n.c., which can be accessed electronically from the Website.
This only applies to Pirovano Flavio & C s.n.c.'s Website and not for third parties' websites that the user might be able to visit by clicking on links on our Website.
This information note is also inspired by Recommendation no. 2/2001, adopted by European authorities for the protection of personal data, gathered in art. 29 of directive no. 95/46/EC, on May 17, 2001 to specify some minimum requirements for the online collection of personal data. In particular, it identifies methods, times and nature of the information that data controllers must provide to users when connecting to web pages, independently of the purposes of such connection.

1. Types of personal data processed by this Website

Pirovano Flavio & C s.n.c. processes the following types of personal data (from now called “data”) provided the Users who visit the Website:

1.1 Data collected while browsing the Website

IT systems, cookies and software used in this Website normally collect data, which happens when using an Internet connection. These data are not collected to associate them with users, however they may identify Users if associated with data from third parties.
These data include, for example, IP addresses or domain names of computers Users are using when connecting to this Website, web pages the Users are visiting within this Website, domain names and URLs from which Users accessed this Website (through referrals), URI addresses of the requested resources, time of request, method used to make the request to the server, size of the file obtained as reply, number indicating the server's reply status and other parameters depending on the type of browser (i.e. Internet Explorer, Chrome, Firefox...), operating system (i.e. Macintosh, Windows) and IT environment used by the User.
These data are collected with first-party technical cookies and third-party analytical cookies. Collecting these data allows Users to interact with social networks or other external platforms directly from the pages within this Website.
Interactions and the related information are subject to the User's privacy settings on social networks.
For further information about data collected while browsing this Website, please read our Cookie Policy.

1.2 Personal data provided by Users

Users can visit the Website without being identified. However, Users can provide their data to Pirovano Flavio & C s.n.c., namely name and surname, e-mail address and phone number, in order to receive commercial information about products/services available on our Website. Users can provide their data directly or with a contact form and subscription form to our newsletter, if available.

2. Purposes of data processing

2.1 The User's data will be processed without prior User's consent under art. 24 letter b) of the Codice Privacy and art. 6 letter b) GDPR for the following purposes:

  • managing and processing statistical surveys concerning the use of this Website;
  • providing maintenance and technical assistance to make this Website and related services work smoothly;
  • improving the quality and structure of this Website and creating new services, functions and/or features;
  • allowing the Users to find information to improve their knowledge about topics covered within the Website and related products and services;
  • allowing the Owner to exercise their rights during proceedings and avoid unlawful behaviors;
  • fulfilling legal obligations or policies.

Nature of data: necessary

Consequences of refusing to provide data: the Data Controller won't be able to process the User's request without these data.

Minimum safety measures for the protection of data: the server operating system, where this Website and database are located with all Pirovano Flavio & C s.n.c.'s data, are located on the hardware infrastructure provided by Serverplan srl, ensuring high standards in terms of information integrity, availability and confidentiality.

2.2 Data provided by Users will be processed with prior User's consent under art. 23 Codice Privacy and art. 6 letter a) GDPR for the following commercial purposes:

  • processing contact requests when Users send through a contact form or an e-mail;
  • processing the request to add comments. Also, when Users request specific services, this Website collects some of the Users' personal data, including their e-mail address: these data are considered as provided voluntarily by Users when they use this option. By adding a comment or any other information, Users confirm to expressly accept our Privacy Policy;
  • allowing to provide Users with commercial information by e-mail about products, events and/or services provided by this Website and/or newsletters including more information about web and marketing issues.

–  Nature of data: optional
Consequences of refusing to provide data: the Data Controller won't be able to process the User's request without their consent.

2.3 Newsletter

This Website's newsletter is sent by e-mail to Users who expressly ask to receive it, with a form available on this Website. By filling out the form, the User allows the Data Controller to process their personal data for the above-mentioned purpose. These data won't be provided to third parties.

Consent: Users must give their consent in order to receive our newsletter. Without the User's consent, the User won't be able to receive our newsletter. However, there won't be any further consequences.

Procedure: The collected data are processed with IT systems. Appropriate safety measures are taken in order to avoid to lose data, discourage an unlawful or incorrect use of these data and block any unauthorized access. Newsletters are sent with the “Sendinblue” platform, provided by https://www.sendinblue.com/. Users can read more information about their Privacy Policy at https://it.sendinblue.com/legal/privacypolicy/ .

Unsubscribe: To unsubscribe from our newsletter, click on the unsubscribe button at the bottom of the e-mail or send a request to the company e-mail address. Unsubscribing is an automatic or manual procedure: you may receive further newsletters if they had already been scheduled before receiving your request to unsubscribe.
Please feel free to contact Pirovano Flavio & C s.n.c. if you need any further information.

3. Nature of data provision

Users must provide their data for the purposes mentioned in par. 2.1. However, providing data is optional for the purposes mentioned in par. 2.2. Users may not be able to get the requested services if they refuse to provide these data.

4. Procedure and duration of data processing

Users' data are processed through operations mentioned in art. 4 Codice Privacy and art. 4 n. 2) GDPR and more specifically: collecting, recording, managing, storing, consulting, processing, editing, selecting, extracting, comparing, accessing, using, interconnecting, blocking, communicating, canceling and destroying data.
Data are processed with IT and/or computer systems and only for the above-mentioned purposes. In addition to the Data Controller, these data be accessed by others, like those managing this Website (administration, commercial, marketing, legal or IT departments) or external partners (providers of technical services, courier services, hosting providers, IT companies, communication agencies), which can also be designated as Data Supervisors by the Data Controller.

Duration of data processing

Data are processed only for the period of time that is strictly necessary for performing the above-mentioned purposes and, in any case, for no longer than 2 years from when data are collected for purposes mentioned in par. 2.1 and for no longer than 1 year for commercial purposes mentioned in par. 2.2.

Location of data processing

This Website collects data from the headquarters of the Data Controller. These data are processed in the datacenter of the website provider (Serverplan srl – VAT number 02495250603 Via G. Leopardi, 22 – 03043 - Cassino (FR) ), who is responsible for processing data on behalf of the Data Controller and is located in the European Economic Area, in compliance with European standards.

5. Access to data

Data can be accessed for the above-mentioned purposes only by:

  • Pirovano Flavio & C s.n.c. as Data Controller


6. Communicating data

Without the User's express consent (according to art. 24 letters a), b), d) Codice Privacy and art. 6 letters b) and c) GDPR), Pirovano Flavio & C s.n.c. will be able to transfer the User's data for the purposes mentioned in art. 2.1 to supervisory bodies, judicial authorities and any other entities the law requires to communicate with for the above-mentioned purposes, as independent data controllers. User's data won't be disclosed.

7. Transfer of data

Data provided by Users allowing this Website to send commercial information by e-mail about products, events and/or services provided by our Website and/or newsletter including more information about web and marketing issues are processed electronically with the “Sendinblue” software provided by https://it.sendinblue.com/. Read more about their Privacy Policy at https://it.sendinblue.com/legal/privacypolicy/.
Except the above-mentioned case, data are managed and stored on servers within the European Union, more specifically on Severplan srl's server hosting at serverplan.com (Privacy Policy https://www.serverplan.com/about-us/privacy).
Data collected with the User's consent, as per par. 2.2 of the Purposes of Data Processing, won't be transferred outside the European Union.
However, Pirovano Flavio & C s.n.c. will be able to move their servers to Italy and/or European Union and/or countries outside the EU. In this case, Pirovano Flavio & C s.n.c. ensures that data will be transferred outside the EU in compliance with the applicable legislation and, if necessary, making agreements that ensure the appropriate level of protection and/or adopting standard contractual terms provided by the European Commission.

8. Third-party websites

Please note that, should this Website include links connecting to third-party websites, the Data Controller won't be able to control the content of these websites or access their users' personal data.
The owners of these websites will be the sole data controllers of their users' personal data. Pirovano Flavio & C s.n.c. won't be responsible for their activities, prejudice or costs that may arise from processing data on these websites.
This Website may include links connecting to other websites belonging to Pirovano Flavio & C s.n.c..
Please read carefully the Privacy Policy and terms and conditions of these websites before providing your personal data or giving your consent to their processing.

9. Users' rights

Users will be able to exercise the rights mentioned in art. 7 Codice Privacy and art. 15-21 GDPR.

More specifically, Users always have the right to obtain from Pirovano Flavio & C s.n.c. the confirmation of the existence of their personal data, even when not yet stored, and to get their related communication in an intelligible form.

  • Users also have the right to obtain confirmation about:
    • the origin of the personal data;
    • the purposes and methods of processing;
    • the method applied in the case of processing carried out with the aid of electronic means;
    • the identity of data controller, data supervisors and designated representative;
    • the subjects or the subject categories to whom the personal data can be communicated or that can get to know them as appointed representatives in the area of the State, of representatives or appointees in charge.
  • Users also have the right to obtain:
    • the updating of their personal data, their adjustment or, if interested, their integration;
    • the cancellation, transformation into anonymous form or block in the event of unlawful processing of data, including those that need not be retained for the purposes for which the data were collected or subsequently processed;
    • the confirmation that activities mentioned in letters a) and b) and their content are known by those who received the communication of these data, except in case this is not possible or requires the use of means that are clearly disproportionate to the right being protected.
  •   Users have the right to object, in whole or in part:
    • to the processing of their personal data for legitimate reasons, even if pertinent to the purpose of data collection;
    • to the processing of their personal data for sending commercial advertisements, sales, market research or commercial communications (i.e. related to newsletters).
  • Where applicable, Users also have the rights mentioned in art. 16-21 GDPR:
    • Right of rectification,
    • Right to be forgotten,
    • Right to restrict data processing,
    • Right to keep contractual and raw data related to browsing,
    • Right to object,
    • Right to complain to authorities.

9.1 Summary of the User's rights according to GDPR

Concerning data processing in this policy, Users will be able to exercise, in compliance with the GDPR conditions, the rights mentioned in articles from 15 to 21 of GDPR and, more specifically, the following rights:
– right of access – article 15 GDPR: right to obtain confirmation that your personal data are being processed and access them, while making a copy of these data available.
– right of rectification – article 16 GDPR: right to rectify or complete inaccurate or incomplete personal data, without undue delay;
– right to erasure (right to be forgotten) – article 17 GDPR: right to cancel your personal data, without undue delay.
– right to restrict data processing – article 18 GDPR: right to restrict data processing when:

  • Users claim that their personal data are inaccurate, for the period of time the owner needs to verify that;
  • data processing is unlawful and Users object to the cancellation of their personal data, requesting to restrict their access instead;
  • Users need their personal data for the establishment, exercise or defense of legal claims.
  • User objected to the processing under art. 21 GDPR during the period of time required to verify if there are reasons for the processing that are more legitimate for the Data Controller than for the User.

right to data portability – article 20 GDPR: the User's right to receive, in a structured, standard way that can be read from an automatic device, their personal data provided to the Data controller and the right to communicate them to another data controller without restrictions, if the User give their consent to the processing and the processing is performed with electronic systems.
right to object – article 21 GDPR: the User's right to object any time and for specific reasons to the processing of their personal data based on the correctness of the legitimate interest or fulfillment of a public interest or the exercise of public authorities, including profiling. The only exception is when the Data Controller has reasons to process data that are more legitimate than the User's interests and rights or for the establishment, exercise or defense of legal claims. This includes the right to object any time to data processing for direct marketing purposes, including profiling when related to it.

The above-mentioned rights can be exercised over the Data Controller, with the above-mentioned contact details.

Users can exercise their rights for free under article 12 GDPR. However, if Users make requests that are clearly unfounded or excessive, and repeated, the Data Controller may charge the User with reasonable charges including the administrative costs to manage the request, or refuse to satisfy the request.

10. Methods to exercise the User's rights

To exercise the rights mentioned above, Users can contact Pirovano Flavio & C s.n.c. any time by sending an e-mail to the company e-mail address.

11. Data Controller

External data controllers

Pirovano Flavio & C s.n.c.
Via Dante, 21
23884 Castello di Brianza (LC)
vendite@enotecapirovano.com
Telefono: +39 0395310213

External data controllers include the following:

SendinBlue (for e-mail marketing activities or newsletters):
Attn. Privacy Officer
privacy@sendinblue.com
SendinBlue SAS – Politique de confidentialité
55, rue d’Amsterdam 75008 Paris, France
Privacy Policy

Serverplan (website manager):
Serverplan srl – VAT number 02495250603
Via G. Leopardi, 22 – 03043 - Cassino (FR), Italy
dpo@messaggipec.it
Privacy Policy

PayPal (online payments)
PayPal is a payment service provided by PayPal Inc., allowing the User to make online payments.
Types of personal data: different types of data are processed as specified in the service's privacy policy.
Location of processing: please read PayPal's privacy policy – Privacy Policy.

Stripe (online payments)
Stripe is a payment service that allows the User to make online payments by credit card.
Types of personal data: different types of dat as specified in the service's privacy policy.
Location of processing: please read Stripe's privacy policy – Privacy Policy.

Google reCAPTCHA (Google Inc.)
Google reCAPTCHA is a service protecting users from SPAM, provided by Google Inc.
reCAPTCHA is used in compliance with Google's privacy policy and terms and conditions.
Types of personal data: Cookie; Usage Data.
Location of processing: United States – Privacy Policy. Member of the Privacy Shield.

Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the collected personal data to track and analyze the use of this Website, and to create and share reports with other services developed by Google.
Google may use personal data to contextualize and customize ads from its advertisement network.
Types of personal data: Cookie; Usage Data.
Location of processing: United States – Privacy Policy - Opt Out. Member of the Privacy Shield.

Conversion tracking of Facebook Ads (Facebook pixel) (Facebook, Inc.)
Conversion tracking of Facebook Ads (Facebook pixel) is a statistics service provided by Facebook, Inc, connecting data from Facebook Ads with actions within this Website. Facebook pixel tracks conversion that may be attributed to ads on Facebook, Instagram and Audience Network.
Types of personal data: Cookie; Usage Data.
Location of processing: United States – Privacy Policy. Member of the Privacy Shield.

Trustpilot (Trustpilot inc.)
Trustpilot.com is a consumer review website that hosts reviews of companies around the world.
Personal Data processed: Cookies; Usage data.
Place of treatment: Denmark - Privacy Policy

 

An updated list of data controllers can be requested to the Data Controller.