Secure Payments
Your payments are protected by
PRIVACY POLICY
This Privacy Policy is provided in accordance with Article 13 of the European Regulation no. 679/2016 and applies exclusively to all data collected through the website www.pozzowineclub.com. This Privacy Policy is subject to updates that will be promptly published on the website. Together with the Terms and Conditions, other referenced documents, and the Cookie Policy, this Privacy Policy establishes the basis on which the personal data of the data subject will be processed.
Data Controller
The Data Controller for the data collected through this website is Pozzo Wine Club di Meattini Simone, based in Buonconvento (SI) 53022 Via Emilia Romagna no. 12, email: info@pozzowineclub.com.
Personal Data
Personal Data refers to any information relating to an identified or identifiable natural person (data subject). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical identity.
Categories of Personal Data Processed
Among the Personal Data processed by this website, either independently or through third parties, are general data such as cookies, usage data, name, email, fiscal data necessary for purchases, and personal data necessary for product delivery.
Methods of Processing Personal Data
The Personal Data provided or acquired will be processed based on principles of fairness, lawfulness, transparency, and confidentiality protection, in compliance with current regulations. The Data Controller processes users’ Personal Data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Processing is carried out using computer and/or telematic tools, following organizational methods and strictly related logics to the indicated purposes.
Purposes of Personal Data Processing and Legal Basis
Personal Data may be collected independently by the Data Controller or through third parties. In this case, the IT systems and software procedures used to operate this website may acquire some personal data of users, technical-informatic data (e.g., IP address, browser type, operating system, domain name, and websites’ addresses from which access or exit is made, etc.), whose transmission is inherent to the use of the Internet. Such data may be processed solely to obtain anonymous statistical information about the site’s use and/or to verify its correct functioning and will be deleted immediately after processing.
The data voluntarily provided by the data subject will be processed in compliance with the conditions of lawfulness pursuant to Article 6 of the GDPR and will be processed to allow the website to provide its services, as well as for the purposes indicated below, and will be stored for the time necessary to fulfill the aforementioned purposes.
The purposes of processing are as follows:
a) Information and pre-contractual obligations
Data will be processed to respond to specific requests from the data subject for information and/or interest in purchasing related to the services provided by the Data Controller, via email messages or contact forms and other communication tools such as phone calls.
Legal basis: this processing is optional and based on the data subject’s consent, but providing data is necessary to pursue the indicated purpose.
Data retention period: …, unless consent is revoked.
b) Necessary processing under a contract
Data will be processed to fulfill obligations deriving from the contract between the data subject and the Data Controller for selling products on the website, contacting the data subject in relation to the contract and managing it, handling requests for legal guarantees, assistance, withdrawal requests, and managing and resolving the contract itself.
Legal basis: this processing is necessary for the execution of the contract of which the data subject is a part, pre-contractual measures, or to fulfill a legal obligation.
Data retention period: 10 years or another legal requirement.
c) Compliance with legal obligations
Data will be processed to comply with any type of obligation contemplated and provided by current laws, regulations, related standards, commercial customs, and tax matters, including those provided by anti-money laundering legislation.
Legal basis: this processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
Data retention period: 10 years or another legal requirement.
d) Softspam
Data will be processed to enable the Data Controller to send commercial and promotional communications via email concerning products and/or services similar to those subject to the sale, without the need for the data subject’s explicit and prior consent, as provided by Article 130, paragraph 4 of the Privacy Code, as amended by Legislative Decree no. 101 of 2018, and provided the data subject does not exercise their right to object.
Legal basis: this processing is based on the Data Controller’s legitimate interest under Article 6, letter F, and Recital 47 of the GDPR.
Data retention period: until the data subject objects.
e) Direct marketing
Data will be processed for direct selling of products/services, market research, and sending communications and promotional, commercial, and advertising material or information on initiatives and events via newsletters, emails, SMS, WhatsApp, chat, direct messaging from social media, social networks, phone calls, postal mail, and other informational materials.
Legal basis: this processing is based on the freely expressed consent of the data subject pursuant to Article 6, paragraph 1, letter A of the GDPR.
Data retention period: …, unless consent is revoked.
f) Statistics
Data will be processed for statistical analysis on aggregated and anonymous data to analyze user behavior, improve the products and services provided by the Data Controller, and meet the expectations of the data subject.
Legal basis: this processing is based on the freely expressed consent of the data subject.
Data retention period: until the data subject revokes consent.
Communication of Data
In addition to the Data Controller, in some cases, the data may be accessed by:
a) Trained categories of persons involved in the website’s organization (administrative, commercial, marketing, legal, and system administrators);
b) External subjects (such as third-party technical service providers, hosting providers, IT companies, and communication agencies) also appointed as Data Processors under Article 28 of the GDPR. An updated list of processors, if appointed, can always be requested from the Data Controller;
c) Public or private subjects that can access data in compliance with legal obligations;
d) Subjects performing accessory and instrumental tasks for the Data Controller’s activity.