Privacy Policy

Informative report under article 13 of the Regulation (EU) 2016/679 (the “GDPR” – General Data Protection Regulation) relating to the protection of individuals with regard to the processing of personal data collected from the data subject.

a. DATA CONTROLLER
The data controller is San Polo in Rosso s.r.l. Società Unipersonale with registered office in Via Castello di San Polo in Rosso – Gaiole in Chianti – VAT Number 04958600480, Phone no. +39 0577/746045, e-mail: info@sanpolo.it.

b. DATA PROTECTION OFFICER
Not falling within the cases provided for by the GDPR’s art. 37 and according to the WP243 guideline, a Data Protection Officer has not been designated.

c. BASE GIURIDICA, FINALITÀ ED OBBLIGATORIETA’ DEL TRATTAMENTO
Your personal data are processed for the following purposes:

  • Fullfillment of requests from the data subject
  • Legal requirements: informing the law enforcement authorities of the names and details of people staying on the premises, invoicing, and other administrative / accounting purposes

The provision of Data for Legal and contractual purposes is mandatory; The provision of data is necessary to enable us to process your requests. Consent expression is not required.
The failure to communicate your personal data will impede the fullfilment of any contractaul obligations.

d. LAWFULNESS OF THE PROCESSING
The data processing is lawful as:

  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller (fulfilment of a contract or in the pursuit of the Company’s purposes).

e. RECIPIENTS OF THE PERSONAL DATA
Your personal data could be shared with the internal employees as well as the following third-party entities:

  • tax advisor
  • Parties which have to be informed according to a legally binding obligation;
  • Monitoring organisations, especially in case of inspections;
  • Third-party companies or practitioners (in execution of contractual or legal obligations).

The name of the subjects listed above is available at any time upon request by the data subject.

f. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The transfer of personal data outside the EU or to international organisations is not foreseen.

g. DATA RETENTION PERIOD
The period of personal data retention, where there are no legal obligations or cancellation requests, is based on the existence of the purposes listed at point “c” or on the need of regular performance of the company business.

h. RIGHTS OF THE DATA SUBJECT
The Data Subject has the right to request at any time of access, rectification, erasure, portability of Personal Data as well as to object, revoke or restrict the data processing or propose a complaint to the Data Proctection Supervisor Authority.

i. AUTOMATED DECISION-MAKING PROCESSES
Personal data are not processed with automated decision-making processes.