Privacy Policy

We take the protection of your personal data very seriously and strictly adhere to the rules of the data protection laws.

PRIVACY STATEMENT

SUBJECT:

informative report under article 13 of the Regulation (EU) 2016/679 (the “GDPR” – General Data Protection Regulation)
relating to the protection of individuals with regard to the processing of personal data collected from the data subject.

a. DATA CONTROLLER

The data controller is San Polo in rosso s.r.l. Società Unipersonale with registered office in Via Castello di San Polo in rosso –
Gaiole in Chianti – VAT Number 04958600480, Phone no. +39 0577/746045, e-mail: info@sanpolo.it.

b. DATA PROTECTION OFFICER

Not falling within the cases provided for by the GDPR’s art. 37 and according to the WP243 guideline, a Data Protection Officer
has not been designated.

c. LEGAL BASIS, PURPOSES AND OBLIGATIONS OF DATA PROCESSING

Your personal data are processed for the following purposes:

  • Fullfillment of requests from the data subject;

The provision of Data for Legal and contractual purposes is mandatory; The provision of data is necessary to enable us to process
your requests. Consent expression is not required. The failure to communicate your personal data will impede the fullfilment of any contractaul obligations.

d. LAWFULNESS OF THE PROCESSING

The data processing is lawful as:

  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller (fulfilment of a contract or
    in the pursuit of the Company’s purposes).

e. RECIPIENTS OF THE PERSONAL DATA

Your personal data could be shared with the internal employees as well as the following third-party entities:

  • Parties which have to be informed according to a legally binding obligation;
  • Monitoring organisations, especially in case of inspections;
  • Third-party companies or practitioners (in execution of contractual or legal obligations).

The name of the subjects listed above is available at any time upon request by the data subject.

f. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

The transfer of personal data outside the EU or to international organisations is not foreseen.

g. DATA RETENTION PERIOD

The period of personal data retention, where there are no legal obligations or cancellation requests, is based on the existence of
the purposes listed at point “c” or on the need of regular performance of the company business.

h. RIGHTS OF THE DATA SUBJECT

The Data Subject has the right to request at any time of access, rectification, erasure, portability of Personal Data as well as to
object, revoke or restrict the data processing or propose a complaint to the Data Proctection Supervisor Authority.

i. AUTOMATED DECISION-MAKING PROCESSES

Personal data are not processed with automated decision-making processes.