www.shop.didemo.it collects certain Personal Data about its Users.
The Data Controller of the Personal Data, which is collected and processed as the User interacts with this Site for the purposes specified below, is DiDemo Srl with registered office in Via Monteleone 26, 37015 Gargagnago di Valpolicella (VR) Italia P.IVA 03546810239, email address: email@example.com (hereinafter "DiDemo Srl").
In other circumstances, which are specified below, Tannico and WinePlatform S.p.A. with registered office in Via Visconti di Modrone 12, Milan (MI), email address: firstname.lastname@example.org (hereinafter "WinePlatform"), additionally acts as Data Controller and as External Data Processor.
Data Controller: DiDemo Srl
Legal person who determines the methods and purposes of the data processing.
The function of DiDemo Srl as Data Controller is limited to the sole activities of identifying the technical and functional characteristics of the platform, supplying the product, quality assurance and management of returned goods.
Data Controller: Tannico & WinePlatform S.p.A.
Legal person who determines methods and purposes of the data processing.
The the function of Tannico & WinePlatform S.p.A. as Data Controller is limited to sales, payment, shipping and delivery.
Data processor: Tannico & WinePlatform S.p.A.
The legal entity that processes personal data on behalf of the Controller.
Tannico & WinePlatform S.p.A.'s responsibility for the data processing is limited to platform construction, management and maintenance activities only.
Exercise of User Rights:
The User may exercise his/her rights towards each Data Controller by contacting them at the abovementioned address.
- DiDemo Srl with registered office in Via Monteleone 26, 37015 Gargagnago di Valpolicella (VR) Italia P.IVA 03546810239
- Tannico and WinePlatform S.p.A. with headquarters in Via Visconti di Modrone 12, Milan (MI).
Controllers’ email addresses:
- DiDemo Srl : email@example.com
- Tannico & WinePlatform S.p.A.: firstname.lastname@example.org
Email address of the person in charge: email@example.com
Information on the processing of Personal Data
Types of Data collected
The Personal Data collected by www.shop.didemo.it, independently or through third parties, includes personal data, email, contact data, connection data, purchase and order data, usage data and cookies.
Unless otherwise specified, all Data requested by www.shop.didemo.it are mandatory. If the User refuses to provide the data, it may be impossible for www.wineplatform.it/masiagricola to provide the requested service. In cases where www.wineplatform.it/masiagricola indicates certain Data as optional, Users are free to refrain from communicating such Data, without this having any effect on the availability of the Service or its operation. Users who have any doubts regarding which Data is mandatory, are encouraged to contact the Data Controller.
Means and place of the processing of the collected Data
The Data Controllers adopt the appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data.
Computer and/or telematic tools execute the processing, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controllers, in some cases, other subjects involved in the organisation of www.shop.didemo.it (administrative, commercial, marketing, legal staff or system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data. These entities could also be appointed, if necessary, as Data Processors by the Data Controllers. The updated list of Data Processors may be requested at any time from the Data Controllers.
Legal basis of the treatment
The Data Controllers may process Personal Data relating to the User if one of the following conditions is met:
- The User has given consent for one or more specific purposes; Note: in some jurisdictions, the Data Controller may be authorised to process Personal Data without the User's consent or another of the legal bases specified below, until the User objects to such processing (“opts-out”). However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data.
- The processing is necessary for the execution of a contract with the User and/or the execution of pre-contractual measures;
- The processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
- The processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties.
However, it is always possible to ask the Data Controllers to clarify the legal basis of each processing and in particular to specify whether the processing is based on legal needs, provided for in a contract or necessary to close a contract.
The Data is processed at the Data Controllers’ operating offices and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controllers.
The Personal Data may be transferred to a country other than the country in which the User is located. In this case, the Data Controller hereby assures that the data will be transferred in accordance with the applicable legal provisions.
The User is entitled to obtain information regarding the legal basis for the transfer of Data outside the European Union.
Should any of the transfers described above take place, the User may refer to the respective sections of this document or request information from the Data Controllers by contacting them at the addresses provided at the beginning of this document.
The Data is processed and stored for the time required for the purposes for which they were collected.
- Personal Data collected for purposes related to the execution of a contract between the Data Controllers and the User will be retained until the execution of the contract in question is completed.
- Personal Data collected for purposes related to the legitimate interest of the Data Controllers will be retained until such interest is fulfilled. The User may obtain further information about the legitimate interest pursued by the Data Controllers in the relevant sections of this document or by contacting the Data Controllers directly.
When the processing is established based on the User's consent, the Data Controller may retain the Personal Data for a longer period of time and until such consent is revoked. In addition, Data Controllers may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an Authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this period, the User may no longer exercise the right to access, cancel or rectify the Data nor and the right to Data portability.
Purposes of Data Processing
User Data is collected to allow the Data Controllers to provide their Services, as well as for the following purposes:
- For sales purposes and related activities. The Data Controller for WinePlatform processes the User’s personal data to manage the sale of DiDemo Srl products through the Site and to provide the relevant after-sales services (e.g. assistance, returns, warranty). Your Personal data is therefore processed in order to register orders and to fulfil deriving contractual obligations, such as the shipment of products. The data relating to the transaction are also processed to fulfil the relevant legal obligations, such as commercial and fiscal documents relating to the sale. In addition, should you require pre-sale or after-sale assistance, e.g. when you contact us for information about the prices of DiDemo Srl products, or to know about shipment details, your data is processed to respond to your requests and provide customer-care services. The processing is based on the fulfilment of a contract with the data subject or of pre-contractual measures taken at the data subject's request, as well as the fulfilment of legal obligations to which the data Controller is subject. The provision of your personal data is necessary and, should you fail to provide it, it will not be possible to proceed with the order or respond to requests.
- To manage and operate through our Site. DiDemo Srl, the data Controller for this purpose, processes personal data to manage the Site, ensuring that it is functional and accessible, improving and periodically updating it to the systems and standards applicable. DiDemo Srl may process data such as the IP address and details of the device from which the User is connected, for example, in order to present the User with the desktop or mobile version of the Site. The processing is based on DiDemo Srl's legitimate interest, which is to present its activities and products to the public, to ensure the operation of the Site and to improve its appearance and user experience. The provision of your personal data is necessary and, should you fail to provide it, it may not be possible to grant you access to the Site.
- For purposes of managing user interaction with the site, including the creation of accounts by users. DiDemo Srl, who is the data Controller for this purpose, processes personal data to manage the User’s interaction with the Site. In particular, DiDemo Srl processes your data to enable you to create an account on the Site and to manage the account data and updates, for example by reporting information on orders placed. Your personal information is processed to allow you to enter or update your personal details, such as your email address, and to allow you to manage any preferences. The processing is based on the fulfilment of a contract with the data subject or of pre-contractual measures taken at the data subject's request; on the fulfilment of legal obligations relating to the processing of accurate and up-to-date personal data; and on DiDemo Srl's legitimate interest in ensuring a pleasant experience on the Site for its users. The provision of your personal data is necessary and, should you fail do provide it, it will not be possible to proceed with the creation or the updating of your account.
Who do we communicate or transfer your data to
Authorised personnel will process personal data according to different needs. Your data will also be processed by suppliers for technical and organisational services functional to the processing purposes indicated above. These subjects act as our data processors on the basis of the company’s instructions and in accordance with the provisions of the contracts signed with us.
The company may disclose personal data to public authorities or bodies and to any other legitimate recipient under the law. If this were the case, the recipients would act as independent data Controllers according to their respective institutional purposes.
To receive the updated list of recipients of your personal data, please contact us at the contact details indicated above.
If your data is transferred abroad, to countries that do not guarantee the same level of data protection, the company will ensure that the transfer is carried out in accordance with Articles 46-47 and 49 of the GDPR, i.e. by collecting the User’s consent when necessary, or by taking any other measures necessary to ensure the protection of the data being transferred, such as signing standard contractual clauses in accordance with the model developed by the European Commission.
Users may exercise the following rights with reference to the Data processed by the Data Controllers.
- Revoke consent at any time. The User may revoke his/her previously expressed consent to the processing of his/her Personal Data at any time.
- Oppose the processing of Data. The User may object to the processing of his/her Data when this is done on a legal basis other than consent. Further details on the right to object are indicated in the section below.
- Access Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
- Check and ask for rectification. The User may verify the correctness of his/her Data and request that it be updated or corrected.
- Obtain the limitation of treatment. When certain conditions are met, the User may request the limitation of the processing of his/her Data. In this case, the Data Controllers will not process the Data for any other purpose other than their retention.
- Obtain the deletion or removal of Personal Data. The User may request the Data Controllers to delete his/her Personal Data, except in the case of legal obligations that require the retention of this Data.
- Receive Data or have it transferred to another data Controller. The User has the right to receive his/her Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transferred without interference to another data Controller. This provision is applicable when the Data is processed by automated tools and when the processing is based on the User's consent, on a contract to which the User is a party or on contractual measures related to a contract..
- Lodge a complaint. The User may lodge a complaint with the competent data protection authority or take legal action.
How to exercise your rights
To exercise their rights, Users may address a request to the contact details of the Data Controllers indicated in this document. The Data Controllers shall process these requests as soon as possible, within one month and/or within 3 months at most in case of a particularly complex request. In order to exercise their rights, the interested party may be requested to contribute to the expenses for the copies he/she has requested.
More information about the treatment
Defence in court
The User's Personal Data may be used by the Data Controller in court as well as in the preparatory stages for a possible defence against abuse in the User’s use of this Application- or related services. The User declares that he/she is aware that the Data Controlelr may be required to disclose the Data at the request of public authorities.
Information not contained in this policy
Further information related to the processing of Personal Data may be requested from the Data Controllers at any time by contacting them at the contact information above.
If the changes involve any processing whose legal basis is consent, the Data Controller will collect the User's consent for a second time, if necessary.
Last update: 29/09/2020