Privacy Policy

European Regulation 679/2016 (hereinafter also for simplicity’s sake “Regulation”) on the protection of personal data provides for the protection of natural persons with regard to the processing of personal data.

In compliance with the aforementioned legislation, the processing of personal data covered by this information notice carried out by Cesari Srl (hereinafter “Data Controller” or “Company”) will be based on the principles of correctness, lawfulness, transparency, relevance, non-excessiveness with respect to the purposes for which the data is collected and protection of your privacy and your rights.

In relation to data processing, Cesari Srl informs you of the following.

  1. PERSONAL DATA PROCESSED

The Data Controller processes personal data relating to individual Customers, representatives of the Customer, the Supplier or Third Parties, provided by the Customer/Supplier/Third Party (on the occasion of present or past direct or indirect contractual relationships, in the context of visits or commercial meetings, trade fairs, conferences, courses, seminars or other promotional events, past communications or previous occasions of meeting with representatives of Cesari Srl) or acquired in publicly available address books or websites and the data of the Users of the websites www.umbertocesari.it, www.umbertocesari.com.

The Data Controller will not process “special categories of personal data” (pursuant to Articles 9 and 10 of the Regulation).

The data processed by type is indicated below:

  1. navigation data: IP addresses or domain names of computers used by users who connect to the sites, the URI (Uniform Resource Identifier) ​​addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment, given that the IT systems and software procedures used to operate these websites acquire, during their normal operation, personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified;
  2. common personal data such as name, surname, place and date of birth, tax code or VAT number, address of residence or registered office, email address, telephone number, bank details, and any data necessary for the fulfillment of fiscal/accounting/contractual obligations.

If the User wishes to register in the reserved e-commerce area of ​​the site, the following additional personal data will be requested: password created by the Users themselves at the time of registration or password and username of Facebook, Twitter or other social networks imported directly from the sites www.umbertocesari.it and www.umbertocesari.com if registration occurs via social networks and any additional information that may be provided optionally.

If the User wishes to register with the Wine Club to take advantage of special services and promotions for the purchase of products, the gender of membership and additional optional data are required, necessary to be able to join some promotional initiatives and any additional information that may be provided optionally, technical and third-party cookies which are collected and processed according to the methods, purposes and legal bases indicated in the specific information on this site.

The Data Controller processes personal data through its delegates, internal or external managers, and by making use of its own employees, who will comply with the instructions given by the Data Controller pursuant to the Regulation.

The treatments connected to the web services are handled only by technical personnel in charge of the treatment or by any subjects in charge of the maintenance of the sites.

  1. PLACE OF DATA PROCESSING

The treatments are carried out in Italy, at the Company’s headquarters, or at the appointed external managers.

  1. PURPOSE OF THE PROCESSING

Personal data are processed for the following purposes:

  1. A) personal data acquired automatically during navigation are collected for the sole purpose of obtaining anonymous statistical information on the use of the sites and to check their correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the sites.
  2. B) further common data are collected in order to:
  3. a) provide the products and services envisaged by the contractual relationships in place between Cesari Srl and the Customer / Supplier;
  4. b) provide information and/or send communications relating to the products and services created or to be created or to the products and/or services to be purchased or collaborations to be established, both in the pre-contractual phase (e.g. for the preparation of a commercial offer) and subsequently;
  5. c) provide for the accounting and tax obligations relating to the pre-contractual and contractual relationship with the Customer/Supplier,
  6. d) send information and/or offers on products or services provided by Cesari Srl, which may be considered of interest to the Customer, the Supplier, the User, without this resulting in the transfer of personal data to third parties;
  7. e) verify the quality of the products and services offered;
  8. f) evaluate the quality of supplies and related services;
  9. g) send commercial and/or advertising communications and information relating to products, services, events and initiatives;
  10. h) credit protection;
  11. i) carry out promotional, direct-marketing and web-marketing activities for wine club members, including through profiling them and sending targeted and personalised newsletters and communications (via e-mail, SMS, post) based on the preferences of the Customer and/or User;
  12. j) organize promotional initiatives such as events and prize competitions in order to promote the winery’s brand.
  13. LEGAL BASIS FOR THE PROCESSING

Personal data will be processed on the basis of the following legal bases:

  1. legitimate interest of the Data Controller to be present on the web and to protect the company assets for the purposes referred to in point A) (art. 6, paragraph I, letter f) of the Regulation);
  2. – fulfillment of legal, contractual and pre-contractual obligations for the purposes referred to in points a), b) and c) (art. 6, paragraph I, letter b) and c) of the Regulation);

– legitimate interest of the Data Controller to promote its business, products and services to all those who have provided their data during the purchase of a product or service for the purposes referred to in points d), e), f), g), j) (art. 6, paragraph I, letter f) of the Regulation);

– legitimate interest in protecting company assets for the purposes referred to in point h) (art. 6, paragraph I, letter f) of the Regulation);

– consent of the interested party who has signed up to the newsletter or wine club for the purposes referred to in points d), e), f), g), j), i) (art. 6, paragraph I, letter f) of the Regulation).

  1. DATA PROVISION – CONSEQUENCE OF FAILURE TO PROVIDE DATA

Browsing data is collected automatically: the computer systems and applications dedicated to the functioning of the website detect, during their normal functioning, said data whose transmission is implicit.

As regards further personal data, the interested party is free to provide those necessary for the execution of the contract or service, request the sending of informative material or other communications and to access the reserved e-commerce and wine-club area.

Failure to provide the data collected for the purposes referred to in points a), b) c) could result in the failure or partial execution of the contract stipulated between the parties and/or the impossibility of formulating the offer for the service of interest, it also involves the impossibility of accessing the reserved e-commerce area in order to make online purchases. Failure to provide the data collected for the purposes referred to in points d), e), f), g), h), i) and j) or the subsequent request for cancellation or limitation of processing, involves the impossibility of receiving information on our services in the future according to your needs.

  1. TREATMENT METHODS – STORAGE PERIOD  

The processing will be carried out manually or, predominantly, with the aid of electronic means, and includes, in compliance with the limits and conditions set out in Articles 2, 3 and 4 of EU Regulation 679/2016, all operations, or set of operations, provided for by the same Regulation with the term “processing”, excluding dissemination.
The methods of processing personal data are described in the procedural documentation prepared by CESARI Srl They provide for the adoption of adequate security measures to protect the confidentiality, integrity and availability of data stored on computer or paper media. These measures have been deemed suitable following the analysis of all the risks – assessed considering the relative severity of the consequences and probability of occurrence – that threaten the personal data processed and natural persons.

Personal data will be retained for the period necessary to fulfill the purposes indicated above, in particular:

– to fulfill all legal obligations, fulfil contractual commitments and, in order to satisfy the legitimate interest of the data controller (conservation of know-how, maintenance of evidence relating to the quality of products and services), for ten years from the termination of any contractual relationship;

– for Wine Club Card holders, data will be retained until the end of the promotion as indicated in the specific Regulations and for a further 12 months from the last purchase, unless otherwise agreed by the user. If a user registered with the Wine Club does not make a purchase within 12 months, he/she will be automatically deleted;

– for the management of events and prize competitions, the personal data collected will be retained for a maximum of 5 years from the end of the initiative.

In any case, the data will be retained for a further period necessary for the purposes of fulfilling tax and accounting obligations and for the purposes of protecting, including judicial, the rights of the Company.

  1. COMMUNICATION AND TRANSFER OF PERSONAL DATA

The personal data collected may be communicated to parties external to CESARI Srl for the purposes listed above, in particular:

– in the event of the existence of a contractual relationship with the Customer or the Supplier, the data necessary to fulfill legal obligations may be communicated to tax and/or legal consultants, social security institutions, banks and insurance companies, IT assistance service providers, law firms, the Judicial Authority, couriers responsible for making deliveries, solely for the purposes related to the management of the contractual relationship and for the fulfillment of a legal obligation and for the protection of company assets;

– to carry out some activities related to the processing of data for marketing purposes (direct marketing, sending newsletters, social media, etc.), including user profiling, the data may be transmitted to companies providing marketing and communication services, website management services and third-party web services (Eventbrite, Wine Platform, Mailchimp). In this case, the legal basis is the consent expressed in accordance with this information.

The subjects to whom the personal data will be communicated will operate as Data Processors, as autonomous Data Controllers or subjects authorised to process the data.

In any case, personal data will not be disclosed.

If a transfer to non-EU countries occurs, the Company ensures that the Data Controller is contractually bound by the “standard contractual clauses” authorised by the European Union.

  1. CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller is:
CESARI Srl
Via Stanzano 1120, 40024 Castel San Pietro Terme (BO)
Tel. +39 051 6947811
Fax. +39 051 944387
e-mail:  privacy@umbertocesari.it

  1. RIGHTS OF INTERESTED PARTIES

At any time, you may exercise your rights towards the Data Controller, pursuant to Articles 15 (“Rights of access by the data subject”), 16 (“Right to rectification”), 17 (“Right to erasure”) and 18 (“Right to restriction of processing”) of the Regulation – which, for your convenience, we reproduce in full below – by addressing the relevant requests to the Privacy Office at the headquarters of the DATA CONTROLLER, at the address indicated or by sending an email to privacy@umbertocesari.it. You may revoke your consent for the processing of data concerning you in the same way. It is also possible to lodge a complaint regarding the processing of personal data carried out to the National Supervisory Authority, or to the Guarantor for the Protection of Personal Data (www.garanteprivacy.it).

“EU Regulation 679/2016 articles 15-16-17-18”

Article 15 – Right of access by the interested party

  1. The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the data.

personal and the following information:

  1. a) the purposes of the processing;
  2. b) the categories of personal data concerned;
  3. c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. e) the existence of the right of the data subject to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her.

or to object to their processing;

  1. f) the right to lodge a complaint with a supervisory authority;
  2. g) where the data are not collected from the data subject, any available information as to their source;
  3. h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  4. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the existence of appropriate safeguards pursuant to Article 46 relating to the transfer.
  5. The data controller shall provide a copy of the personal data undergoing processing. In the event of further copies requested by the data subject, the data controller may charge a fee.

reasonable fees based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic format.

  1. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Article 16 – Right of rectification

The interested party has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing,

the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.

Article 17 – Right to erasure (‘right to be forgotten’)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to

delete personal data without undue delay, if one of the following reasons exists:

  1. a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based according to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and where there is no other basis

legal basis for the treatment;

(c) the data subject objects to the processing pursuant to Article 21, paragraph 1, and there are no overriding legitimate grounds for the processing, or …2, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21, paragraph 2, and there are no overriding legitimate grounds for

pursuant to Article 21, paragraph 2;

  1. d) the personal data have been unlawfully processed;
  2. e) the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1.

  1. Where the controller has made personal data public and is obliged pursuant to paragraph 1 to erase them, the controller, taking into account available technology and the costs of implementation, shall adopt the following measures:

reasonable measures, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, the personal data.

YOUR PERSONAL DATA.

  1. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
  2. a) for the exercise of the right to freedom of expression and information;
  3. b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task

carried out in the public interest or in the exercise of public authority vested in the data controller;

(c) for reasons of public interest in the area of ​​public health in accordance with Article 9(2)(h) and (i) and Article 9(3);

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to be affected.

render impossible or seriously impair the achievement of the objectives of such processing; or

  1. e) for the establishment, exercise or defence of legal claims.

Article 18 – Right to restriction of processing

  1. The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
  2. a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  3. b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  4. c) although the data controller no longer needs them for the purposes of the processing, the personal data are required by the data subject for the establishment, exercise or defence of legal claims.
  5. d) the data subject has objected to the processing pursuant to Article 21, paragraph 1, pending the verification whether the legitimate grounds of the controller override the processing to those of the interested party.
  6. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or the defence of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  7. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.”