Privacy Policy

Article 13 EU Reg. 2016/679 - GDPR
Notice pursuant to article 13 EU Reg. 2016/679 - GDPR

The Enoliteca del Consorzio Vino Nobile srl, whose registered and operational offices are located in Via San Donato, 21 Montepulciano (SI), (hereinafter referred to as the “Controller”), in its role as Data Controller, wishes to inform you pursuant to art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your personal data will be processed in the ways and for the purposes indicated below:

1. Processed data
The Controller handles personal identification data (for example, name, surname, company name, address, telephone number, e-mail, bank and payment details) – hereinafter referred to as “personal data” or any “data” provided by yourself on entering into agreements regarding the provision of the Controller’s services.

2. Purposes of processing
The acquisition and processing of personal data are carried out for the following purposes:

A. Without your express consent [art. 6 lett. b), e) GDPR], for the following Service aims:
  1. the fulfilment of all operations enforced by legal and fiscal regulatory requirements deriving from the business activity
  2. the implementation and execution of the contractual relations in course;
  3. the operations closely associated with and instrumental to the implementation of the aforementioned relations, comprising the acquisition of preliminary information necessary to the conclusion of the Contract;
  4. to fulfil the legal requirements to which we are subject regarding the administrative, managerial and logistic activities of the training courses you wish to enrol for;
  5. to provide the requested services, enable an efficacious management of customer relations in order to satisfy requests for information, assistance and/or specific needs expressed by yourself;
  6. to assess customer satisfaction levels, through the processing of statistics for internal use;
B. Only with your prior and specific consent (art. 7 GDPR), for the following Marketing purposes:
  1. To send you information on available services, newsletters and personalized news, containing material and promotional initiatives regarding events and services (e.g. invitations to tasting sessions, events, conferences, presentations etc.) by traditional methods (call centre phone calls) or automated systems (email);
  2. To send you via e-mail, post and/or text messages and/or phone contacts the commercial and/or promotional announcements of third parties (for example, those of our business partners).
We wish to point out that if you are already customers of ours, we may send you commercial mail relating to the Controller’s services which are comparable to those you have already used, unless you have denied consent.
The contractual aims of service provision, commercial and non-commercial disputes, and promotional activities regard the personal data processing of the sole Customer. The Customer’s personal data will be processed for the entire duration of the contractual relations established and subsequently for the purpose of fulfilling all legal requirements, as well as for future trade purposes.

3. Processing methods
Processing will be carried out automatically and manually, using methods and equipment which comply with the security measures stipulated by art. 32 of the GDPR 2016/679, by individuals specifically appointed for this task, in compliance with art. 29 GDPR 2016/679. Security measures will be adopted to guarantee the data subject’s privacy and to avoid any unlawful access to data by third party entities or unauthorized personnel.
The conferred data will be stored in our archives according to the following parameters:
  1. For administrative and accounting activities, orders, the management of estimates and the entire production flow, assistance and maintenance, shipping, invoicing, services, the handling of any disputes: 10 years as stipulated by Law pursuant to art. 2220 Civil Code, barring any delayed payments of due amounts which justify an extension of this period;
  2. For the aims referred to in paragraph 2.A points 2-3-4-5-6 indicated above, storage times will correspond to the expiry of the contract;
  3. For marketing purposes (paragraph 2.B points 1-2): 24 months;

4. Access to data
Your personal data may be made accessible for the purposes referred to in the above points 2.A:
  1. to partners, employees and associates of the Data Controller in their role as internal persons in charge of and/or responsible for processing and/or system administrators;
  2. to third party companies or other entities engaged in outsourced activities on behalf of the Data Controller, in their role as external persons responsible for processing (for example: software Houses, associated law offices, certifying bodies, chartered accountants and tax consultants and, in general, all those entities appointed to verify and monitor the correct execution of the aforementioned aims, Municipal bodies and/or Offices, consultants and the providers of services for work safety which, in their turn, may disclose data or enable access to said data to their partners, users and authorized persons for specific market research studies. The data acquired and processed may also be disclosed to sub contractors/suppliers in Italy and abroad.
In brief, the detailed list of such individuals and entities is available at our premises for your consultation.

5. Data disclosure
Without having to obtain express consent (art. 6 lett. b) and c) GDPR), the Data Controller may disclose your personal data for the aims referred to in point 2.A to Supervisory boards, Judicial authorities, and any other entities to which it is legally mandatory to do so in order to fulfil the aforesaid purposes. These entities will process data in their role as independent Data Controllers. Your personal data will not be diffused.

6. Data transfer
Personal data are stored on servers in the European Union, located in the offices of the registered premises. It is understood in any case that the Data Controller, whenever necessary, is free to move the servers even to non-EU countries. In such an event, the Data Controller hereby guarantees that the transfer of data outside the UE will be effected in compliance with the applicable regulatory norms, and subject to the stipulation of the standard contractual clauses laid down by the European Commission.

7. Nature of data conferment and possible consequences of denial
The conferment of data for the aims referred to in point 2.A is mandatory. In absence of conferment, we are unable to guarantee the provision of the Services indicated in point 2.A.
Instead, the conferment of data for the aims referred to in point 2.B is optional. You may therefore choose not to provide any data or to subsequently refuse the processing of the data you have already conferred: in such a case, you will be unable to receive newsletters, commercial announcements and advertising material regarding the Services provided by the Data Controller. You will nevertheless still be entitled to the Services indicated in point 2.A.

8. Data subjects’ rights/strong>
With regard to the aforementioned processing activities, each data subject may exercise the rights referred to in articles 15 – 22 of the Regulation.
  1. a) to ask and obtain access to personal data (art 15 of the GDPR);
  2. b) to obtain the rectification or deletion (right to be forgotten) of their personal data or its restricted processing (art. 16, 17 and 18 of the GDPR);
  3. c) to deny consent to processing (art. 21 of the GDPR);
  4. d) to data portability (art. 20 of the GDPR);
  5. e) to withdraw consent;
  6. f) to present a claim to the Italian Data Protection authority (Garante Privacy –
Should the data subject oppose the processing of their personal data pursuant to article 21 of the Regulation, the Company reserves the right to evaluate the request, which will not be accepted in the event of their being legitimate and binding reasons for continuing the processing activity which prevail over the interests, rights and freedom of the data subject.

9. How to exercise your rights
You may exercise your rights at any time by sending:
  1. A recorded delivery letter to Enoliteca del Consorzio Vino Nobile srl, headquartered in Via San Donato, 21 Montepulciano (SI);
  2. an email to the address:

10. Data Controller, Supervisor and persons in charge of processingi
The Data Controller is Enoliteca del Consorzio Vino Nobile srl, headquartered in Via San Donato, 21 Montepulciano (SI).
The updated list of Supervisors and persons in charge of processing is held on the Data Controller’s premises.

Download Customer Privacy Notice