Privacy Policy

Processing of personal data

Privacy Policy

This Privacy Policy describes the approaches and the reasoning behind the processing of personal data conducted by TENUTE COCCONI S.R.L., acting as the Data Controller (hereinafter, the “Controller”), through the website www.tenutecocconi.com (the “Website”).

This policy is offered in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council dated April 27, 2016, regarding data protection (hereinafter referred to as the “Regulation” or “GDPR”) solely for the Website and not for other websites that may be accessed by the user via links.

Identity and contact details of the Data Controller

The Data Controller of the processing of personal data relating to users is TENUTE COCCONI S.R.L., with registered office in Viale degli Artigiani, 9 – 71122 Foggia, email: info@tenutecocconi.com.

Processing purpose and legal basis
Personal data is processed exclusively to provide available services through the Website and, specifically, to:

  1. a) respond to requests for information and/or messages sent by Users in the appropriate “Contact us” section;
    b) comply with legal obligations established by law.

The legal basis for processing for the purposes mentioned in a) is Article 6, paragraph 1, letter b) of the GDPR (“processing is essential for fulfilling a contract to which the data subject is a party or to take actions at the request of the data subject before entering into a contract”) and Article 6, paragraph 1, letter c) (“processing is essential for meeting a legal obligation that the controller must comply with”).

Processing methods

The Data Controller shall adopt suitable technical and organizational measures to ensure that only personal data pertaining to Users, essential for each specific processing purpose, is processed. This aims to reduce the risks of accidental destruction or loss of the data, unauthorized access, or processing that is not permitted or does not align with the purposes indicated in this Policy.

The processing of personal data regarding the Users may be performed using the electronic or automated means, employing methods and procedures strictly necessary for achieving the purposes described above.

Categories of processed data

Browsing data

Computer systems and software procedures utilized to run this Website collect some personal data during regular operations, as the transmission is implicit in the use of Internet Communication Protocols.

This information is not collected to be linked with identified data subjects, but its nature may enable users to be identified through processing and association with data held by third parties.

This type of data includes IP addresses or domain names of computers used by users accessing the Website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file received in response, the numerical code representing the status of the response given by the server (successful, error, etc.) and other parameters pertaining to the operating system and IT environment of the User.

This data is used for aspects concerning to the usage of the Website and its correct operation, in addition to anonymous statistical purposes.

The data may be used and stored in cases of suspected computer crimes against the Website, for which the Data Controller reserves the right to involve the competent authorities to determine any liability.

Data provided by the users
The transmission of any personal data by the User (such as name and surname; email address; etc.) results in the Data Controller subsequently obtaining and processing this data in order to respond to received requests.

Cookie
The methods used to manage the Website concerning the usage of cookies and the associated processing of personal User data who access it are described in the dedicated “Cookie Policy.”

Potential targets and classifications of personal data targets
User-related personal data may be shared for the aforementioned purposes with parties performing necessary activities for the services provided by the Website (for example, analyzing the operation of the Website itself) who will handle the data in their capacity as data processors (Article 28 of the Regulation) and/or as authorized individuals acting under the authority of the Data Controller (Article 29 of the Regulation) or as specifically designated subjects to process the data as stipulated by the GDPR and Legislative Decree N. 196/2003 as amended by Legislative Decree N. 101/2018, such as IT service providers and/or other technical/organizational services or employees and collaborators of the Data Controller.

Personal data of users is not allowed to be disseminated or shared.

Transfer of personal data to a third country or international organization
Personal data of the users are not transferred to any third-party country outside the European Union or to international organizations.

Personal data storage period
Data will be retained for a period of time not exceeding the achievement of the aforementioned purposes and, in any case, within the boundaries established by legal regulation.

User rights
In accordance with Article 15 and following of the Regulation, the User is entitled to request from the Data Controller:

  • Access to personal data;
  • Correction or deletion of such data or limitation of processing related to the subject;
  • Objection to processing;
  • Data portability as stated in Article 20;
  • If the processing relies on Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a): consent may be withdrawn at any time without affecting the lawfulness of the processing conducted prior to the withdrawal.

In addition to other administrative or judicial remedies, the User who believes that the processing related to them breaches the GDPR has the right to lodge a complaint with a supervisory authority, specifically in the Member State where the subject usually resides, is employed, or where the alleged breach occurred according to Article 77: the Italian supervisory authority is the Garante per la protezione dei dati personali.
To exercise the aforementioned rights, the User may contact the Data Controller using the contact information provided above.

Whether the disclosure of personal data is a legal or contractual obligation or a necessary condition for concluding a contract, and whether the subject has a responsibility to supply the personal data along with the potential consequences of failing to provide such data

Besides what has been mentioned regarding browsing data, the User has the option to provide personal data in the forms (see the “Contact us” section). Not supplying personal data will result in the impossibility for the Data Controller to proceed and respond to the request of the User for information and/or contact.

Updates
The Privacy Policy of the Website may receive updates; therefore, Users are encouraged to review its details periodically.