Privacy Policy

This page describes how the website is managed with regard to the processing of personal data of users who consult it. This information is also provided pursuant to Article 13 of the EU Regulation 2016/679 - General Data Protection Regulation (hereinafter referred to as GDPR - General Data Protection Regulation) to those who interact with the web services rendered by Contadi Castaldi S.r.l. accessible by telematic means from the telematic address https://www.contadicastaldi.it/it/.
The information is given only for the indicated website and not also for other websites that may be consulted by the user through links.

Data controller

Pursuant to art. 4 par. 1, no. 7 of the GDPR, the Data Controller is Contadi Castaldi S.r.l. P.I. 02084650981, in the person of its legal representative pro tempore, registered office in via Colzano n. 32 - 25030 Adro (BS).

Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR, Contadi Castaldi S.r.l. has appointed a Data Protection Officer (DPO), who can be contacted at the following email address: dpo@terramoretti.it

Data controllers and areas of communication

• group companies;
• Website hosting, maintenance and management company;
• Companies that provide management and technical support services for the company's IT infrastructure;
• companies that operate booking platforms (Domnia Ltd.)
• Third parties that manage cookies (according to the cookie policy)
• Companies that provide e-mail marketing platforms;
• payment gateway companies for transactions made on the site and/or banking institutions (these entities qualify as independent data controllers);
• Public Bodies or Offices in accordance with legal and/or contractual obligations.
• freelancers, professional firms or companies or associations as part of assistance and consulting relationships for administrative, accounting, financial or legal protection purposes;
• public institutions and entities stipulated by current accounting and tax regulations as recipients of mandatory disclosures;
• Holding Terra Moretti S.r.l. for corporate activities under the parent company (marketing, IT assistance, management and coordination, etc.);
• couriers for the shipment of products, where e-commerce activity is carried out.

An updated list of the data controllers appointed under Article 28 of GDPR 2016/679 can be obtained from the Data Controller.

Purpose, legal basis and nature of conferment

The personal data you provide by using the website will be processed by the Data Controller, respectively, for the following purposes:

1. Booking procedure for visits and wine tasting activities. The legal basis for the processing is identified in Article 6 Paragraph 1(b) of the GDPR, as it is necessary for the performance of a contract to which the data subject is a party. The consent of the data subject, therefore, is not necessary;
2. response to user requests regarding information, quotes, product sales and other areas of the Company's business. The legal basis for the processing refers to Article 6 Paragraph 1(b) of the GDPR, as the same is necessary for the execution of pre-contractual measures to which the data subject is a party. The consent of the data subject, therefore, is not necessary;
3. research and statistical analysis on anonymous aggregate data, aimed at monitoring the operation of the site, measuring traffic and evaluating its usability and interest in order to ensure greater functionality and performance. In this case, the consent of the data subject is not necessary, nor does an additional legal basis under Article 6 GDPR come into play, as this activity does not constitute the processing of personal data;
4. Registration to the newsletter for the receipt by e-mail of periodic communications having promotional and commercial nature, concerning the Company. The legal basis finds its foundation in Article 6 par. 1 letter a) of the GDPR and therefore the explicit consent of the data subject is required;
5. Disclosure of personal data to group companies for the purpose of receiving periodic e-mail communications (marketing purposes) within the relevant business sectors such as hospitality and wine. The legal basis is grounded in Article 6(1)(a) of the GDPR and therefore the explicit consent of the data subject is required;
6. Profiling through third-party cookies. The legal basis is identified in Art. 6 para. 1 lett. (a) GDPR, for which, also in accordance with Directive 2009/136/EC of November 25, 2009 and the Guidelines "cookies and other tracking tools" adopted by the Italian Data Protection Authority on June 10, 2021, the consent of the data subject is required;
7. fulfillment of laws and regulations. The legal basis is contained in Article 6 para. 1 lett. (c) of the GDPR, as the processing is necessary to fulfill a legal obligation to which the Data Controller is subject. The consent of the data subject, therefore, is not necessary;
8. ascertain, exercise or defend a right in court or whenever judicial authorities exercise their functions. The legal basis is identified in Article 6(1)(f) of the GDPR, as the processing is necessary to protect a legitimate interest of the Data Controller. The consent of the data subject, therefore, is not necessary.

The Company guarantees the preparation and effective use of adequate security measures for the proper processing of data acquired from users/concerned parties. In addition, in accordance with the principle of data minimization set forth in Article 5(1)(c) of the GDPR, the only data subject to processing will be those that are strictly and indispensably necessary to enable the Controller to fulfill the obligations he or she pursues during his or her activity in order to provide specific services, benefits or goods of any kind requested by the person concerned and consistent with the activity itself

Place of data processing

The processing carried out within the web services of this website takes place at the headquarters of the Data Controller or Managers and is handled only by technical personnel of the service appointed and expressly authorized to the processing pursuant to Art. 29 of the GDPR and 2- quaterdecies of Legislative Decree 196/2003.

Types of data processed

Without prejudice to the User's responsibility for the accuracy of his/her own or third parties' Personal Data published or shared on this site, the Owner will process the following types of data:

1. Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, data on web contacts do not persist for more than thirty days

2. Data voluntarily provided by the user

The optional and explicit sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. The completion, entirely voluntary, of data acquisition forms to request specific services or adhere to offers or the purchase of services involves the subsequent processing of personal data provided to ensure the execution of a contract to which the interested party is a party or to the execution of pre-contractual and/or contractual measures taken at the request of the same. The company has taken specific measures to ensure that data processing is preceded by a voluntary action of the user to have read this privacy policy.
LIn any case, unless expressly requested and necessary, personal data belonging to special categories under Article 9(1) of the GDPR i.e. personal data revealing racial or ethnic origin, political opinions, religious beliefs or philosophical or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to a person's health or sex life or sexual orientation. Personal data voluntarily disclosed and collected by this site, either independently or through third parties, may include, for example: first name, last name, Social Security Number, date of birth, telephone number, e-mail, company name, address, country, province, zip code, city

3. Cookies

For a precise description of the processing methods carried out through Cookies or other tracking tools, please refer in full to the "Cookie policy" found in the so-called "cookie banner" as well as, for further information, to the Guidelines adopted by the Guarantor Authority dated 10.06.2021.

4. Minors

The services on this website are not intended for minors and the Owner does not knowingly collect data, including personal data, referring or referable to minors.
If the Company learns that it has collected personal information about a minor, it will immediately delete it, unless there is a legal obligation to retain it or if such processing is required by a court order. The User, therefore, is encouraged to contact us if he or she believes that the Controller has mistakenly or unintentionally collected information about a minor.

Mode of treatmente

The processing of personal data of users or interested parties is carried out through the use of mainly computer and/or telematic tools and for the period strictly necessary for the purposes listed below, which delimit the scope of their collection. The Company adopts specific security measures aimed at preventing any loss, illicit or incorrect use, unauthorized access, unwanted modification, disclosure and/or destruction of the collected data.

Transfer od personal data

The Data Controller takes specific measures to circumscribe the areas of circulation and processing of personal data (e.g., storage, archiving, retention of data on its servers) to countries that are part of the European Union. The Data Controller also does not transfer data to non-EU countries that do not guarantee an adequate level of protection, or in the absence of the means of protection provided by Chapter V of the GDPR (transfer on the basis of an adequacy decision, Standard Contractual Clauses or explicit consent from the data subject) or compliance with the EU-US Data Privacy Framework.

Social buttons

The Company's website uses the following platforms as social plug-ins: Instagram, TikTok, Facebook. This means that the user, by clicking on particular "buttons" (called social buttons/widgets) depicting the icons of these social networks, he is automatically and directly redirected to the provider of the chosen social network, where he can activate an interaction with the Company's corporate profile. The interested party, therefore, is encouraged to consult and consider the privacy policy of the selected platform and to visit the company's Cookie policy section of the site for a more complete and thorough description of the contents of this feature.

Data retention

In adherence to the principles of storage limitation (Art. 5 par. 1ett. e GDPR) and data minimization (Art. 5 para. 1(c) GDPR), the Data Controller will process the personal data of the data subjects for the time strictly necessary to achieve the purposes set out in this policy. By way of example only, the newsletter service will acquire personal data until the data subject, entirely freely, decides to revoke consent, an option easily pursued through a simple click in the email sent by the Company. In any case, personal data will be processed no further than the limit provided by Italian law to protect the interests of the Data Controller, i.e. in accordance with the principles contained in Articles 2934 ss. of the Civil Code and concerning the prescription and forfeiture of rights in civil law.
Also regarding the retention period and the criteria used to determine it, any additional information may be requested by contacting the DPO at dpo@terramoretti.it

Automated processing

Pursuant to Art. 22 para. 1 GDPR, the Controller does not carry out processing based on automated decision-making, including profiling, which is likely to produce legal effects or significantly affect the data subject.

Rights of interested parties

The user/participant is entitled to freely exercise the rights that European legislation (Art. 15 ff. GDPR) grants him/her in the context of the processing of his/her personal data. More in detail, they are:

• revocation of consent at any time and as easily as it was granted (Art. 7 par. 3). Revocation of previously expressed consent does not affect the lawfulness of the processing carried out until revocation;
• opposition to the processing, in case the latter is carried out for direct marketing purposes, without specifying the reason for the opposition, or for reasons related to the particular situation of the data subject, to be specified in the request (Art. 21);
• access to data (Art. 15). This right consists of obtaining information about the data processed by the Data Controller and/or certain aspects of the processing, as well as receiving a copy of the data processed by the Data Controller;
• rectification (art. 16). The User may verify the correctness of his or her Data, including by providing a supplementary statement, and request that it be updated or corrected;
• cData erasure or so-called right to be forgotten (Art. 17). When certain conditions are met (non- necessity of data retention with respect to the purposes, withdrawal of consent where provided as a legal basis, objection to processing, unlawful processing of data, obligation to erasure to enable the Data Controller to comply with an obligation under Union or Member State law, data collection as part of information society services), the User may request that the Data Controller erase their Data;
• Limitation of processing (Art. 18). Upon the occurrence of certain conditions (contestation of the accuracy of the data, unlawful use of the data, willingness of the data subject to use the data in judicial venues, pendency of the verification as to whether the legitimate reasons of the Data Controller prevail over those of the data subject in case of opposition to the processing), the User may request the restriction of the processing of his/her Data. In this case, the Data Controller will not process the Data for any purpose other than its preservation;
• Data portability (art. 20). This right consists in the receipt, at the User's request, of his or her data in a structured, commonly used and machine-readable format and, where technically possible, the unimpeded transfer to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the User's consent, a contract to which the User is a party or contractual measures related thereto;
• complaint (art. 77). This right can be exercised by filing a complaint with the relevant data protection supervisory authority or through court action.

Hot to exercise your rights

The rights listed above can be exercised by contacting the Company's DPO at dpo@terramoretti.it

Update and review

The privacy policy was updated to revision 2 on May 24, 2024 and may be subject to future revisions, which will also be posted within this site.