Information on the treatment of personal data
Document addressed exclusively to adults
Santa Margherita S.p.A., in its capacity as Data Controller of the personal data in question (hereinafter, “Controller” and/or “Santa Margherita”), issues this notification to the Interested Parties, in compliance with European and Italian regulations regarding the protection of personal data.
With regard to the treatment described in this notification, Santa Margherita S.p.A. operates as Data Controller with reference to the products and services marketed under its brands (Santa Margherita, Kettmeir and Torresella), as well as the products marketed by the following companies, which are part of the same business group (hereinafter “Group”): SM Tenimenti Pile e Lamole e Vistarenni e San Disdagio S.r.l. Società Agricola, Cà Maiol S.r.l. Società Agricola and Cantina Mesa S.r.l. Società Agricola (hereinafter, taken together, “Products and Services”).
Purposes and legal basis for the treatment
Santa Margherita processes personal data for several purposes:
- To transmit commercial information, promotions, invitations to events, opinion polls, etc. concerning the Products and Services (“Marketing”), using the contact details of the Interested Party (telephone, mobile phone, e-mail): for this purpose, the user’s explicit consent is required;
- To analyze behaviors, habits and consumption patterns of the Interested Party, in order to meet specific needs and to improve its Products and Services, also by sending personalized commercial communications (“Profiling”): for this purpose, the user’s explicit consent is required, separately from that referred to in the previous point;
- To document the consent issued for Marketing and/or Profiling communications even after the revocation of the same: for this purpose, express consent is not required, because the treatment is necessary for the pursuit of the legitimate interest of Santa Margherita, so they can easily manage any requests in this area (by the Interested Party and the competent Authorities) and protect the reputation of the Group as a whole.
Profiling
For the purposes indicated in point 2), Santa Margherita, by means of automated decision-making processes, intends to analyze the Interested Party’s interaction with the communications received for Marketing purposes (e.g. webpages opened, clicks, etc.) and his/her behaviors in relation to the experiences with the Group’s companies (e.g. visits, purchases, etc.), in order to activate a communication process based on such analyses.
Period of data retention
Santa Margherita intends to treat the data according to the following time frame:
- For the purposes indicated in point 1), the data will be treated for 24 months following its registration, although the Interested Party may revoke his/her consent at any time, and the revocation may also refer to a single contact modality;
- For the purposes referred to in point 2), the data will be treated for 12 months following its registration, with the understanding that the Interested Party may revoke his/her consent at any time;
- For the purposes referred to in point 3), the data will be treated for 6 months following the revocation of the last consent given.
In any case, the data may be retained for a longer period, if necessary for the settlement (however reached) of any disputes that may have arisen.
Nature of the provision of data and consequences in case of refusal
The provision of data is optional: failing this, Santa Margherita will not transmit communications for Marketing purposes and/or will not carry out Profiling activities; in case of non-consent to Profiling, the Interested Party may still receive Marketing communications, which will therefore have a less personalized character: detailed information on this point is provided with the form.
Categories of recipients
The Controller will not disclose the data, but intends to communicate it to internal staff authorized to process it in accordance with their respective tasks, as well as to professionals or service companies (e.g. IT providers) and to public and private authorities, in the case of inspections and audits. These recipients, if they treat data on behalf of the Controller, will be appointed as data processors through a specific contract or other legal act.
Data transfer to a third country and/or an international organization
The Controller makes use of cloud computing services that may involve the treatment of data through servers or digital equipment located outside the European Economic Area: in all these cases, the transfers will be carried out in accordance with the specific provisions contained in the applicable personal data protection regulations. In particular, transfers will take place to countries with privacy legislation that the European Commission has considered adequate, or by binding the recipients with specific contractual clauses (those of the Group, which apply to subsidiaries, and the one approved by the Commission, which applies to others): please contact the Controller more information.
Rights of the Interested Parties
The Interested Party is entitled to ask the Controller for access to his/her personal data and to correct it when inaccurate, to delete it or to limit its treatment under certain conditions, to oppose its treatment for the Controller’s legitimate interests and to obtain the portability of the personal data submitted only if it is subjected to automatic processing based on consent or contractual conditions. The Interested Party also has the right to revoke his/her consent to the treatment for the purposes that require it, regardless of the legal compliance of the treatment performed up until the time of the revocation. To exercise any or all of the above rights, the Interested Party can fill out the form available at this link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 and send it to the Controller at the following email address: privacy@santamargherita.com. The Interested Party also has the right to lodge claims with the competent oversight Authority for the protection of personal data (www.garanteprivacy.it).