Your privacy is important to us. Through this document, The Wine Agency intends to (1) describe its privacy practices and (2) obtain your consent for the specific purposes we describe below.
Information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers are, for example, a name, an identification number, location data, electronic identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data
“Processing” means an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Cookies” are small text files containing information considered as relevant that the devices use for access (computers, mobile phones or portable mobile devices) load, via the internet browser (browser), when an online site is visited by the Customer or User.
What kind of personal data do we collect?
We collect personally identifiable information such as your name and email address when we respond to requests or exchange correspondence. We may use your contact information for emails, telephone contacts or addressed correspondence in order to distribute content related to us. We collect other types of information when you browse our site using tools to measure and collect navigational information, including page response time, total time spent on particular pages and methods used to leave the page. This data allows us to personalise your visits.
How do we use the personal data we collect?
Unless otherwise stated, the legal basis for the processing of your personal data results from the fact that it is necessary for us to exercise our legitimate interest to promote our services, in accordance with the General Data Protection Regulation, namely:
-To provide information about our services, in newsletters, informative emails and surveys on ideas for future improvements;
-To help us create content that is relevant to you;
-To provide special offers that may be of interest to you;
-For accounting, tax and administrative management, if any.
Your personal data is only processed for as long as is necessary to achieve the defined purpose or, depending on which is applicable, until you exercise your right to object, right to be forgotten or withdraw consent, and provided that this is not a result of a legal or contractual requirement (in the context of the provision of services).
How do we protect your personal data?
To ensure the security of your personal data, we have established some security and protection measures. Your personal data is stored on secure networks, which can only be accessed by a limited number of persons who have access rights, and who undertake to respect and maintain the confidential nature of such information. Please note, notwithstanding these measures, that when you provide personal information on the Internet there is always a risk that it may be intercepted and used by third parties outside of our control. Although we make every effort to protect your personal information and privacy, we cannot guarantee the security of the information you make available over the Internet.
To whom do we transmit and who has access to your personal data?
We do not share your data with third parties, except in the following cases:
-with competent authorities to comply with legal obligations
-with external suppliers/consultants to provide us with certain services (by contractual requirement and within the scope of service provision). Like us, our suppliers/consultants, are also subject to compliance with the General Data Protection Regulation. However, we require subcontracted suppliers/consultants to keep our clients’ personal data secure and confidential.
Which are the rights of the personal data subject?
a) Right of access – provision of information about the personal data that The Wine Agency holds in respect of the data subject and about the processing thereof;
b) Right of rectification – correction, updating or inclusion of information (that may be missing) regarding the data subject;
c) Right to erasure of data (“right to be forgotten”) – erasure of data, verified the legal requirements for this effect (no active contracts, exceeded the legal period of retention of data to which The Wine Agency is obliged);
d) Right to limitation of processing – (temporary) suspension/cessation of data processing, in compliance with the applicable legal requirements;
e) Right to portability – availability of the personal data provided by the customer, in a structured format for current use and automatic reading, so that they can be transmitted to another controller
f) Right of opposition – revocation of consent for data treatment(s) carried out on that basis.
What are the procedures in case of data breach and loss?
The Wine Agency has a Data Protection Officer, responsible for preventing data loss. If this occurs, despite all the precautions taken, the officer will evaluate the risk associated with the loss and inform the individuals concerned within 72 hours.
In legal terms, the communication to the user is not required in the following cases:º
1)In case The Wine Agency has applied adequate protection measures, both technical and organisational, and those measures have been applied to the Personal Data affected by the Personal Data breach.
2) Where The Wine Agency has taken subsequent measures which ensure that the high risk to the rights and freedoms of the user is no longer likely to materialise;
3) If communicating with you would impose a disproportionate effort on The Wine Agency. In that case, it will make a public announcement or take a similar measure by which you will be informed.
We retain your personal data only for as long as necessary for regular contact with you. To withdraw consent to the collection, processing and use of your personal data, at any time, you can send the request to the email address firstname.lastname@example.org
We may choose to modify or update this policy in the future, either due to changes in legislation or to cover new developments on the internet itself. We therefore reserve the right to make any such changes, and ask you to visit this page regularly so that you can keep up to date.