Extended Privacy Policy of www.corteanna.com

GDPR General Data Protection Regulation UE 2016/679

INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA of users who consult the website for personal data protection pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

PRIVACY POLICY

For Cantina Corte Anna with exclusive reference to the website www.corteanna.com (hereinafter referred to as the “Site“), the privacy of our users is of paramount importance.
This Privacy Policy outlines what data is collected and how it is used, disclosed, transferred, and/or stored by the Site. This site collects some personal data from its users. Users may be subject to different levels of protection. Therefore, some users enjoy superior protection. Further information regarding protection criteria can be found in the applicability section.


Data Controller

For questions regarding this privacy policy, you can contact us using the information provided below:

  • Soc. Agr. Palvarini Anna e C. s.s.
  • VAT No. 01910470986
  • Registered office: Via Vigneto 10, 25019 Santa Maria di Lugana (BS)
  • Phone: 389.7638918
  • Email: info@corteanna.com
  • Data Protection Officer (DPO): Anna Palvarini

Our users can send requests regarding the protection of personal data, privacy, and security to the address info@corteanna.com.


Types of Data Collected

It is possible to visit our website anonymously.
Among the personal data collected by www.corteanna.com, either independently or through third parties, are: Cookies, usage data, Email, Name, and various types of Data.

Complete details on each type of collected data are provided in the dedicated sections of this privacy policy or through specific informative texts displayed prior to the collection of such data.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of the site.

In cases where the site indicates certain data as optional, Users are free to refrain from communicating such data, without this affecting the availability or functioning of the Service.

Users who have doubts about which data are mandatory are encouraged to contact the Data Controller.

Any use of Cookies – or other tracking tools – by the site or by third-party service providers used by the site, unless otherwise specified, is aimed at providing the Service requested by the User, in addition to any other purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through the site and guarantees to have the right to communicate or disseminate them, releasing the Owner from any liability to third parties.


Methods and Place of Processing of Collected Data

Processing Methods

The Data Controller processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data.
Processing is carried out using computers and/or IT-enabled tools, with organizational methods and logics strictly related to the purposes indicated.

In addition to the Data Controller, in some cases, certain categories of persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators personnel) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, appointed, if necessary, as Data Processors by the Data Controller. An updated list of these parties may always be requested from the Data Controller.


Legal Basis of Processing

The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

  1. The User has given consent for one or more specific purposes; Note: In some jurisdictions, the Data Controller may be authorized to process Personal Data without the User’s consent or another legal basis specified below, as long as the User does not object (“opt-out”) to such processing. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
  2. Processing is necessary for the performance of a contract with the User and/or for the execution of pre-contractual measures;
  3. Processing is necessary to comply with a legal obligation to which the Data Controller is subject;
  4. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  5. Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

Nevertheless, it is always possible to ask the Data Controller to clarify the specific legal basis of each processing and in particular to specify whether the processing is based on the law, provided for by a contract, or necessary to conclude a contract.


Location

  • The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. For further information, contact the Data Controller.
  • The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information regarding the location of the processing, the User can refer to the section concerning details about the processing of Personal Data.
  • The User has the right to obtain information regarding the legal basis of the transfer of Data outside the European Union or to an international organization governed by public international law or established by two or more countries, such as the United Nations, as well as regarding the security measures adopted by the Data Controller to protect the Data.
  • If one of the aforementioned transfers takes place, the User can refer to the respective sections of this document or request information from the Data Controller by contacting them using the details provided at the beginning.

Data Retention Period

Data is processed and stored for the time required by the purposes for which it was collected.
Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the completion of such contract.
  • Personal Data collected for purposes related to the legitimate interests of the Data Controller will be retained until such interests are fulfilled. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When processing is based on the User’s consent, the Data Controller may retain Personal Data for a longer period until such consent is revoked. Additionally, the Data Controller may be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon expiration of this period, the right to access, delete, rectify, and the right to data portability cannot be exercised.


Purposes of Processing Collected Data

User Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Statistics, Address Management and Email Sending, Payment Management, Interaction with social networks and external platforms, Contacting the User, Spam Protection, Affiliate Marketing, Landing Page and Invitation Page Management, Content and Feature Performance Testing (A/B testing), User Database Management, Heat mapping and session recording, Interaction with online survey platforms, and Interaction with live chat platforms.
For further detailed information on the purposes of processing and the Personal Data relevant to each purpose, the User can refer to the relevant sections of this document.


Details on the Processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Facebook Permissions requested by this Site

This Site may request certain Facebook permissions that allow it to perform actions with the User’s Facebook account and to collect information, including Personal Data, from it.
For more information about the following permissions, refer to the Facebook permission documentation and the Facebook privacy policy.

The requested permissions are as follows:

Basic information

Basic information of the User registered on Facebook, which normally includes the following Data: ID, name, picture, gender, language, and, in some cases, the User’s Facebook “Friends.” If the User has publicly provided additional Data, it will be available.

Sharing

Sharing on behalf of the User.

Insights

Provides access to Insight data for pages, applications, and domains owned by the User.

Likes

Provides access to the list of all pages that the User has liked.

Friends’ about me

Provides access to the “about me” section of friends’ profiles.

Access to private data

Allows access to the User’s and friends’ private data.

Access to activities

Provides access to the User’s activity list.

Access to friends lists

Provides access to lists of friends created by the User.

Access to requests

Provides read access to the User’s friend requests.

Access to News Feed

Provides access to the News Feed posts and allows the application to search it.

Status update

Updates the User’s status.


Implementation for Contacting the User and being contacted by the User.

Mailing List or Newsletter (This Site)

By registering for the mailing list or newsletter, the User’s email address is automatically added to a list of contacts to whom email messages containing information, including commercial and promotional information, regarding this Site may be transmitted. The User’s email address may also be added to this list as a result of registering for this Site or after making a purchase.
Personal data collected: Email and Name.

Contact form (This Site)

By filling in the contact form with their Data, the User consents to their use for responding to requests for information, quotes, or any other kind of request as indicated by the form’s header.
Personal data collected: Email and Name.

Whatsapp WEB (Facebook Inc.)

The “Contact us with Whatsapp” button, and associated widgets, are messaging services for interacting via the web application “Whatsapp.”
Location of processing: USA

  1. Update of Terms of Service and Privacy Policy for users in the European Union
  2. Whatsapp Privacy Policy

Facebook Messenger (Facebook Inc.)

The “Contact us with Facebook Messenger” button, and associated widgets, are messaging services for interacting via the web application “Facebook Messenger.”
Location of processing: USA

Policy on data collected by Facebook (This policy describes the information we process to support Facebook, Instagram, Messenger, and other products and functions offered by Facebook Inc.)


Address Management and Email Sending

  • These services allow for the management of a database of email contacts, phone contacts, or contacts of any other type used to communicate with the User.
  • These services may also allow for the collection of data concerning the date and time of message viewing by the User, as well as the User’s interaction with them, such as information on clicks on links inserted in the messages.

MailChimp (The Rocket Science Group, LLC.)

MailChimp is an address management and email sending service provided by The Rocket Science Group, LLC.Personal Data collected: email.

Location of processing: USA – Privacy Policy.

Contact Form 7

Contact Form 7 is a form creation and management service that allows this site to integrate such content within its pages provided by TypeForm S.L.
Personal data collected: Email and Name. Various types of Data as specified in the privacy policy of the service.

Location of processing: Japan – Privacy Policy


SPAM Protection

These services analyze the traffic of this Site, potentially containing Users’ Personal Data, with the purpose of filtering it from parts of traffic, messages, and content recognized as SPAM.

Google reCAPTCHA (Google Inc.)

Google reCAPTCHA is a SPAM protection service provided by Google Inc.
The use of reCAPTCHA is subject to the privacy policy and terms of use of Google.
Personal Data collected: Cookie and Usage Data.

Location of processing: United States – Privacy Policy. Adhering to the Privacy Shield.

Akismet (Automattic Inc.)

Akismet is a SPAM protection service provided by Automattic Inc.Personal Data collected: Various types of Data as specified in the privacy policy of the service.

Location of processing: United States – Privacy Policy.


Third-Party Account Access

These services allow this Site to access Data from your accounts on third-party services and perform actions with them.
These services are not activated automatically but require the User’s explicit authorization.

Twitter account access (Twitter, Inc.)

This service allows this Site to connect with the User’s account on the Twitter social network, provided by Twitter, Inc.
Personal data collected: Various types of Data as specified in the privacy policy of the service.

Location of processing: United States – Privacy Policy

Facebook account access (This Site)

This service allows this Site to connect with the User’s account on the Facebook social network, provided by Facebook, Inc.
Permissions requested: Sharing, Insights, and Likes.

Location of processing: United States – Privacy Policy


Statistical Analysis

The services in this section allow the Data Controller to monitor and analyze traffic data, serving to track user behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports, and sharing them with other Google services.
Google may use Personal Data to contextualize and personalize the ads of its own advertising network.

The following link https://tools.google.com/dlpage/gaoptout?hl=it also provides a browser add-on provided by Google to disable Google Analytics.

Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy PolicyOpt Out

Facebook Ads Conversion Tracking (Facebook, Inc.)

Facebook Ads Conversion Tracking is a statistics service provided by Facebook, Inc. that connects data from the Facebook ad network with actions performed on this Site.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy


Content Commenting

Commenting services allow Users to formulate and make public comments regarding the content of this Site.
Users, depending on the settings decided by the Owner, can leave the comment anonymously. If among the Personal Data released by the User there is an email, this could be used to send notifications of comments concerning the same content. Users are responsible for the content of their comments.

If a commenting service provided by third parties is installed, it is possible that, even if Users do not use the commenting service, it collects traffic data relating to the pages where the commenting service is installed.

– Indirectly Managed Commenting System (Disqus)

This site has an indirectly managed content commenting system.

DISQUS (DISQUS)

Disqus is a content commenting service provided by Big Heads Labs Inc.
Personal Data collected: Cookie, Usage Data, and various types of Data as specified in the privacy policy of the service.

Location of processing: USA – Privacy PolicyOpt out

Info: https://help.disqus.com/customer/portal/articles/466235-use-of-cookies

FACEBOOK COMMENTS (FACEBOOK, INC.)

Facebook Comments is a service managed by Facebook, Inc. that allows the User to leave their comments and share them within the Facebook platform.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy


Interaction with Social Networks

These services allow for interactions with social networks, or with other external platforms, directly from the pages of this Site.
Interactions and the information acquired by this Site are subject in any case to the User’s privacy settings related to each social network.

If an interaction service with social networks is installed, it is possible that, even if Users do not use the service, the same service collects traffic data relating to the pages where it is installed.

LinkedIn Social Button and Widgets (LinkedIn Corporation)

The LinkedIn social button and widgets are interaction services with the LinkedIn social network, provided by LinkedIn Corporation.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

Facebook Like Button and Social Widgets (Facebook, Inc.)

The Facebook Like button and social widgets are interaction services with the Facebook social network, provided by Facebook, Inc.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

Twitter Tweet Button and Social Widgets (Twitter, Inc.)

The Twitter Tweet button and social widgets are interaction services with the Twitter social network, provided by Twitter, Inc.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

Pinterest Button (Pinterest, Inc.)

The Pinterest button is an interaction service with the Pinterest social network, provided by Pinterest, Inc.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy


External Platform Content

These services allow for the display of content hosted on external platforms directly from the pages of this Site and interaction with them.
In the event that a service of this type is installed, it is possible that, even if Users do not use the service, the same service collects traffic data relating to the pages where it is installed.

Vimeo Video (Vimeo, LLC)

Vimeo is a video content viewing service managed by Vimeo, LLC, which allows this Application to integrate such content within its pages.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

YouTube Video Widget (Google Inc.)

YouTube is a video content viewing service managed by Google Inc., which allows this Site to integrate such content within its pages.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

Google Fonts (Google Inc.)

Google Fonts is a font style display service managed by Google Inc., which allows this Site to integrate such content within its pages.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

Google Maps (Google Inc.)

Google Maps is a map display service managed by Google Inc., which allows this Site to integrate such content within its pages.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

Google Translator (Google Inc.)

Google Translate provides automatic translation of the Site into various languages that the user can choose from the widget placed at the top of each page of the site.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy

Instagram Widget (Instagram, Inc.)

Instagram is an image viewing service provided by Instagram, Inc., which allows this website to incorporate such content on its pages.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy Policy.

Leadin Widget (HubSpot Inc.)

Leadin is a service for managing email addresses and tracking user behavior on the site for statistical purposes, provided by HubSpot, Inc.
Leadin is used to collect personal data from users. Once subscribed, the service collects data on user behavior on the site such as pages visited and viewing time.

Personal Data collected: Cookie, Usage Data, Name, Surname, Email Address

Location of processing: USA – Privacy Policy

TAWK.TO Chat

Tawk.to is a live chat with visitor data recording.
Personal Data collected: Cookie and Usage Data

Location of processing: Latvia – Privacy Policy.

Data Protection Disclaimer (https://www.tawk.to/data-protection/) :

  1. GDPR Compliance Disclaimer
  2. SUB Processor List
  3. DPA | Data Processing Addendum

Remarketing and Behavioral Targeting

These types of services allow the company and its partners to communicate, optimize, and serve advertising based on the User’s past use of the company’s services.This activity is carried out through tracking Usage Data and the use of Cookies, information that is transferred to partners connected to remarketing and behavioral targeting activities.

In addition to the opt-out possibilities offered by the services listed below, the User can opt out of receiving cookies related to a third-party service by visiting the Network Advertising Initiative opt-out page.

Facebook Remarketing (Facebook, Inc.)

Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the company’s activity with the Facebook advertising network.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy PolicyOpt Out.

AdWords Remarketing (Google Inc.)

AdWords Remarketing is a remarketing and behavioral targeting service provided by Google Inc. that connects the company’s activity with the Adwords advertising network and the Doubleclick Cookie.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy PolicyOpt Out.

Remarketing with Google Analytics for display advertising (Google Inc.)

Google Analytics for display advertising is a remarketing and behavioral targeting service provided by Google Inc. that connects the tracking activity carried out by Google Analytics and its Cookies with the Adwords advertising network and the Doubleclick Cookie.
Personal Data collected: Cookie and Usage Data.

Location of processing: USA – Privacy PolicyOpt Out.


Tag Management

This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralized manner.
This results in User Data flowing through these services, potentially resulting in the retention of this Data.

Google Tag Manager (Google LLC)

Google Tag Manager is a tag management service provided by Google LLC.
Personal Data collected: Cookie and Usage Data.

Location of processing: United States – Privacy Policy. Privacy Shield participant.


DNS Services

CloudFlare is a traffic optimization and distribution service provided by CloudFlare Inc.
The methods of integrating CloudFlare involve filtering all traffic to this Site, i.e., communications between this Site and the User’s browser, allowing for the collection of statistical data on it.

Personal Data collected: Various types of Data as specified in the service’s privacy policy.

Location of processing: USA – Privacy Policy


Additional Information on Personal Data

Server: Siteground

This site is hosted on servers provided by the hosting provider SITEGROUND Spain S.L. which is a company registered and existing under the laws of the Kingdom of Spain (registration number CIF: B87194171), with registered address: Calle de Prim 19, 28004 Madrid, Spain, and is responsible for processing the personal data we collect.

Privacy policy of SITEGROUND: https://it.siteground.com/privacy?scid=3&lang=it_IT

User Rights

Users can exercise certain rights regarding their Data processed by the Owner.
In particular, the User has the right to:

  • withdraw consent at any time. The User can withdraw consent previously given for the processing of their Personal Data.
  • object to processing of their Data. The User can object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • access their Data. The User has the right to learn about the Data processed by the Owner, obtain information about certain aspects of the processing, and receive a copy of the Data processed.
  • verify and seek rectification. The User can verify the accuracy of their Data and ask for it to be updated or corrected.
  • restrict the processing of their Data. When certain conditions are met, the User can request the restriction of the processing of their Data. In this case, the Owner will not process the Data for any purpose other than their storage.
  • obtain the erasure or removal of their Personal Data. When certain conditions are met, the User can request the erasure of their Data by the Owner.
  • receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of, or on pre-contractual obligations thereof.
  • lodge a complaint. The User can lodge a complaint with the competent data protection authority or take legal action.

Details about the right to object

When Personal Data is processed for the public interest, in the exercise of an official authority vested in the Owner, or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users are reminded that if their Personal Data is processed for direct marketing purposes, they can object to that processing without providing any justification. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users can refer to the relevant sections of this document.

How to exercise User rights

To exercise the User’s rights, Users may address a request to the Owner’s contact details provided in this document. These requests are free of charge and will be processed by the Owner as soon as possible, and always within one month.

Applicability of a higher level of protection

While most provisions of this document apply to all Users, some are expressly subject to the applicability of a higher level of protection to the processing of Personal Data.
Such higher level of protection is always ensured when processing:

  • is carried out by a Owner located in the EU; or
  • concerns Personal Data of Users who are in the EU and is related to the offering of goods or services, irrespective of whether a payment of the User is required, to such Users; or
  • concerns Personal Data of Users who are in the EU and allows the Owner to monitor such Users’ behavior as far as their behavior takes place within the EU.
Need Help? Chat with us