Privacy Policy

Last updated on 21/09/2020

 

CONTENTS

  1. INTRODUCTION
  2. WHO PROCESSES YOUR DATA
  3. WHICH DATA DO WE PROCESS
  4. WHAT ARE THE PURPOSES OF DATA PROCESSING?
  5. HOW DO WE PROCESS YOUR DATA?
  6. HOW LONG DO WE PROCESS YOUR DATA?
  7. TO WHOM DO WE COMMUNICATE OR TRANSFER YOUR DATA?
  8. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
  9. CHANGES TO THIS PRIVACY POLICY

 

1) INTRODUCTION

In this document, we describe how we manage the website https://www.ruffino.it (hereinafter "Website") with reference to users personal data processing. The Website is managed by Ruffino s.r.l., with headquarter at Piazzale Ruffino n.1, Pontassieve (Florence), Italy (hereinafter "Ruffino").

When you browse our Website, you interact with us or use our services ("Services"), we can collect information and personal data about you. For this reason, in accordance with the provisions of Regulation (EU) n. 2016/679, the General Data Protection Regulation ("GDPR"), we have created the following document (hereinafter "Privacy Policy") in order to describe to you the personal data we collect, the purposes and methods of data processing and security measures we implement to protect them.

This Privacy Policy constitutes the information provided pursuant to Articles 13 et seq. GDPR and to national data protection laws and it concerns exclusively the Website and the data processing by Ruffino and by Tenute Ruffino (as further indicated in par. 2). Any third party websites referred to on this Website, including through links, are not covered by the information indicated in this Privacy Policy.

 

2) WHO PROCESSES YOUR DATA

On this Website, two subjects, acting as independent data controllers, can carry out personal data processing.

As detailed in the respective sections, indeed, for certain processing purposes, the data controller is Ruffino s.r.l., with headquarter at Piazzale Ruffino n.1, 50065 Pontassieve (Florence), Italy, email address: info@ruffino.it ("Ruffino"); for other processing purposes, instead, the data controller is Tenute Ruffino s.r.l. Società Agricola, with headquarter at Via Poggio al Mandorlo 1, 50012 Bagno a Ripoli (Florence), Italy, email address: hospitality@ruffino.it ("Tenute Ruffino").

 

3) WHICH DATA DO WE PROCESS

  • Navigation data: The information systems and software procedures relied upon to operate this Website collect personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This information is not gathered to be associated with identified subjects but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used to connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the purpose of obtaining statistical information on the use of the Website and to check its correct functioning and they are deleted in line with the requirements of applicable law. The data could be used to ascertain responsibility in case of possible criminal actions or damages against the Website only to the extent permitted by applicable law.
  • Data necessary to have access to the Website, cookies and other technologies: To enter into our Website, we ask the users to indicate their country and date of birth, in order to allow access only to those who are of legal age. Furthermore, subject to your prior consent as required under applicable law, our Website uses cookies and other technologies; for more information visit our Cookie Policy.
  • Identification data, contact data and other personal information: Optional sending of e-mail messages to the addresses indicated on this Website entails the subsequent acquisition of the sender's address, necessary to respond to the requests, and of any other personal data included in the message. If you collect, process and communicate to us information of third parties, you will need to do so in accordance with the provisions of the GDPR and, therefore, you will need to give the third parties prior information on the purposes and methods of processing and, if necessary, you will need to collect their free and express consent before carrying out the processing activity.
    Through our Website you can also send a message to request for information or check availabilities for our accommodations, our Locanda, our events and tastings; to do so, you can fill in a form with your name and surname, the email address to be contacted with the reply to your request, and, if necessary, a short text message.
    Furthermore, your email address can be processed when you decide to subscribe to our newsletter.
    If you are part of our press and media contact lists, we may process the data you provided for your work, such as your name, surname, email and other contact details, agency or company for which you work.
    Specific summary information notices will be progressively reported or displayed on the Website pages set up for particular services on request.
  • Data collected on the "Buy Now" section: On our Website it is possible to make purchases through third party services and platforms. In particular, when you access the section of the online shop, you will be able to access, hosted within the pages of our Website, the e-commerce platform managed by WinePlatform, through which you can buy Ruffino products online. Since it is an external website, you can find all relevant information on the processing of your personal data by visiting WinePlatform privacy policy and cookie policy, accessible via that same section.

 

4) WHAT ARE THE PURPOSES OF THE DATA PROCESSING?

We process your personal data for the following purposes and we indicate the respective legal bases:

  • To manage and operate our Website, providing you access to it, to improve it and to solve potential problems in accordance with the GDPR, Article 6 (1) (f). Processing is based on Ruffino's legitimate interest in presenting its activities and its products to the public, ensuring the functioning of the Website, improving its appearance and user experience. For these purposes Ruffino acts as data controller.
  • To get to know our users in accordance with the GDPR, Article 6 (1) (a) and (f). The use of cookies and similar technologies allows us to recognize you when you return to our Website andto analyse your online activities, subject to your prior consent, as applicable. For more information, visit our Cookie Policy. Ruffino is the data controller for this purpose.
  • To send you newsletters and invitations to events organized by Ruffino in accordance with the GDPR, Article 6 (1) (a). When you subscribe to the newsletter, Ruffino, as data controller, with your consent uses your data (your email address) to send you communications via email about Ruffino and Tenute Ruffino, such as news and promotions, commercial and advertising communications about the products and services offered, invitations to events organized by Ruffino and Tenute Ruffino (or in which they take part). Failure to provide your data does not affect your ability to browse our Website. You can withdraw your consent with future effect at any time by sending us an email at the addresses indicated above or by using the link offered on the bottom of each newsletter you receive.
  • To send you information material and answers to your requests in accordance with the GDPR, Article 6 (1) (b) and (f). You can send us messages and requests through the forms on our Website or directly to the addresses on the same; we use your information to answer your requests. Processing is based on the performance of the contract with the data subject, including the fulfilment of any requests you made or on the legitimate interest of Ruffino or Tenute Ruffino to respond to your messages or requests. Failure to provide your data may make it impossible for Ruffino to fulfil your requests. For requests related to the Agriresort and Locanda Tre Rane, Tenute Ruffino acts as data controller. For all the other requests, Ruffino is the data controller.
  • To communicate with our press contacts in accordance with the GDPR, Article 6 (1) (a) or (f). If you are part of our press and media contact lists, we may process data you provided to send you information of interest to your work, such as the organization of events by Ruffino, the introduction of new products or other initiatives that we advertise through our press channels. The processing is based on Ruffino's legitimate interest for sponsoring its activities to the audience through traditional channels, and, where required under applicable law, your consent. If you no longer wish to receive our information, you can contact us at the contact details indicated above to object or withdraw your consent, as appropriate. Ruffino is the data controller for this purpose.

The provision of you data is neither a statutory nor a contractual requirement. You are not obliged to provide us with your data, however, failure to do so may prevent you from using all features of the Website or our the full range of our Services.

 

5) HOW DO WE PROCESS YOUR DATA?

Your personal data can be processed with automated and/or paper-based tools.

The security of your personal data is important to us. We adopt - and we require our service providers to adopt - adequate technical and organizational security measures to prevent data loss or destruction, even accidental, unlawful or incorrect uses and unauthorized access to data, in compliance with applicable laws. Furthermore, IT systems are set in a manner that allows to use personal and identification data only if necessary to achieve specific processing purposes.

We implement multiple technologies and security procedures to protect personal data from the risks described above.

However, we would like to remind you that electronic transmission and information storage are not 100% safe. Therefore, we are not able to guarantee that loss, misuse or alteration of the data will never occur, despite the security measures we implement to protect your personal data.

We do not use automated individual decision-making that would produce legal effects for you or would similarly significantly affect you.

 

6) HOW LONG DO WE PROCESS YOUR DATA?

Personal data are processed for the time necessary to provide the requested information or Services, in compliance with any applicable legal or regulatory obligations. Notably, in case of subscription to our newsletter, we process your personal data until your possible withdrawal request or your objection to the processing. You can exercise your rights at any time, including the right to delete your data. More information is provided in section 8 below. When you send a communication or a request to us, we process your personal data for the time necessary to reply to your question or provide the requested assistance. In case you are part of our press contacts, we store your contact details until your possible request of erasure (or your withdrawal of consent, if applicable). For further information on the retention of cookies and similar technologies, please visit our Cookie Policy. For further information on retention of data collected through the e-commerce platform managed by WinePlatform, please visit the related information on the "Buy Now" section of this Website.

 

7) TO WHOM DO WE COMMUNICATE OR TRANSFER YOUR DATA?

Our authorized staff, according to respective needs, will process your personal data. Furthermore, your data will be processed by our suppliers for technical and organizational services functional to the processing purposes stated above, such as for example suppliers of technical assistance services for the Website; suppliers of hosting services; suppliers of services for the multiple sending of marketing communications; suppliers of documents and data archiving services. These parties act as our data processors based on our instructions and on the agreements signed with us.

We might disclose your personal data to authorities or public bodies and to any other legitimate recipient pursuant to the law. In this case, the recipients will act as autonomous data controllers according to their respective institutional purposes.

If we reorganize, acquire or sell our company or branches of it, we will communicate your personal data to the third parties involved in the procedure, as permitted under applicable law. During said procedure, any third party recipient of your personal data might only use them within the limits established by this Privacy Policy and applicable law.

To receive the updated list of your personal data recipients you can contact us at the contacts indicated above.

In case of transfer of your data abroad to foreign countries that do not guarantee the same level of data protection as in your home country, we will ensure that the transfer is carried out in compliance with the provisions of applicable laws, i.e. through the collection of your consent, when necessary, or through the adoption of any other measure necessary to ensure an equivalent protection of transferred data, including, without limitation, by concluding standard contractual clauses according to European Commission template. If you would like to receive a copy of these safeguards, please contact us through the contact details indicated in section 2 of this Privacy Policy. Currently, your personal data are not transferred outside of the European Union.

 

8) WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

Pursuant to - and subject to certain restrictions under - applicable personal data protection law, you can request to access your personal data, to verify its accuracy or to ask its rectification or update at any time.

You can also request to erase your personal data, as well as to limit your data processing in the cases provided by the law and you can object to the processing of your data on grounds relating to your particular situation, at any time, unless for the existence of compelling legitimate grounds of processing by the data controller or as otherwise restricted under applicable personal data protection law.

The right to object to the processing of personal data can be exercised at any time in cases of processing for direct marketing purposes.

You can also request portability of your data, and receive such data in a structured format, commonly used and machine-readable, and you can request that your data be transferred to another data controller without any obstruction from our part.

 

You can lastly withdraw your consent to the processing of personal data at any time.

 

You can contact Ruffino and Tenute Ruffino through the contact details indicated in section 2 of this Privacy Policy to exercise the abovementioned rights.

Lastly, you can lodge a complaint with the competent supervisory authority or contact the authority if the exercise of your rights is subject to delay, limitation or exclusion by the data controller.

The contact details of the national supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

The contact details of the German state data protection authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. You can also exercise all other rights provided to you under national data protection laws.

 

9) CHANGES TO THIS PRIVACY POLICY

We may update and modify this Privacy Policy either completely or partly at any time. The version published on the Website is the last updated and currently in force. In case of modification of this Privacy Policy, we will inform you through a special banner, link or pop-up on the home page of the Website or through a dedicated email.