This privacy policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (the "Regulation" or "GDPR") to those who browse the website indicated below: https://www.tenutesansisto.com/

(the "Website").

This privacy policy describes the Website's management methods with regard to the processing of personal data relating to visitors who browse it. It should also be noted that this policy applies exclusively to the Website, excluding any websites to which visitors may be redirected via links available within the Website. For these reasons, to learn more about the details regarding the processing of personal data within these external websites, we invite you to read the relevant privacy policies.

‍

‍

1. WHO IS THE DATA CONTROLLER?

Angelini Wines & Estates Società Agricola a r.l., with registered office at Via Roma n. 117, 60031, Castelpiano (AN), represented by its legal representative pro tempore, is the data controller of your personal data (“Angelini” or the “Data Controller”), who can be contacted at the following email address:

angeliniwinesandestatessocagrarl@legalmail.it. 

‍

2. HAS THE DATA CONTROLLER APPOINTED A DATA PROTECTION OFFICER?

The Data Controller has designated a Data Protection Officer (DPO). The DPO can be contacted by email at dpo@angeliniwinestates.com or by writing to:

Data Protection Officer c/o

Angelini Wines & Estates Società Agricola a r.l.

Via Roma n. 11, 60031

Castelpiano (AN)

‍

3. WHAT IS PERSONAL DATA?

“Personal Data” means any information capable of identifying, directly or indirectly, a natural person, in this case, you who are browsing the Website (“Data”).

In particular, the Data Controller processes the following Data:

1. the IP address, domain name and URL of the device used;
2. geolocation data, browser type and operating system;
3. navigation data (e.g., number of visits to the Website and time spent on the Website);
4. your browsing history.

When you visit the Website, your Data is collected indirectly by the Data Controller (e.g., by tracking your device's IP address and URL to monitor Website usage). In any case, the Data Controller undertakes to collect only information that is adequate, relevant, and limited to what is strictly necessary to achieve the purposes it pursues from time to time, and that this does not result in a limitation or other violation of your rights and freedoms as a data subject.

‍

‍

4. PURPOSE AND LEGAL BASIS OF THE PROCESSING

4.1 Website Management

The Data Controller collects and processes your data to carry out activities related to the management and administration of the Website. Furthermore, the Data Controller may process your data to improve visitor navigation; such processing is based on the lawfulness of processing pursuant to Art. 6, paragraph 1, letter f), GDPR, i.e., the legitimate interest of the Data Controller.

‍

4.2 Fulfillment of legal obligations

The Data Controller collects and processes your Data to comply with legal and regulatory obligations incumbent on the Data Controller or with provisions of public authorities, pursuant to Art. 6, paragraph 1, letter c), GDPR, i.e., to fulfill a legal obligation. For this purpose, the provision of Data is mandatory. If you fail to provide it, the Data Controller will not be able to guarantee your navigation on the Website or the fulfillment of your requests.

‍

4.3 Defense of rights in court

 The Data Controller may process your Data to assert and defend its rights. Where necessary, processing will be based on the lawfulness of processing pursuant to Article 6, paragraph 1, letter f), GDPR, i.e., the Data Controller's legitimate interest. For this purpose, providing your Data is optional. However, if you fail to provide it, the Data Controller will not be able to guarantee your navigation on the Website.

‍

5. COOKIE

Cookies are packets of information sent by a web server (e.g., the website) to the user's Internet browser, which is automatically stored on the computer and automatically sent back to the server each time the site is accessed. The Data Controller uses cookies to provide contextualized information to visitors to the Website and to obtain statistics on access and/or use of the portal. By default, almost all web browsers are set to automatically accept cookies. Visitors can set their browser to accept/reject all cookies or display a warning whenever a cookie is proposed, allowing them to decide whether or not to accept it. Users can, however, change the default settings and disable cookies (i.e., block them permanently) by setting the highest level of protection. For further information on the characteristics, types, use, and methods for removing, deleting, or disabling cookies on the Website, please refer to the specific "Cookie Policy."

‍

6. WHERE DO WE TRANSFER YOUR DATA AND WHO DO WE DISCLOSE IT TO?

The server hosting the Website is located within the European Economic Area (EEA). Your Data may be disclosed to other companies within the Angelini Group, as well as to third-party companies located within the EEA that provide the Data Controller with Website maintenance and development services and, more generally, IT services, specifically appointed as data processors pursuant to Art. 28 of the GDPR. Where required by law, your Data may also be disclosed to other companies, competent authorities, or public bodies located within the EEA, who will process it for their own purposes as independent data controllers.

‍

7. HOW LONG DO WE KEEP YOUR DATA?

We process your data for the time strictly necessary to achieve the purposes indicated above. The retention periods for your data collected indirectly by the Data Controller through cookies are listed in the specific Cookie Policy. For each of the purposes referred to in paragraph 4, your data will be retained in compliance with the following:

‍

• Website Management: Your Data will be retained for the time strictly necessary to carry out the management and optimization activities of the Website;
• Fulfillment of a legal obligation/Defense of one's rights: Your Data will be retained for the time strictly necessary to comply with any legal or regulatory obligations imposed on the Data Controller and/or necessary to defend rights in court.

We reserve the right to retain log data for longer periods in order to manage any crimes committed against the Website (e.g., hacking). At the end of the period described above, your Data will be permanently deleted or otherwise rendered irreversibly anonymous.

‍

8. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

You, as the data subject, have the right to:

• access the Data and request a copy of the same;
• request the rectification or updating of the Data, if inaccurate or incomplete;
• request, in certain circumstances, the deletion of the Data or the limitation of the processing of the Data;
• request data portability;
• object to their processing (where applicable);
• revoke consent, where the processing of the Data was based on the aforementioned lawfulness condition.

To obtain further information regarding your rights, you can contact the Data Controller or the DPO at the addresses indicated in paragraphs 1 and 2 of this policy. The exercise of your rights is not subject to any formal constraints and is free of charge.

‍

9. HOW TO SUBMIT A COMPLAINT

If you wish to lodge a complaint regarding the way in which your data is processed, or regarding the management of a complaint you have lodged, you can submit a request directly to the Supervisory Authority (Italian Data Protection Authority, Piazza Venezia 11, 00187 - Rome, Italy, Telephone +39 06696771, E-mail: protocollo@gpdp.it, www.garanteprivacy.it).

‍

10.     FINAL PROVISIONS

The Data Controller reserves the right to modify and/or update this information.

‍

[Version updated March 2025]