Privacy Disclaimer

Privacy Policy ex art. 13 D.lgs. 679/2016

Dear Sir,

we wish to inform you that GDPR 679/2016 (”EU General Data Protection Regulation”) provides for the protection of natural person regarding the treatment of personal, as well as the free movement of those data.

According to article no. 5 of GDPR 679/2016, this treatment will be based on principles of accountability, fairness, lawfulness and transparency, purpose and storage limitation, data minimisation and accuracy, as well as integrity and confidentiality of the rights of the data subject.

Pursuant to Article 13 of GDPR 679/2016, we inform you the treatment has the explicit consent as legal base. About that we provide the following information:

1. The personal data you provide will be used for the following purposes:
a. The management of the tourist services and for the purposes strictly related to the management of the service itself (such as the communication to supplier and partner. The conferment of data is necessary and any refusal to supply such data may lead to failure of the relationship.
b. The fulfillment of administrative and fiscal obligations under applicable laws , regulations and E.U. legislation. The conferment of data is necessary and any refusal to supply such data may lead to failure of the relationship.
c. The promotion and marketing work, to develop activity of public relations or market studies. The conferment is facultative.

2. The data will not be disclosed to other parties and they will not be transfered to a third country or international organisation. But, after consent, they will be circulated in the following manners:
– Photos will be used in our retail channels, in our websites and in our social networks to promote the tours.
– E-mail addresses will be used only to request you a feedback on the tours.

3. The personal data provided will be stored fisical and/or electronic archives located only in Italy for maximum 10 years (as per legal obligations). The treatment will be realized with paper, computer and electronic tools, (including online profiling), to ensure the security and confidentiality of the data.

4. The treatment also concerns personal data falls into the category of “sensitive” data, that are data disclosing religious, philosophical or other beliefs, as well as personal data disclosing health.
The treatment of the sensitive data has the same purposes provided for the treatment of personal data referred to in point 1 and 2 of this privacy policy
The data will not be disclosed to other parties and they will not be transferred to a third country or international organisation.

5. The data controller is Birrificio Valdarno Superiore Srl – . Via Cataliotti n°16 – 52025 Montevarchi (AR – Italia) – P.I.: 02153750514 .

6. The data processor of the treatment is Antonio Massa – CEO of the Birrificio Valdarno Superiore Srl, Contacts Phone +39 3491207715 and email info@birrabvs.it

7. At any time you may exercise your rights under artt. 15-23 Chapter 3 DGPR 679/2016 and in particular:

DGPR 679/2016

1. According to Art. 15 the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a. the purposes of the processing;
b. the categories of personal data concerned;
c. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f. the right to lodge a complaint with a supervisory authority;
g. where the personal data are not collected from the data subject, any available information as to their source;
h. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

5. The data subject shall have the right to obtain:
a. The update, the rectification and have incomplete personal data completed ( ref. art 16 right to rectification and art. 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing)
b. Erasure, transformation on anonymous form or blocking of personal data processed in violation of law, including the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (art. 17 Right to erasure ‘right to be forgotten’). The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided; the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible (art. 20 Right to data portability).

6. The data subject shall have the right to obtain from the controller restriction (in full or in part) of processing for licit reason, although the data fulfil of the purpose of collection (v. Art. 18 Right to Restriction of Processing art. 21 Right to Object.)

7. The data subject shall have the right to lodge a complaint with a supervisory authority if he considers that the processing of personal data relating to him or her infringes this Regulation (v. art. 77 Right to lodge a complaint with a supervisory authority); the data subject has also the possibility of a judicial remedy against a decision of a supervisory authority (v. art. 78 Right to an effective judicial remedy against a supervisory authority.