Privacy


home >en > Privacy

Privacy Policy pursuant to Article 13 of (EU) Regulation No. 679/2016 (‘GDPR’)

 

Binotto s.r.l. (hereinafter also referred to as ‘Binotto’) protects the confidentiality of personal data and guarantees its necessary protection against any event that may put it at risk of violation.
Pursuant to European Union Regulation No. 679/2016 (hereinafter the ‘GDPR’) and particularly Article 13 of the GDPR, please find below the information required by law for the processing of your personal data.

 

Who we are (Article 13, paragraph 1 (a), Article 15 (b) GDPR)

Binotto, with registered office at Via Divisione Julia 7/B – 36031 Dueville (VI) – Italy, acts as the Data Controller and can be contacted by e-mail at marketing@binotto.com and by phone at +39 0444 593290.

 

Categories of data:

Binotto may collect, receive and process the following information relating to you:
- Contact details: first name, last name, physical address, nationality, residential province and city, landline telephone number and/or cellphone number, fax number, tax ID number, email address, social media contact details;
- Bank account and payment card details;
- Internet traffic data Logs, originating IP addresses;
Binotto does not require you to supply so-called "private" data. According to the GDPR (Art. 9), personal data concern race or ethnicity, political opinions, religion or philosophy, union affiliation, genetic or biometric information used to uniquely identify a physical person, data associated with health or one's sex life, or sexual orientation.

 

Why we need and collect your personal data:

a) Website registration and required services
Your personal data is processed to fulfil a registration request on the websites of Binotto and the companies that are controlled by, in control of or under common control with Binotto (hereinafter respectively the ‘Websites’ and the ‘Affiliates’) and to manage the requests of information, access to the reserved area and the other services that you may require through the Websites.
The legal basis for this processing is to provide the services relating to a request for registration, information and contact, and/or sending informational materials, and to comply with legal requirements. Binotto and the Affiliates reserve the right to provide and/or suspend the required services at its sole discretion.


b) Administering contractual relationships
Your personal data is processed to implement all actions (including preliminary actions) relating to contracts involving Binotto and the Affiliates, whether your relation with such contracts is direct or indirect. The related legal basis is to fulfil the obligations under the contracts and to comply with legal requirements.

c) Direct sales and business promotion related to products/services of Binotto and the Affiliates
Binotto, even without your explicit consent, may use the personal data you provided by reason of contractual relationship for direct sales of its and the Affiliates’ products/services, which are similar to the products/services you have already purchased or required information about, and for the related business promotion.
The above mentioned activities may be carried out with the following methods:
- emails;
- sms or other types of electronic messaging;
- telephone contact;
- mail.

d) Marketing activities
Binotto may use the personal data you provided for direct marketing purposes (for example sending you newsletters and promoting events involving Binotto and/or the Affiliates), unless you specifically refuse.
Pursuant to Recital 47 of the GDPR, in case you are a client of the Data Controller, Binotto is entitled to process your personal data for such direct marketing purposes.
In case you contact Binotto or the Affiliates for the first time through the Websites, the processing of your personal data for such direct marketing activities is subject to your specific consent.
The above mentioned activities may be carried out with the following methods:
- emails;
- sms or other types of electronic messaging;
- telephone contact;
- mail.

e) Digital security
Pursuant to the Recital 49 of the GDPR, Binotto processes your personal data involving traffic to guarantee the security of networks and information of Binotto and the Affiliates. This means the capacity of the concerned network or information system to block, at a given level of security, any unforeseen events or illegal or malicious acts that would compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted as well as the security of the assets and systems of Binotto and the Affiliates.
The Data Controller will notify you if there is any risk of violation of your data.
The legal basis for this processing is to comply with legal requirements and the legitimate interests of the Data Controller in undertaking processing for the purpose of protecting corporate assets and the security of Binotto and the Affiliates’ offices and systems.

f) Profiling
Your personal data may also be processed for profiling purposes (such as analyzing the transmitted data and the selected services and required information on the Websites), suggesting advertising messages and/or business offers. You give explicit and informed consent by accepting this Privacy Policy. The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time.

g) Fraud prevention (Recital 47 and Art. 22 GDPR)
Your personal data, except for private data (Art. 9 GDPR) or legal information (Art. 10 GDPR) will be processed to allow controls for monitoring purposes and prevention of fraud.

h) Protection of minorsIn order to ensure the compliance with the age limitation pursuant to the GDPR the Data Controller implements preventive measures, such as checking tax identification numbers or the accuracy of the identification data on the identification documents issued by the relevant authorities.

 

Communication to third parties and categories of recipients (Article 13, paragraph 1 GDPR)

Your personal data is communicated to recipients whose activity is necessary to perform the business activities of Binotto and the Affiliates and to meet certain legal requirements, such as:

Categories of recipients

Purposes

Binotto, the Affiliates, third parties that resell the products of Binotto and the Affiliates and/or perform related services

Fulfillment of commercial, promotional, administrative, accounting and legal requirements relating to the business activities (sales, purchase, assistance, production, maintenance, delivery/shipping, and others) of the recipients

Credit and electronic payment institutions, banks/post offices, insurance companies

Managing deposits, payments, reimbursements associated with the above mentioned business activities

External professionals/consultants and consulting firms

Fulfillment of legal requirements, exercising rights,

protecting contractual rights, credit recovery

Governmental authorities, Ministries, Public Bodies and Agencies, Legal Authorities, Supervisory and Oversight Authorities

Fulfillment of legal/tax obligations, protection of rights

Computer network administrators, technicians, data centers

Functioning of the computer network and softwares of Binotto and the Affiliates, including storage of data

The Data Controller requires the above mentioned recipients to adhere to security measures that are equal to those Binotto adopts for your personal data.


With the consent to your data processing according to this Privacy Policy, you explicitly accept that, exclusively for the purposes specified above, the Data Controller may transfer your personal data to countries outside the European Union on the conditions set forth in Chapter 5 of the GDPR, even in the absence of an adequacy decision pursuant to Article 45 Paragraph 3 of the GDPR, or of appropriate safeguards pursuant to Article 46 of the GDPR and binding corporate rules pursuant to Article 47 of the GDPR. You explicitly acknowledge that in such cases the concerned third country may not ensure an adequate level of protection of your personal data equivalent to the GDPR, with specific reference to the following elements:

- the rule of law, respect for human rights and fundamental freedoms, relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law and the access of public authorities to personal data, as well as the implementation of such legislation, data protection rules, professional rules and security measures, including rules for the onward transfer of personal data to another third country or international organisation which are complied with in that country or international organisation, case-law, as well as effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data are being transferred;

- the existence and effective functioning of one or more independent supervisory authorities in the third country or to which an international organisation is subject, with responsibility for ensuring and enforcing compliance with the data protection rules, including adequate enforcement powers, for assisting and advising the data subjects in exercising their rights and for cooperation with the supervisory authorities of the Member States; 

- the international commitments the third country or international organisation concerned has entered into, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems, in particular in relation to the protection of personal data.

 

How we process your data (Article 32, GDPR)

The Data Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of your personal data, and requires the same security measures from third parties and the Processors, where applicable. The Data may be processed in hardcopy, by automated or electronic means.

 

How long is your data stored? (Article 13, paragraph 2 (a) GDPR)

Unless you explicitly require to remove it, your personal data shall be processed and stored for as long as required by the purpose the data has been collected for. The personal data collected for the purposes of the Data Controller’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by Binotto within the relevant sections of this document or by contacting the Data Controller.
The Data Controller may be obligated to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

 

What are your rights? (Articles 15 - 20 GDPR)

You have the right to obtain the following from the Data Controller:


a) confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the following information:
1. the purposes of the processing;
2. the categories of personal data in question;
3. the recipients or categories of recipients that have received or will receive your personal data, in particular if these recipients are in third party countries or are international organizations;
4. when possible, the anticipated storage period of your personal data or, if not possible, the criteria used to determine this period;
5. your right to require the Data Controller to correct or delete your personal data or the limits on processing your personal data or to oppose the processing of the data;
6. the right to lodge a complaint with a supervisory authority;
7. in the event the data is not collected from you, all of the information available regarding its origin;
8. whether there is an automated decision process, including profiling, and, at least in these cases, significant information on the logic used, as well as the importance and consequences to you for this processing;

b) the right to obtain a copy of the personal data processed, provided that this right does not affect the rights and freedoms of others;

c) the right to edit any of your incorrect personal data from the Data Controller without unjustified delay;

d) the right to have your personal data deleted by the Data Controller;

e) the right to obtain limits on the processing from the Data Controller;

f) the right to obtain information from the Data Controller on the recipients who have received the requests for any corrections or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort;

g) the right to receive your personal data in a structured format, commonly used and readable by automatic devices as well as the right to transfer this data to another Data Controller without obstruction from the original Data Controller, in those cases outlined by Art. 20 of the GDPR, and the right to obtain direct forwarding of your personal data from one Data Controller to another.

For further information and to send your request, contact the Data Controller by e-mail at marketing@binotto.com and by phone at +39 0444 593290. To guarantee that the rights noted above are exercised by you and not by unauthorized third parties, the Data Controller may require you to provide other information necessary for this purpose.

How and when can you oppose the processing of your personal data? (Art. 21 GDPR)

For reasons associated with your particular situation, you may at any time oppose the processing of your own personal data if it is based on legitimate reasons, by e-mail at marketing@binotto.com and by phone at +39 0444 593290. You have the right to have your own personal data deleted if the Data Controller has no legitimate reason prevailing over such request.

 

Who can you lodge a complaint with? (Art. 15 GDPR)

Without prejudice to any other ongoing administrative or judicial action, you may lodge a complaint with the applicable supervisory authority of the Italian territory (Italian Personal Data Protection Authority).