Browsing the pages of our website is possible without any declaration of personal data. However, for certain specific situations (such as completing a questionnaire, a quiz or participating in a competition), certain personal data may be collected and processed from data subjects.

If the processing of personal data is necessary and there is no statutory basis for this processing, we undertake to obtain consent from the data subject.

The processing of personal data – such as the name, surname, address, e-mail address, telephone number of a data subject – will always be carried out in accordance with the provisions of Regulation no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“the Regulation”) and in accordance with the data protection regulations specific to the country in which it operates SC VINICOLA AVERESTI 2000 SA.

Through this Policy, our company would like to inform the general public about the nature, scope and purpose for which we collect and process personal data. In addition, data subjects are also informed of their rights under the Regulation. As the controller, SC VINICOLA AVERESTI 2000 SA has implemented numerous technical and organizational measures to ensure the complete protection of personal data.

 

1. Definitions

This Policy is based on the Regulation as well as any and all applicable laws on the protection of personal data. The Policy must be understandable both for the general public and for our customers and business partners. To ensure this, we will explain the terminology used. In this Policy we will use, inter alia, the following terms:

Personal Data or Personal Data refers to any information that makes it possible to identify a natural person (data subject);

Data Subject – represents an identified or identifiable natural person. An “identifiable” natural person is one who can be identified, directly or indirectly, including by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;

Processing – means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation, alteration, retrieval, consultation, use, disclosure (by transmission, dissemination or otherwise making available), alignment or combination, blocking, erasure or destruction;

Restriction of processing – refers to the marking of processed personal data with a view to limiting their processing in the future;

Profiling – refers to any authorised form of processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning a natural person's performance at work, economic situation, health, personal preferences, interests, reliability, location or movements;

Pseudonomisation – is the processing of personal data in such a way that the personal data can no longer be attributed to a data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Operator or controller responsible for processing – is the natural or legal person, public authority, agency or other body which, alone or with the assistance of third parties, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by European Union or Member State law, the controller or the specific criteria for his nomination may be provided for by European Union or Member State law;

This would be the case, for example, if a visitor was injured in our company and the name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (1) lit. d of the Regulation. Finally, the processing operations could be based on Art. 6 (1) lit. f of the Regulation. This legal basis is used for processing operations that are not covered by any of the legal grounds mentioned above, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are specifically permitted because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is the customer of the controller (Recital 47 of Sentence 2 of the Regulation).

 

10. Legitimate interests pursued by the controller or by a third party

If the processing of personal data is based on Article 6(1)(f) of the Regulation, our legitimate interest is to conduct our business in the interests of the well-being of all our employees and shareholders.

 

11. Period for which the personal data will be stored

The personal data will only be stored for the period necessary for the purpose for which they were collected. After the expiry of that period, the corresponding data will be deleted. Only those personal data that are part of acts / documents for which the law provides for an archiving period will be kept and upon expiration of the legal archiving period they will be destroyed.

 

12. Provision of personal data as a legal or contractual requirement

Requirement necessary to conclude a contract; Obligation of the data subject to provide personal data; possible consequences of failure to comply with these data:

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract according to which the data subject provides us with personal data, which must be subsequently processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her.

 

13. Protection of personal data

SC VINICOLA AVERESTI 2000 SA applies an internal framework of policies and minimum standards regarding the protection of personal data. These policies and standards are updated periodically to comply with regulations and market developments. In accordance with the legal provisions in force, we take appropriate technical and organizational measures (policies, procedures, security, etc.) precisely to ensure the confidentiality and integrity of personal data as well as to ensure the necessary framework for their processing.