logo taverna squarcialupi facebook instagram
halls of palazzo squarcialupi

Safety and Privacy Conditions

PRIVACY NOTICE AND COOKIE POLICY

To whom it may concern,

the protection of your personal data is of the utmost importance to Squarcialupi S.r.l.s. and we commit to guaranteeing a level of safety and protection in conformity with EU Regulation 2016/679 and d.lgs. 196/2003, as amended by d.lgs. 101/2018. Please read the following notice. 

INDEX

1. DATA CONTROLLER

2. DATA PROTECTION OFFICER

3. COLLECTED DATA, PURPOSES AND LEGAL BASIS OF PROCESSING

4. RECIPIENTS OF PERSONAL DATA 

5. STORAGE PERIOD

6. RIGHTS OF DATA SUBJECT

DATA CONTROLLER

The data controller to whom your data is entrusted is Squarcialupi S.r.l.s., whose registered office is in Via Ferruccio, 26 - 53011 Castellina in Chianti (SI), Italy, Fiscal Code and VAT 01424950523, certified email: squarcialupi@open.legalmail.it, regular email: info@tavernasquarcialupi.it (hereinafter the “Controller”).

DATA PROTECTION OFFICER

As concerns your personal data and the processing necessary for a correct performance and handling of your contract, the Controller does not carry out a regular or systematic monitoring, nor does he/she process data in bulk, not even in connection with or accessory to the Controller’s main activity. As a consequence, no Data Protection Officer was nominated, in conformity with art. 37 Reg. EU 2016/679. For more information, the Controller will always be available to answer your questions at the following email address: info@tavernasquarcialupi.it.

COLLECTED DATA, PURPOSES AND LEGAL BASIS OF PROCESSING

As a general rule, the Controller will limit the collection of the data subject’s personal data to the information strictly necessary for the correct performance of the contract with the Controller. In particular:

We collect the following personal data directly from the data subject: 
Clients’ data (first and last name, company name; physical and digital contact details, i.e. phone number, mobile number, and email address; billing information, bank and payment details; health-related data), with the purpose of establishing and fully performing the contract, including any related service requested by the client (i.e. special meals). Furthermore, the collection and processing of personal data is necessary to keep in touch with the client, as well as to comply with the obligations provided for by Italian and European legislation, including, for example, laws on accounting and taxes, and to allow for the Controller to exercise their rights in court or extrajudicially (i.e. for the collection of debt). By health-related data we intend a limited knowledge shared by the client concerning food intolerances and allergies necessary for the Controller to offer services suited to the Client’s needs.
Data belonging to suppliers, contractors, freelancers, and other service providers (first and last name, company name, including personal ID numbers; physical and digital contact details, i.e. phone number, mobile number, and email address; billing information, bank and payment details), with the purpose of establishing and fully performing the contract. Furthermore, the collection and processing of personal data is also necessary to keep in touch, to comply with the obligations provided for by Italian and European legislation, including regulations on accounting and taxes, and to allow for the Controller to exercise their rights in court or extrajudicially.
The legal bases of the aforementioned processing are: the full performance of the contract stipulated with the data subject and/or the performance of precontractual measures should these be required by the same (v. art. 6, § 1, lett. b) of Reg. EU 2016/679); complying with legal obligations to which the Controller is subject, i.e. Italian tax law (art. 6, § 1, lett. c) of Reg. EU 2016/679). As regards solely the processing of health-related data, consent expressed by the data subject (art. 6, § 1, lett. a) del Reg. UE 2016/679).

Data collected for promotional purposes (first and last name, company name, physical and digital contact details, i.e. phone number, mobile number, and email address), the purpose of which is for the Controller to keep in touch with the data subject with the aim of promoting the Controller’s services via newsletters or other advertising material.
For navigation data from the website www.squarcialupirelaxchianti.com (cookie), please refer to the cookie policy available here.
The legal bases for the processing of this data is: consent expressed by data subject for the processing of data for promotional purposes and new reservations, as well as all the navigation data different from the technical cookies but necessary for the website to function (art. 6, § 1, lett. a) of Reg. EU 2016/679); the Controller’s legitimate interest in all other cookies, as they are necessary for a correct and optimal navigation and viewing of the Site, for its functioning, considering the device used by the data subject, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject who, as a user of the Website, through navigation is explicitly consenting to said automatized and/or anonymous processing (art. 6, § 1, lett. a) and f) of Reg. EU 2016/679).

Unsolicited data submitted by job candidates (first and last name, company name, including personal ID numbers; physical and digital contact details, i.e. phone number, mobile number, and email address; information regarding training and previous employment; information pertaining to specific categories of data pursuant to art. 9 Reg. EU 2016/679 or data pertaining to criminal convictions and felonies pursuant to art. 10 Reg. EU 2016/679). Provided that the data subject has submitted written consent to the processing of the communicated data (i.e. in the CV), the Controller will retain said data for a maximum period of twelve months toward a possible personnel selection procedure. 
The legal basis of the processing discussed in the previous point is the subject’s consent, where given (art. 6 § 1 lett. a) Reg. EU 2016/679). Where no consent has been given, the Controller will not collect or process any data.  

CCTV videos taken in the Controller’s establishments. These are collected by the Controller with the sole intention of protecting his/her rights, interests, and tangible/intangible assets, as well as protecting clients, though this will not require constant, direct, regular, substantial, or systematic supervision of individual subjects when inside the Controller’s properties. 
The legal bases of the processing discussed in the previous point are: a) the data subject’s consent, where given (art. 6 § 1 lett. a) Reg. EU 2016/679); b) processing is necessary to the pursuit of the Controller’s legitimate interest and not overridden by the interests or fundamental rights and freedoms of the data subject (art. 6 § 1 lett. f) Reg. EU 2016/679). In fact, regarding the latter legal basis, we hereby specify that video surveillance activity is carried out with devices that prevent access by unauthorized parties and a 24-hours limited storage, to be extended in the case of festivities, vacations, Judicial or Police authorities’ official requests.

The following personal data is collected from third parties who are not the data subject:
Data of representatives of suppliers/contractors/freelancers and other service providers, such as owners of sole corporations, associates/managers with unlimited responsibility regarding corporate obligations and similar figures (personal information and information concerning income and assets), with the purpose of verifying power of attorney as regards the contract, and of safeguard of the Controller’s rights (i.e. debt collection, damages etc.). We also collect the data (personal information and contact details) of single representative of the aforementioned persons, when necessary or required by the same. The sources of said data are:
The suppliers/contractors/freelancers and service providers themselves; 
Their company websites;
Public databases (Business register; Public administration or private institutions online services).
The legal bases of this processing are: the establishment and performance of the contract (v. art. 6, § 1, lett. b) of Reg. EU 2016/679); the legal and regulatory obligations of the data Controller in relation to the Italian legislation on money laundering (art. 6, § 1, lett. c) of Reg. EU 2016/679); the Controller’s legitimate interest in obtaining the exact service agreed upon by contract with the counterpart and/or full and effective protection of his/her credit rights, including compensations, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, this data being contained in public databases which may be freely consulted according to the laws and regulations applicable in each case (art. 6, § 1, lett. a) and f) of Reg. UE 2016/679).

Data of clients’ family members and escorts, as indicated by the client who holds the contract with the Controller, with the same purposes and legal basis as indicated in the preceding point a.1.  
Hiring data (first and last name, including personal ID numbers; physical and digital contact details, i.e. phone number, mobile number, and email address; information regarding training and previous employment; information pertaining to specific categories of data pursuant to art. 9 Reg. EU 2016/679 or data pertaining to criminal convictions and felonies pursuant to art. 10 Reg. EU 2016/679). The purpose of this collection is for the Collector to identify and select new workforce. The sources of this data are:
Common acquaintances or direct interaction with potential candidates; 
Job placement companies etc.;
The legal bases for this processing art: the data subject’s consent (art. 6 § 1 lett. a) and 9 §2 lett. a) Reg. EU 2016/679); the execution of steps required by the data subject prior to entering into the contract, i.e. participating in the selection procedure (v. art. 6, § 1, lett. b) of Reg. EU 2016/679).

We do not collect other personal data or information from the data subject, nor do we use the collected data for purposes other than the ones described in this notice. The data Subject will always be informed, via an update of this notice, should there be a new collection of data or processing with a different purpose.

RECIPIENTS OF PERSONAL DATA 

As a default rule, the personal information of the data Subject is not divulged, or communicated or transmitted to third parties; on the contrary, it will always be preserved in a safe and confidential fashion, in both analogic and digital form. 

With the sole purpose of correctly executing the contract with the data Subject, we may communicate part of his/her data, limited to information that is strictly necessary for them to be able to benefit fully from the services required, i.e. to suppliers, contractors, or other service providers. Furthermore, we may communicate the Subject’s data when we are compelled to do so by regulations that apply to public entities and other private enterprises (i.e. independent contractors in charge of accounting and taxes). We may need to communicate the Subject’s data to third parties in case of debt collection procedures or in defending the Collector’s rights (i.e. independent contractors, insurance or debt collection companies, investigation firms etc.). Furthermore, we may communicate your data to marketing companies with the purpose of forwarding promotional materials or advertisements, should you request it.

Aside from the aforementioned communications, we will not distribute, transmit, communicate or transfer your data outside the country (Italy), and should there be any changes this policy will be updated.

STORAGE PERIOD 

The data Subject’s personal data will be stored and processed for the entire duration of time necessary for the full and complete performance of the contract or of the pre-contractual measures with the data subject, including any and all related activities necessary to obtain and verify the data Subject’s compliance with all obligations. To this end, the Controller will preserve all documentation pertaining to his/her relations with the data Subject, including fiscal data and data concerning the performance of the contract, for the periods of time required by Italian and European law. 

This period is usually of 10 (ten) years from the performance of the contract, notwithstanding provisions or lapses provided for by applicable law, if anterior. 

Non-solicited personal data belonging to job candidates will be kept for a maximum period of twelve months, subject to the data Subject’s written consent; instead, personal data received during hiring procedures in which such data was solicited will be kept only for the duration of the selection procedures. 

The data used for promotional purposes and for new reservations will be kept only in presence of the data Subject’s explicit consent and until the Subject revokes said consent. Navigation data will be kept for the same duration as cookies as illustrated in point 7 hereinafter.

Data collected from CCTV videos have a 24-hours limited storage, to be extended in the case of festivities, vacations, Judicial or Police authorities’ official requests.

Following a cancellation request on the part of the data Subject, the Controller will comply no later than 30 (thirty) days after reception of said request.

RIGHTS OF DATA SUBJECT

The data Subject may exercise all the following rights: 

Access of personal data pursuant to art. 15 Reg. EU 2016/679. This right includes the power to obtain a copy of the personal data collected and processed by the Controller. Having ascertained the legitimacy of the request, the Controller will issue the requested information and a copy of the data. When said requests are manifestly unfounded or excessive, especially should they be reiterated, the data Subject will have to remit an appropriate compensation to the Controller for expenses incurred, equal to the administrative expenses sustained by the Controller to comply with the request.   
Requesting amendment of personal data pursuant to art. 16 Reg. EU 2016/679. The Controller shall inform recipients of said amendments pursuant to art. 19 Reg. EU 2016/679, unless it proves impossible or requires a disproportionate effort. The data Subject will however retain the right to be informed of the identity of said recipients.   
Requesting deletion of personal data (the so called right to be forgotten) in accordance with and within the limits established by art. 17 Reg. EU 2016/679. The Controller will communicate said deletion request to any recipients of the data pursuant to art. 19 Reg. EU 2016/679, unless it proves impossible or requires a disproportionate effort. The data Subject will however retain the right to be informed of the identity of said recipients.
Requesting limitation of processing of personal data in accordance with and within the limits established by art. 18 Reg. EU 2016/679. The Controller will communicate said request of limitation to any recipients of the data pursuant to art. 19 Reg. EU 2016/679, unless it proves impossible or requires a disproportionate effort. The data Subject will however retain the right to be informed of the identity of said recipients.
Objecting to the processing of personal data in accordance with and within the limits established by art. 21 Reg. EU 2016/679.
Requesting portability of personal data, in accordance with and within the limits established by art. 20 Reg. EU 2016/679. The Controller reserves the right to verify the technical feasibility of the transmission of the data to another controller chosen by the data Subject on a case-by-case basis.  
Revoking, at any time, any consent previously given for processing with this legal basis without detriment to processing that has already taken place.
Submitting complaint to a supervisory authority pursuant to art. 77 Reg. EU 2016/679.

Data Subjects may forward their written requests concerning the exercising of their rights regarding personal data to the Controller at the following addresses:

Squarcialupi srls 

Via Ferruccio, 26 - 53011 Castellina in Chianti (SI), Italia

Fiscal Code and VAT 01424950523

Certified email: squarcialupi@open.legalmail.it

Ordinary email: privacy@tavernasquarcialupi.it

Info
*Required fields


logo antiche tenute squarcialupi

grape conegrape cone

FARM

garden and poolgarden and pool

HOSPITALITY

the specialties of the tavernthe specialties of the tavern

RESTAURANT




facebook instagram

 
web by Web By Uplink
 
Email Taverna Squarcialupi Whatsapp Taverna Squarcialupi Call Taverna Squarcialupi