(includes the processing of navigation data and cookies)

Tenute Piccini Spa, with registered office in Località Piazzole 53011 Castellina in Chianti (SI) VAT NR. 00368360525, as Data Controller


users who connect to the website Owner, acquired from third parties or spontaneously conferred by interested parties, will be treated lawfully and according to fairness, in compliance with the principles enshrined in EU and Italian law. The main rules governing the processing of personal data are the European Regulation 679/2016 and the Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.


Interested partyNatural person to whom the data processed by the owner or manager belong
Data controllerThe natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data
ResponsibleThe natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller on the basis of a contract that governs the conditions of the assignment

Purpose of the processing

The processing activities of the data collected through the website are carried out by the Data Controller at the company’s offices, in compliance with the security measures and provisions imposed by the European Regulation 679/2016, by subjects appointed by it or delegated (specifically selected and equipped of the necessary professionalism), with manual and computerized procedures, to allow the user a simple and rewarding browsing experience, to collect useful elements to improve the offer of products and services via the web, to execute specific requests of the interested party , for pre-contractual and contractual obligations, for ordinary administrative, financial and accounting activities, to manage customer requests during the marketing and sale of products or the provision of services, for after-sales assistance, for the fulfillment of legal obligations.

The processing is also aimed to the processing of anonymous statistics or after a pseudonymisation procedure. At the request of the interested party or after obtaining specific consent, the processing may also be carried out for the detection of the degree of satisfaction, tastes, preferences and habits of the customer, for the sending of commercial information or advertising material, for direct marketing campaigns, for the issue of fidelity cards connected to particular conditions of sale, for participation in games, competitions or prize operations, for involvement in events and exhibitions, for the provision of services, for market research and other operations directly or indirectly attributable to marketing activities. Other data may be forwarded to the Data Controller by the Data Subject for the possible establishment of employment relationships or commercial collaboration.

Data subject to processing

Navigation dataCommonIP address, operating system and browser used for navigation, date and time of connection and disconnection, time spent on the site, pages visited, activity carried out, location (if the related service is active) and any other information made available or transmitted by device of the interested party, based on the chosen security settings.
ContactsCommonName, surname, e-mail address, other data sent by the interested party to the email addresses of the owner or through the preset forms.
PartnershipCommonName, surname, e-mail address, telephone and postal numbers, other information useful for the possible establishment of the commercial collaboration relationship.

The compilation of the forms on the website, to receive information on products and services, involves the acquisition of the customer’s data in the computer system of the Data Controller. The information is protected by an authentication system and can only be reached by those in possession of the relevant credentials. In other cases, the procedure generates an e-mail message addressed to the Data Controller, which is found based on the requests of the interested party. Communications by e-mail involve the storage of the interested party’s e-mail address, which is necessary to respond to the requests made. This includes the data stored in the message. The Data Controller suggests not to transmit the data or personal information of third parties, unless it is absolutely necessary.

Data of Minors

The data of minors are processed exclusively with the consent of their parents and within the limits imposed by law, without prejudice to the provisions of art. 2-quinquies, Legislative Decree 196/2003, as introduced by Legislative Decree 101/2018. The Owner will not be in any way responsible for any false declarations that may be provided by minors and, should he ascertain the falsity of the declaration, he will immediately delete any personal data and any information acquired.

Nature of the provision

The processing of contact data is essential to meet the requests of the interested party and fulfill contractual obligations. The conferment is therefore necessary, since it cannot be processed otherwise. Any incorrect or insufficient communication of the requested data may result in the total or partial impossibility of executing the requests of the interested party and the possible mismatch of the results of the processing with the agreements made or with the obligations imposed by rules and regulations. Further information may be necessary for the purposes of personnel selection (professional training, previous work experience) and commercial collaboration (previous work experience, financial solvency).

Other data, on the other hand, are collected for the sole purpose of adapting navigation, promotional campaigns, offers, production and stocks, as well as, in general, company activity, to the tastes and interests of customers. Their provision, therefore, is not mandatory and any refusal to process or the revocation of consent already given does not affect the establishment and continuation of the main relationship.

Legal bases of the processing carried out by the Data Controller are the obligations relating to the pre-contractual and contractual phases of the relationship, the obligations imposed by law, the legitimate interest of the Data Controller to manage the data necessary to improve the offer of products and services, the consent expressed by the interested parties . It is possible to ask the Data Controller to specify the legal basis of each treatment.

Retention terms

The data processed by the Data Controller, without prejudice to legal obligations, are kept until an express request for cancellation by the interested party and in any case periodically verified, also with automatic procedures, in order to guarantee their updating and effective compliance with the purposes. of the treatment. If the purpose for which they were acquired has ceased, the data will be deleted, unless they must be processed to comply with regulatory obligations, to protect rights in court or at the express request of the interested party (10 years from the termination of the relationship, 12 months for CVs). At the end of the processing and following the cancellation, the rights of the interested party can no longer be exercised.

Browsing data

The IT system and the software used for the corporate web portal acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication products: IP addresses and domain names of the computer used by the user to connect to the site, URL (Uniform Resource Locator) of the requested resource, time of the request, method used to send the request to the server, size of the file received, numeric code used to indicate the status of the response given by the server (executed or error, etc.) and other parameters relating to the operating system and the user’s computer. This information is not stored to identify the data subjects but, due to its nature, can, through processing and association with other data, allow the identification of the user. They are used to create anonymous statistics on the use of the site and to check its correct functioning. They are usually deleted immediately after processing. They can be used and provided to law enforcement and the judiciary to ascertain responsibility in the event of damage to the site or offenses perpetrated through the network.


Some information regarding navigation is stored on the customer’s computer and read by the system at the next connection. This file, called “cookie” contains data that is not of a personal nature, as it does not allow specific identification of the user, but can allow it through the interconnection with other data. The information contained in the cookies allows you to see the frequency of visits to a site and the activity carried out during navigation. In this way, over time, it is possible to improve the content of the site and make it easier for the user to use. Even companies that transmit content to the site or whose sites are accessible via links can use cookies when the user selects the relevant link. In these cases, the use of cookies is not under the direct control of the Data Controller. Most browsers automatically accept cookies, but you can reject them or select only some of them, according to the preferences set by the user. However, if the user inhibits the loading of cookies, some components of the site may stop working and some pages may be incomplete.

Essential technical cookies:CookiescriptacceptdadaproaffinityThese are cookies necessary to ensure a correct and fluid functioning of the site: they allow the navigation of the pages, the sharing of contents, the storage of access credentials to speed up entry to the site and to keep preferences active while browsing , facilitating the browsing or shopping experience. Without these cookies it is not possible to provide, in whole or in part, the services for which users access the site.
Statistical cookies:_utma_utm_utmc_utmt_utmazThey allow us to understand how users use the site in order to then evaluate and improve its operation, in order to create increasingly appropriate content. They allow you to know which pages are the most and least frequented, how many visitors to the site are, how much time is spent on the site by the average user and how visitors arrive on the site. In this way it is possible to determine which are the optimal functioning and the most liked contents and how the contents and functionality of the pages can be improved.
Analysis cookiesThey are used to keep track of the searches made by the user in order to be able to submit products and services that comply with previous browsing and searches. They are normally used for remarketing operations, through which advertising relating to consultations already made and similar products and services is conveyed to the user while browsing.
Profiling cookiesThey are suitable tools for memorizing the choices made by the user during navigation and consultation, in order to create personal profiles capable of classifying and filing tastes, preferences, browsing and consumption habits. Through the generation of these profiles, the user’s browsing experience can be improved, but above all it can be oriented to their preferences, abilities and the possibility of purchasing or using services. They can be deactivated without creating any obstacle or impediment to navigation.
Third party cookies:_fbpThey are cookies used by third parties not directly controlled by the Owner. The company cannot provide guarantees with respect to the use that will be made of the data, the processing of which is directly operated by an external partyCookies from third party operators allow you to offer advanced features, more information and personal functions, including the ability to share content through social networks and have a personalized site experience based on the preferences expressed through the pages visited.If these external services are used, the provider may be able to know that the user has visited the site of the owner. The use of the data collected by these external operators is subject to the data protection policies of the same. Third-party cookies are identified with the names of the respective operators and can be disabled.

Cookie management

By selecting the OK button shown by the overlay banner, you authorize the installation of cookies on the device used by the interested party. You can change the cookie settings using the specific selectors or through the browser functions. You can prevent the installation of third-party cookies and remove previously installed cookies, including those containing tastes, habits and preferences. To adjust or change the browser settings, you need to consult the software or application manufacturer’s guide. Information on how to manage cookies on your browser is available at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, Microsoft Edge. More information on the cookies used by the site can be requested directly from the Data Controller

Third party sites

The site, even if only periodically, may contain links to third-party sites and applications (Google Adwords, Analitycs, Youtube, Vimeo, etc.), to provide additional services and information to the user. When the user uses these links, he leaves the company website and accesses other resources that are not under the direct control of the Data Controller, who, therefore, will not be responsible for the procedures relating to navigation, security and data processing. personal data operated by other sites, even in the presence of co-branding or display of the company logo. A careful examination of the security and confidentiality procedures of the visited site is recommended, which may transmit additional cookies, read those already on the user’s hard drive and request / acquire additional personal information.

Newsletter management services

The newsletter, if present, is managed by software that uses a database of email addresses to send communications to registered users (through the appropriate section of the site) and which provides for an automatic cancellation procedure that the interested party can use independently, recalled from any communication sent by this instrument.

Forms for the search of personnel

They acquire the information necessary for an initial evaluation of the candidate to decide whether to call him for an interview and for the examination of the actual correspondence to the position he should hold in the company. Normally a series of standard information (name, surname, telephone and postal addresses, telematic addresses, level of education and previous work experience) is associated with the CV prepared and produced by the candidate. If the selection is successful, the data are transmitted to the competent office for recruitment, otherwise they are kept for a period deemed appropriate with respect to the necessary updating by the candidate

Forms for finding partners and franchisees

They acquire the information necessary for an initial assessment of the business partner and the current activity carried out, in order to make a selection before the interviews aimed at signing the contract.

Interaction with social networks and external platforms

The site, through widgets and buttons, can interact with external platforms and social networks. In this case, the information acquired depends on the settings of the profiles used by the user and not by the Owner.

The buttons “Like” of Facebook, “Tweet” of Twitter “,” Recommend “of Linkedin, etc., allow you to share the pages or topics of the site with the respective social platforms and acquire data of the interested party. More information can be obtained from the websites of the companies offering the service. In this case, the data are not managed by the owner’s website, which connects these buttons only to offer an additional service to the interested party but has no control over them.

Automated decision-making processes

The Owner does not use automated decision-making processes.

Communication and dissemination

The data processed through the site are exclusively of a common nature and are not intended for dissemination. The Data Controller does not require and has no interest in detecting and processing data classified by the Regulation as “particular” (health, genetic, biometric, etc.) or “criminal”, without prejudice to legal obligations and the acquisition of curricula through the section “Work with us” or sent spontaneously by the interested party via email (which will in any case be treated in compliance with the rules on the management of the established or potential employment relationship).

The data will be disclosed to third parties, who may assume, based on the type of relationship, the status of data controller pursuant to art. 28, EU Reg. 679/2016 or of mere recipients of the communication, for activities related to or deriving from that of the Data Controller or in the fulfillment of obligations deriving from laws or regulations (Institutions, Law Enforcement, Judicial Authorities, etc.). By way of non-exhaustive example, the following are mentioned:

  • Subjects who need to know the data of the interested party for purposes relating to the relationship with the Data Controller (credit institutions, insurance companies, financial intermediaries, electronic money institutions and payment management, credit recovery companies, customer verification companies, communication company, etc.);
  • Consultants, collaborators, service companies, within the limits necessary to carry out the assignment conferred by the Owner;
  • Subsidiary and / or associated companies that can access the data, within the limits strictly necessary to carry out tasks entrusted by the Data Controller;
  • Post offices, couriers, transporters;

The updated list of data processors is available at the headquarters of the Data Controller.

Transfer abroad

The data whose conferment is optional may, within the limits of the consent signed or the contractual agreements stipulated by the Data Controller, be communicated to subjects operating within the European Union or in countries that guarantee the same level of protection required by the European Regul ation 679 / 2016.

Rights of the interested party

The rights referred to in Articles. from 15 to 22 of the GDPR 679/2016. In particular, the interested party has the right to access their data (Article 15) to request its correction, updating, integration (Article 16) and cancellation (Article 17), to limit its use. by the Data Controller (Article 18), to obtain a copy in a structured format, commonly used and readable by an automatic device (Article 20), to oppose the processing by fulfilling the conditions (Articles 21 and 22). The rights can be exercised to the extent that the processing is not required by law or regulation. Applications relating to the exercise of the rights of the interested party can be forwarded to the Data Controller at the address If the interested party is not satisfied with the response provided to his requests, he can lodge a complaint with the Guarantor Authority for the protection of personal data. Citizens of another member state of the European Union have the right to contact the supervisory authority of their country.