This document provides information on the processing of personal data carried out by the company John Oliver Nolan Offlicense in relation to the online sale of wine products through the website and any applications for mobile devices (hereinafter, considered as a whole, also “Site “, “website”).
Access to the website implies consent to the collection and processing of personal data according to the rules described here, to be understood as information pursuant to art. 13 Legislative Decree 196/2003 (“Privacy Code”).
1. Nature of the data collected and purpose of the treatment
1.1. Data is collected and processed such as:
– name and surname or name, address or registered office, e-mail address, telephone number, gender, date of birth, social security or VAT number, user ID, password; in particular, for the activities that require a payment, all the information necessary for the payment itself and for all the consequent obligations
– information collected for statistical purposes only during the consultation process of the site, the incoming and outgoing traffic, the statistics of access and pages viewed, the IP address, I click on all types of links on the site. Some of this information is saved in cookies: you can disable cookies at any time through the appropriate browser functions, even if this may prevent the use of some services
– other information provided voluntarily by the user through the online registration procedure or filling in other forms information aimed at improving and facilitating site navigation.
The data is collected via the website.
In any case, all personal data necessary for the conclusion and execution of the contract or to use the other services of the site or necessary for the authorization and personalization of accesses in the various sections of the site are collected and processed, as well as browsing data.
The data may also be used for the fulfillment of regulatory, contractual and pre-contractual, tax obligations, for maintenance and technical assistance relating to services, as well as for the reconstruction of the relationships between the parties in the event of a dispute.
The provision of personal data in relation to the aforementioned purposes is mandatory. In case of refusal, the requested services cannot be provided.
1.2. Following the express, specific and optional consent of the user, the personal data provided by the same may be processed, also through one or more remote communication techniques and / or automated systems without the intervention of an operator, for example by sending e-mails, also for the following additional purposes:
– promotion and advertising of goods, services, events of the data controller or its partners
– collection, storage and treatment connected to the completion of market analyzes anonymously.
Failure to provide consent relating to the aforementioned additional purposes will not have consequences on the provision of services. The consent given is revocable at any time.
2. Processing methods
The data controller collects personal data that are entered in the fields of the registration form or other forms of the website, as well as personal data spontaneously sent by e-mail by users of the site. In order to place orders on the site and to receive communications, it is necessary to carry out the registration procedure, reserved for adults, following which the registered user chooses his own user ID and password.
Also acquired, as indicated above, are those navigation data whose transmission is implicit in the use of Internet communication protocols, such as the user’s IP address or domain names, addresses in URL notation of the requested resources, ‘time of the request, the method used to submit the request to the server and other parameters relating to the user’s operating system and IT environment. This is done exclusively for the purpose of obtaining anonymous statistical information on the use of the website, for example to know the number of visitors to a certain page of the site, or to check the correct functioning of the site.
The data could also be used for system security purposes.
This information is not collected to be associated with identifiable interested parties, but due to its nature it could, through processing and association with data held by third parties, allow users to be identified. The data could be used to ascertain responsibility in case of offenses against the site.
The data are processed using mainly IT and telematic methods and / or processed on paper. The processing of personal data connected to the website takes place at the headquarters of the data controller indicated below in point 5 and at the servers of the provider hosting the site.
The processing of personal data is limited to what is strictly necessary for the achievement of the purposes for which they were collected, including, within the same limits, any transfer abroad of them to European and non-European countries.
The data controller guarantees the adoption and observance of specific security measures to prevent the loss of data, any illicit or incorrect use of the same and unauthorized access.
It is the responsibility of each registered user to guarantee and verify the ownership and custody of their user ID and password.
No persistent cookies of any kind are used. No user profiling is carried out.
The website may contain links to other websites, in relation to which the data controller is not responsible for the content, security, or measures relating to privacy.
If personal data are deleted at the request of the user, it will no longer be possible to recover them.
3. Communication and dissemination of personal data
3.1. Personal data are accessible to the data controller company and to its employees, collaborators and any service providers in charge or responsible for the processing as well as to any persons in charge of occasional maintenance operations.
The communication of personal data to external parties is governed by contracts that provide for an adequate level of protection of personal data.
Said communication to external subjects (such as banks, accountants, consultants, public offices, providers), when indispensable, is always and only in compliance with Legislative Decree 196/2003 and always and only within the limits of the purposes indicated above, especially for technical reasons, administrative-accounting and tax or in compliance with legal obligations.
The data controller undertakes not to transfer the personal data of its users to anyone for purposes other than those illustrated.
3.2. The personal data provided by the user are subject to disclosure only in the cases expressly indicated in this statement.
4. Consent to the processing of personal data
Without prejudice to the foregoing and except as required by law, the processing of users’ personal data takes place exclusively with their consent.
The provision of personal data is optional, unless otherwise indicated.
Failure to provide non-optional data may prevent you from proceeding with activities relating to the conclusion and execution of the contract or the provision of other site services. Failure to provide optional data has no consequences.
5. Owner of the data processing
The data controller is the company John Oliver Nolan Offlicense, with registered office in 00183 Rome, via Veio n. 4, tel. …, fax …, e-mail …, VAT number 08209141004
6. Rights of the interested party
Registered users can at any time update their personal data by themselves by accessing it with their user ID and password.
Users of the site can in any case always contact the data controller, as indicated above, to assert their rights, as provided for by art. 7 of Legislative Decree 196/2003 (“Privacy Code”), which provides as follows:
“1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form.
2. The interested party has the right to obtain the indication:
a) the original of the personal data;
b) the purposes and methods of the processing;
c) the logic applied in case of processing carried out with the aid of electronic tools;
d) the identity of the owner, manager and the representative appointed under Article 5, paragraph 2;
e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as appointed representative in the State, managers or agents.
3. The interested party has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means that are manifestly disproportionate to the protected right.
4. The interested party has the right to object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication “.
7. Duration of treatment
The processing of personal data will have a duration equal to that required by the purposes for which they were collected and in any case the duration resulting from the need to comply with all current legal obligations, such as those of a civil or fiscal nature.
Last updated: November 2013.
The text of this document may undergo changes over time. It is therefore advisable to read it carefully every time you access the site. The user is also invited to print and keep a copy of this information.