DATA PROTECTION DECLARATION ON THE PROCESSING OF PERSONAL DATA
Information pursuant to Articles 12, 13 and 14 of EU Regulation 2016/679
Tiefenbrunner GmbH – Schlosskellerei Turmhof
Schlossweg 4, Entiklar
I-39040 Kurtatsch a.d.W. (BZ)
South Tyrol – Italy
Tel: +39 0471 88 01 22
E-Mail: info [at] tiefenbrunner.com
Data protection information letter - clients and supplier (link to pdf)
Privacy information - Website
Dear website visitor,
We are pleased to inform you about how your personal data is processed when you visit our website. You can also see from this information letter which rights you can exercise as a data subject. Your personal data will be processed in accordance with EU Regulation 2016/679 (the General Data Protection Regulation) and national data protection legislation. The use of the website implies that you agree with this privacy information letter, otherwise we ask you not to continue using the website. In addition, we would like to inform you that links on our website that lead to other websites have been carefully selected and checked by us. Since these websites can be updated without our knowledge and their contents can change continuously, we do not assume any liability or responsibility for them.
Purpose of processing personal data:
In order to ensure the functionality of the website, statistical purposes, technical data with potential personal reference, such as the IP address, the time of requests, the name of the domain and similar data are processed. In addition, the website operator has a legitimate interest (Art. 6f GDPR) in providing you with a visually appealing website and a pleasant user experience. With given consent (Art. 6a GDPR), user behavior can also be analyzed, and marketing purposes pursued. The main purpose of the data processing is the provision of our website and its contents as well as the fulfilment of your requests.
Furthermore, personal data are processed in order to offer various services:
Each visitor can register on the website for our newsletter by double opt in procedure. This voluntary registration and this data processing can be revoked by the user at any time.
The website visitor can contact the company using the contact form. For this purpose, the personal data entered will be processed in order to respond to the request. An explicit consent to the processing of data in the contact form is available.
Transmission of personal data of special categories
We ask you not to transmit sensitive data (personal data of special categories - Art. 9 as well as Art. 10 GDPR) via the website, e.g. by using the contact form.
All data that you enter as a customer in our online shop is processed for the purchase of the goods, the payment process and the dispatch. In the course of this, your data may be passed on to third parties (e.g. payment service providers, forwarding agents, etc.).
In the course of this, the following types of data, among others, may be processed:
- Anagraphic Data: Name, address, contact data, payment data
- Usage data (e.g. access times)
- Metadata (e.g. device information).
- Data transfer: The data processed in the online shop will be transferred exclusively within the framework of the business relationship, for the fulfilment of the pre-contractual/contractual obligations.
- Purposes of processing: The purpose of data processing is the fulfilment of your customer enquiry and pre/contractual services, provision of customer service and security measures.
- Legal Basis for processing: Contractual performance and pre-contractual requests (Art. 6 1b) GDPR) - e.g. fulfilling your request; Legitimate Interests (Art. 6 1f) GDPR) - e.g. taking security measures; Legal Obligation (Art. 6 1c) GDPR) - e.g. disclosure of fiscal data.
- Archiving period: Our archiving period is based on the legal provisions. You can exercise your right to erasure (Art. 17 GDPR) and your right to object (Art. 21 GDPR) at any time.
Without this data entry, your order cannot be properly followed up by us.
Our website offers you payment with the payment service provider Stripe. The data controller is: Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). The following data, among others, may be processed and passed on to Stripe:
- Name of the cardholder
- Customer number
- order number
- Mail address
- IP address
- Card information (validity period, verification number, card number)
- Date and time of transaction
- Transaction amount
- Information on account coverage
The provision of payment details is voluntary, however, the payment cannot be made with Stripe without this information. Stripe assumes the role of data controller as well as processor in the data processing. As a controller, for the fulfilment of regulatory obligations (Art. 6 1f GDPR) as well as for contract execution/payment processing (Art 6 1b GDPR). As a processor, Stripe processes data in order to be able to carry out payment transactions within the payment networks. Your data will be stored by our side until the completion of the payment processing. This also includes the period required for processing refunds, claims management and fraud prevention. For more information on how Stripe processes your data and on how to object to Stripe, please visit https://stripe.com/privacy-center/legal.
Our website offers you payment with the payment service provider PayPal. The data controller is: PayPal Europe S.a.r.l. et Cie s.c.a, 22-24 Boulevard Royal, L-2449 Luxembourg. We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). Among other things, the following data may be processed and passed on to PayPal:
- Contact details (such as e-mail)
- Account number
- Device information of the user
- Technical usage data
The provision of payment data is voluntary, however, without its transmission the payment with PayPal cannot be carried out. PayPal may carry out credit checks to ensure the ability to pay. The legal basis for this is Art. 6 1f) GDPR. The legal basis for the execution of the contract is Art. 6 1b) GDPR. In the course of the credit assessment, your data (e.g. name, address, bank account details and similar) may be passed on to credit agencies. We have no influence on this and only learn whether the payment was rejected or carried out. Your data will be stored until the payment has been processed. This includes the period required for processing refunds, claims management and fraud prevention. You can find more information on how PayPal processes your data and on how to object to PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Legal basis of data processing:
The main legal basis for the processing is Art. 6b) GDPR (Fulfilment of precontractual/contractual measures) and Art. 6f) GDPR (functionality of the website) as well as the consent obtained, if given by you (Art. 6a GDPR).
There are four categories of cookies:
- Essential cookies - for the basic functionality of the website.
- Functional cookies - for ensuring the optimal performance of the website, this includes, for example, saving the language selection
- Performance cookies - for improving the user experience and processing information about the use of the website, e.g. measuring loading times
- Marketing cookies - to record the behavior and interests of the user for marketing purposes, e.g. to serve targeted advertisements.
Non-essential cookies are deactivated by default on our websites and are only activated if you have given us your consent to do so. Most cookies used are "session cookies" which are deleted after closing the browser. Other cookies are stored for example to display the correct language the next time you visit the website. For all cookies that are not subject to a legitimate interest of the website operator (Art. 6f) GDPR), you will be explicitly asked for your consent. You can delete your cookies at any time by, depending on your browser, usually clicking on the 3 dots/stripes at the top right and then opening the settings, entering cookies in the search field, and selecting: delete cookies/delete browser data.
Provision of the data
The provision of your data is voluntary (with the exception of the processing of navigation data) and not required by law. However, failure to provide it may result in restricted use of the website and the services offered.
Data transfer to third parties
Your data may be passed on to third parties, if necessary, but only within the scope of our business relationship, e.g. for the fulfilment of your request or, if applicable, the execution of payments via third parties and for the fulfilment of legal obligations. In principle, your data will not be transferred to non-EU countries without your explicit consent. The same also applies to the use of profiling and automated decisions.
Hosting of the website
This website is hosted by an external service provider. For this purpose, the external hoster receives personal data collected on the website. The legal basis is Art. 6b) GDPR - pre-contractual measures as well as Art. 6f) (Smooth guarantee of the tools on our website).
Our website uses services from the operator Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google may therefore process information and personal data. Please note that American authorities could theoretically gain access to this data due to American legislation (in particular the Cloud Act). Information on the legal framework for data transfer can be found at https://policies.google.com/privacy/frameworks.
With given consent: Google Tag Manager
Our website uses Google Tag Manager. The provider is Google Ireland Limited ("Google"), House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager makes it easier to integrate tracking codes. It also gives site operators the opportunity to make changes that are automatically applied to the pages without having to adapt the source code. The Google Tag Manager can communicate with the Tag Manager servers, in the course of which, when a tag is triggered, personal data may be processed (e.g. the IP address). You will be explicitly asked for your consent before the Google Tag Manager is activated. The legal basis is Art. 6a) GDPR. You can find detailed information at: https://policies.google.com/privacy
With given consent: Web analysis with Google Analytics
Open Street Map
We use Open Street Map to display the map and thus make it easier to see our location. The operator is: OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS United Kingdom. With the use of the map service, data is forwarded to OpenStreetMap, e.g.: IP address, device type, time of access. According to OpenStreetMap, this data is not passed on, the third-party provider Piwik stores your IP address in shortened form (shortened to 2 bytes), for a maximum of 180 days. The legal basis is Art. 6a GDPR (your voluntarily obtained consent). You can find the complete information letter on this at: https://wiki.osmfoundation.org/wiki/Privacy_Policy
This site uses SSL encryption for transmission security, e.g. for enquiries in contact forms. Active SSL encryption is used to encrypt the transmission of data that you send to us.
This website is not intended for use by minors. We therefore do not collect and store data of underage visitors (except involuntarily)
The duration of data retention
The duration of data retention is measured according to the statutory retention obligations and legal obligations applicable to us.
Information on the rights of the data subjects
You can exercise your rights free of charge at any time: right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR). Please contact the above data controller. You also have the right to lodge a complaint with the Italian supervisory authority for data protection "Garante per la protezioni dei dati personali".
This privacy Information may be updated at any time.