This page describes how the following websites
• www.bancadelvino.it/
• www.slowfood.it
• www.slowfood.it/slowine/cantine-slowine/
• www.slowfood.com
• www.fondazioneslowfood.it
• www.slowfoodfoundation.org
process the personal data of users who visit and use them. The policy concerns the procedures, timing and nature of the information that data controllers must give users when they connect to web pages, regardless of the purpose of the connection.

The Data Controller is Banca del Vino s.c with registered office in Italy in Piazza Vittorio Emanuele, numero 13- 12042 Pollenzo – Bra (CN) P.IVA 02824150045

Data Co-Controller: SLOW FOOD PROMOZIONE SRL, with registered office at Via Vittorio Emanuele II 248, 12042 Bra (Cuneo), ITALY, tax code 0220020040
Data Co-Controller: SLOW FOOD EDITORE SRL, with registered office at Via Mendicità Istruita 45, 12042 Bra (Cuneo), ITALY, tax code 02177750045
Data Co-Controller: SLOW FOOD ITALIA, with registered office at Via Mendicità Istruita 14, 12042 Bra (Cuneo), ITALY, tax code 91008360041, VAT No. 02106030048
Data Co-Controller: SLOW FOOD, with registered office in BRA, province of CUNEO, Piazza XX settembre 5 – ZIP 12042, ITALY, Tax Code 91019770048, VAT No. 02743970044
Data Co-Controller: FONDAZIONE PER LA BIODIVERSITA’, with registered office in FLORENCE, Logge Uffizi Corti, at the Accademia dei Georgofili, ZIP 50122, ITALY, tax code 94105130481
Data Co-Controller: FONDAZIONE TERRA MADRE, with registered office at Piazza Palazzo di Città 1, 10122 Turin, ITALY, tax code 97670460019

Place of data processing and authorized personnel
Data processing relating to the services on these websites takes place at the premises of the Internet service providers used to make and host the site and at the Data Controller’s premises.
Data is processed only by authorized personnel, including for any maintenance and administration of the processing systems.
Types of processed data
Navigation and technically essential data
During the course of normal operation, the computer systems and software procedures used to operate this website collect personal data, the transmission of which is an intrinsic part of using Internet communication protocols. Such information is not collected to be associated with identified parties, but could, by its very nature, make it possible to identify users when processed and associated with data held by third parties. This data category includes IP addresses or the domain names of the computers used by users who connect to the website, the Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to place the request with the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment. This data is only used to obtain anonymous statistical data relating to use of the website and to check that it is operating correctly, and is immediately deleted after processing. The data could be used to determine responsibility in the event of hypothetical IT offenses against the website.
Data provided voluntarily by the user
Data relating to identified or identifiable persons may also be processed, on the basis of additional information submitted by the party concerned: for example, by filling in data collection forms; or through the optional, explicit and voluntary sending of e-mail to the addresses appearing on this site, involving the sender’s address subsequently being acquired, which is necessary to reply to requests, and any other personal data included in the communication.

E-commerce data
Data processed to manage shop orders includes personal details, addresses, purchase notes, recommendations and notes.

Profiling data
Profiling data regarding the interested party’s shopping habits or choices is not directly collected. It is still possible that this information may be collected by independent or separate parties through links or the inclusion of third-party elements. Refer to the Cookies section.

Cookies
Like other websites, this website saves cookies in the browser of the user’s computer to transmit personal information and to enhance the user experience. Cookies are small text files that are sent to the user’s terminal equipment (usually the browser) by visited websites, where they are stored, sometimes for a long time, to be then resent to the same websites on the user’s next visit.
As explained below, it is possible to choose to accept cookies or not and which cookies to accept, bearing in mind that refusing to use them may affect the ability to complete certain transactions on the website or the accuracy and suitability of certain customizable content or the ability to recognize the user from one visit to the next. Where no choice is made in this regard, the predefined settings will be applied and all cookies will be activated. However, relevant decisions may be notified or changed at any time.
In particular, “session” cookies are used, which are not stored permanently on the user’s computer and are deleted on closing the browser, use of which is strictly limited to the transmission of session identifiers (consisting of numbers randomly generated by the server), which are necessary to enable secure and efficient browsing of the site and which avoid the use of other IT techniques that would potentially jeopardize the confidentiality of users’ browsing and do not allow the collection of personal data that could identify the user. Analytics cookies are also used, which help understand how visitors interact with the site’s content, by collecting information (geographical and web location, technology used, language, landing page, pages visited, exit page, time spent on the site, etc.) and generating website usage statistics, without personally identifying individual visitors. All these are technical cookies, which, as consent is not required, operate on an opt-out basis.
Technical cookies are not shared with third parties, as they are necessary or useful for the functioning of the site. They are therefore only processed by authorized qualified persons, data processors or system administrators.
Lastly, the site includes cookies from third parties (which are independent and for which the Data Controller has no responsibility), which also perform profiling functions.
For information about these, refer to the respective sites:
• Google.com:https://www.google.com/policies/technologies/cookies/
• Facebook.com: https://www.facebook.com/about/privacy/cookies
• Addthis.com: http://www.addthis.com/privacy

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust.
Another feature of some browsers is incognito browsing mode, meaning that any cookies created while in incognito mode are deleted after the browser is closed.
Refer to the following instructions for cookie management in the relevant browsers:
• https://support.google.com/chrome/answer/95647?hl=en
• https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookie
• http://windows.microsoft.com/it-it/windows7/how-to-manage-cookie-in-internet-explorer-9
• https://support.apple.com/en-us/HT201265

Purposes of processing, communication and disclosure of data
The personal data collected is only used to perform the requested services and is disclosed to third parties only when necessary for that purpose. Services include: browsing and simple use of the website and its content; registration and access to the restricted area; donations and payments; subscription to and receipt of the newsletter; recommendations; contact requests, etc.
Some services involve more detailed information.
In any case, no data derived from web services is disclosed or published without the prior approval of the party concerned.
Finally, please note that in some cases (not subject to ordinary management) the Public Authorities may also make requests for personal information, to which the Data Controller is obliged to respond.

Optional provision of data
Apart from what is required in terms of navigation and technically essential data, the user is free to provide personal data for specific requests regarding products and/or services. Without certain essential data it may be impossible to fulfill the request.

Legal basis. Management of approval for processing
When necessary, apart from cases in which the legitimate interests of both the Data Controller and third parties apply, and, in any case, after having read the policy, the interested party is required to consent to the processing and disclosure of their personal data for the purposes and within the limits described; failure to do so would prevent the Data Controller from processing the data in order to perform and provide the services requested by the interested party.

Details for specific services

Join Us
The required data is provided freely by the party concerned: some data (Name, Surname, Date of birth, Gender, Address, Telephone, E-mail) is essential; other data is optional. Consent to data processing is required for membership purposes and activities, which, on first registration, also includes receiving the newsletter (see the specific paragraph) for promotional and commercial communications, from which it is possible subsequently to unsubscribe. The payment system provides for the disclosure of some data to the bank providing the service.

Newsletter
E-mail contacts used to send out the periodic newsletter come from voluntary subscriptions on the part of the recipient, from whom confirmation is always requested, as well as from information collected during the sale of goods or services of the Data Controller or similar for legitimate interests. The newsletter involves sending information, communications, including of a commercial or promotional nature, and material. Please note that contacts are not obtained from public lists of subscribers. Where communications are not of interest to the recipient, any further communications from specific sources can be stopped by clicking the unsubscribe link contained in each message from that source, or further contact can be stopped by writing to the contact provided, exercising the right to unsubscribe from the newsletter.

Processing methods
Personal data processing, understood as the collection, recording, organization, storage, processing, modification, deletion and destruction or the combination of two or more of these operations, takes place using manual, computerized and online tools, as well as in an automated manner, using methods strictly related to the stated purposes and, in any case, in such a way as to ensure security and confidentiality and for the time strictly necessary to achieve the purposes for which it has been collected.
Data is processed legally and accurately, is collected and recorded for specified, explicit and legitimate purposes, is accurate and, if necessary, updated, relevant, complete and not excessive with regard to the purposes of processing, in compliance with basic security measures and the rights and fundamental freedoms and the dignity of the party concerned, particularly with regard to confidentiality and personal identity. Specific security measures are in place to prevent loss of data, illegal or improper use and unauthorized access.
Data are held until the legal prescription for the establishment of claims or defences expires, after the purpose (purpose of processing) for which the data were collected has been fulfilled. Personal data will not be transferred to recipients in a third country or to international organizations outside of the European Union (EU) or the European
Economic Area (EEA).

Rights of interested parties
At any time the interested party may: exercise his/her rights (of access, to rectification, to erasure, to restriction of processing, to data portability, to object, to not be subject to automated decision making) when stipulated by law in interactions with the Data Controller, pursuant to Articles 15-22 of the GDPR; lodge a complaint with the Data Protection Authority (www.garanteprivacy.it); and, where data processing is based on consent, revoke consent, taking into account the fact that such a revocation will not affect the lawfulness of consent-based data processing that occured before consent was revoked.

Applicable law
Personal data processing is covered by European and Italian legislation, in particular Regulation (EU) 2016/679 and Legislative Decree No. 196 of 30 June 2003, as subsequently amended and supplemented, as well as provisions of the Data Protection Authority.

Contact
Requests should be sent to the Data Controller at info@bancadelvino.it

Aggiornamento del 29/05/2018