Privacy Policy

DATA PROTECTION DECLARATION ON THE PROCESSING OF PERSONAL DATA
Information pursuant to Articles 12, 13 and 14 of EU Regulation 2016/679

Data controller

Tiefenbrunner GmbH – Schlosskellerei Turmhof
Schlossweg 4, Entiklar
I-39040 Kurtatsch a.d.W. (BZ)
South Tyrol – Italy

Tel: +39 0471 88 01 22
E-Mail: info [at] tiefenbrunner.com

Data protection information letter - clients and supplier (link to pdf)
 
Privacy information - Website

Dear website visitor,

We are pleased to inform you about how your personal data is processed when you visit our website. You can also see from this information letter which rights you can exercise as a data subject. Your personal data will be processed in accordance with EU Regulation 2016/679 (the General Data Protection Regulation) and national data protection legislation. The use of the website implies that you agree with this privacy information letter, otherwise we ask you not to continue using the website. In addition, we would like to inform you that links on our website that lead to other websites have been carefully selected and checked by us. Since these websites can be updated without our knowledge and their contents can change continuously, we do not assume any liability or responsibility for them.

Purpose of processing personal data:

In order to ensure the functionality of the website, statistical purposes, technical data with potential personal reference, such as the IP address, the time of requests, the name of the domain and similar data are processed. In addition, the website operator has a legitimate interest (Art. 6f GDPR) in providing you with a visually appealing website and a pleasant user experience. With given consent (Art. 6a GDPR), user behavior can also be analyzed, and marketing purposes pursued. The main purpose of the data processing is the provision of our website and its contents as well as the fulfilment of your requests.

Furthermore, personal data are processed in order to offer various services:

Newsletter

Each visitor can register on the website for our newsletter by double opt in procedure. This voluntary registration and this data processing can be revoked by the user at any time.

Contact form

The website visitor can contact the company using the contact form. For this purpose, the personal data entered will be processed in order to respond to the request. An explicit consent to the processing of data in the contact form is available.

Transmission of personal data of special categories

We ask you not to transmit sensitive data (personal data of special categories - Art. 9 as well as Art. 10 GDPR) via the website, e.g. by using the contact form.

Online shop

All data that you enter as a customer in our online shop is processed for the purchase of the goods, the payment process and the dispatch. In the course of this, your data may be passed on to third parties (e.g. payment service providers, forwarding agents, etc.).

In the course of this, the following types of data, among others, may be processed:

  • Anagraphic Data: Name, address, contact data, payment data
  • Usage data (e.g. access times)
  • Metadata (e.g. device information).
  • Data transfer: The data processed in the online shop will be transferred exclusively within the framework of the business relationship, for the fulfilment of the pre-contractual/contractual obligations.
  • Purposes of processing: The purpose of data processing is the fulfilment of your customer enquiry and pre/contractual services, provision of customer service and security measures.
  • Legal Basis for processing: Contractual performance and pre-contractual requests (Art. 6 1b) GDPR) - e.g. fulfilling your request; Legitimate Interests (Art. 6 1f) GDPR) - e.g. taking security measures; Legal Obligation (Art. 6 1c) GDPR) - e.g. disclosure of fiscal data.
  • Archiving period: Our archiving period is based on the legal provisions. You can exercise your right to erasure (Art. 17 GDPR) and your right to object (Art. 21 GDPR) at any time.

Without this data entry, your order cannot be properly followed up by us.

Viva Payment Service

Our website offers you payment via the payment service provider Viva Payment Services. The data controller is: Viva Payment Services S.A., 72 Athinon Avenue, 10442 Athens, Greece. We offer this service in order to provide you with this payment method (Art. 6 1f GDPR) and to process your purchase to fulfill the contract (Art. 6 1b GDPR). The following data, among others, may be processed and passed on to Viva Payment Services:

  • Name of the cardholder
  • Customer number
  • order number
  • Mail address
  • IP address
  • Card information (validity period, verification number, card number)
  • Date and time of transaction
  • Transaction amount
  • Information on account coverage

Providing payment details is voluntary; however, payment via Viva Payment Services cannot be completed without this information. Viva assumes the role of data controller as well as processor in the data processing. As a controller, it fulfills regulatory obligations (Art. 6 1f GDPR) and processes payment execution/contract fulfillment (Art. 6 1b GDPR). As a processor, Viva processes data to enable payment transactions within the payment networks.

Your data will be stored by Viva until the payment processing is complete. This includes the time required for refunds, claims management, fraud prevention, and other legal purposes. For more information on how Viva Payment Services processes your data and how to object, please visit: https://www.viva.com/it-it/terms-portal

Please note that we, as the online shop operator, do not have access to your full payment details such as your card number or CVV. This information is securely processed and stored by Viva Payment Services in compliance with GDPR and PCI DSS standards. We only receive partial information necessary for processing your order, such as transaction amount, order number, and customer details.

 

Legal basis of data processing:

The main legal basis for the processing is Art. 6b) GDPR (Fulfilment of precontractual/contractual measures) and Art. 6f) GDPR (functionality of the website) as well as the consent obtained, if given by you (Art. 6a GDPR).

Cookies

Our website uses cookies, whereby personal data can be processed.

There are four categories of cookies:

  • Essential cookies - for the basic functionality of the website.
  • Functional cookies - for ensuring the optimal performance of the website, this includes, for example, saving the language selection
  • Performance cookies - for improving the user experience and processing information about the use of the website, e.g. measuring loading times
  • Marketing cookies - to record the behavior and interests of the user for marketing purposes, e.g. to serve targeted advertisements.

Non-essential cookies are deactivated by default on our websites and are only activated if you have given us your consent to do so. Most cookies used are "session cookies" which are deleted after closing the browser. Other cookies are stored for example to display the correct language the next time you visit the website. For all cookies that are not subject to a legitimate interest of the website operator (Art. 6f) GDPR), you will be explicitly asked for your consent. You can delete your cookies at any time by, depending on your browser, usually clicking on the 3 dots/stripes at the top right and then opening the settings, entering cookies in the search field, and selecting: delete cookies/delete browser data.

Provision of the data

The provision of your data is voluntary (with the exception of the processing of navigation data) and not required by law. However, failure to provide it may result in restricted use of the website and the services offered.

Data transfer to third parties

Your data may be passed on to third parties, if necessary, but only within the scope of our business relationship, e.g. for the fulfilment of your request or, if applicable, the execution of payments via third parties and for the fulfilment of legal obligations. In principle, your data will not be transferred to non-EU countries without your explicit consent. The same also applies to the use of profiling and automated decisions.

Hosting of the website

This website is hosted by an external service provider. For this purpose, the external hoster receives personal data collected on the website. The legal basis is Art. 6b) GDPR - pre-contractual measures as well as Art. 6f) (Smooth guarantee of the tools on our website).

Google services

Our website uses services from the operator Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google may therefore process information and personal data. Please note that American authorities could theoretically gain access to this data due to American legislation (in particular the Cloud Act). Information on the legal framework for data transfer can be found at https://policies.google.com/privacy/frameworks.

With given consent: Google Tag Manager

Our website uses Google Tag Manager. The provider is Google Ireland Limited ("Google"), House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager makes it easier to integrate tracking codes. It also gives site operators the opportunity to make changes that are automatically applied to the pages without having to adapt the source code. The Google Tag Manager can communicate with the Tag Manager servers, in the course of which, when a tag is triggered, personal data may be processed (e.g. the IP address). You will be explicitly asked for your consent before the Google Tag Manager is activated. The legal basis is Art. 6a) GDPR. You can find detailed information at: https://policies.google.com/privacy

With given consent: Web analysis with Google Analytics

Our website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, U S A. Google Analytics. The information obtained through the cookies about your use of the website (including your IP address) can be transmitted to Google on servers in the U S A. The full information letter can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en. We use Google Analytics as an analysis tool to monitor the performance of our website, analyse customer behavior and take appropriate action. You will be explicitly asked for your consent before Google Analytics is activated. The legal basis is Art. 6a) GDPR. You can also prevent the described collection and processing of data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

YouTube

We use social plugins from YouTube, a site operated by Google. The operator of this site is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, U S A. When you visit a page equipped with a YouTube plugin, a connection to the YouTube servers is established. This informs the YouTube server that you have visited our site and user statistics can be compiled, e.g. by means of cookies. If you are logged into your YouTube account, YouTube can assign your visit to our website to your user account. You can prevent this by logging out of your YouTube account. For more information on how YouTube handles your user data, please see the privacy policy at https://www.google.de/intl/de/policies/privacy.

Open Street Map

We use Open Street Map to display the map and thus make it easier to see our location. The operator is: OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS United Kingdom. With the use of the map service, data is forwarded to OpenStreetMap, e.g.: IP address, device type, time of access. According to OpenStreetMap, this data is not passed on, the third-party provider Piwik stores your IP address in shortened form (shortened to 2 bytes), for a maximum of 180 days. The legal basis is Art. 6a GDPR (your voluntarily obtained consent). You can find the complete information letter on this at: https://wiki.osmfoundation.org/wiki/Privacy_Policy

SSL Encryption

This site uses SSL encryption for transmission security, e.g. for enquiries in contact forms. Active SSL encryption is used to encrypt the transmission of data that you send to us.

Underage visitors

This website is not intended for use by minors. We therefore do not collect and store data of underage visitors (except involuntarily)

The duration of data retention

The duration of data retention is measured according to the statutory retention obligations and legal obligations applicable to us.

Information on the rights of the data subjects

You can exercise your rights free of charge at any time: right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR). Please contact the above data controller. You also have the right to lodge a complaint with the Italian supervisory authority for data protection "Garante per la protezioni dei dati personali".

This privacy Information may be updated at any time.