Privacy Policy

DATA PROTECTION DECLARATION ON THE PROCESSING OF PERSONAL DATA
Information pursuant to Articles 12, 13 and 14 of EU Regulation 2016/679

Data controller

Tiefenbrunner GmbH – Schlosskellerei Turmhof
Schlossweg 4, Entiklar
I-39040 Kurtatsch a.d.W. (BZ)
South Tyrol – Italy

Tel: +39 0471 88 01 22
E-Mail: info [at] tiefenbrunner.com

Data protection information letter - clients and supplier (link to pdf)
 
Privacy information - Website

Dear website visitor,

We are pleased to inform you about how your personal data is processed when you visit our website. You can also see from this information letter which rights you can exercise as a data subject. Your personal data will be processed in accordance with EU Regulation 2016/679 (the General Data Protection Regulation) and national data protection legislation. The use of the website implies that you agree with this privacy information letter, otherwise we ask you not to continue using the website. In addition, we would like to inform you that links on our website that lead to other websites have been carefully selected and checked by us. Since these websites can be updated without our knowledge and their contents can change continuously, we do not assume any liability or responsibility for them.

Purpose of processing personal data:

In order to ensure the functionality of the website, statistical purposes, technical data with potential personal reference, such as the IP address, the time of requests, the name of the domain and similar data are processed. In addition, the website operator has a legitimate interest (Art. 6f GDPR) in providing you with a visually appealing website and a pleasant user experience. With given consent (Art. 6a GDPR), user behavior can also be analyzed, and marketing purposes pursued. The main purpose of the data processing is the provision of our website and its contents as well as the fulfilment of your requests.

Furthermore, personal data are processed in order to offer various services:

Newsletter

Each visitor can register on the website for our newsletter by double opt in procedure. This voluntary registration and this data processing can be revoked by the user at any time.

Contact form

The website visitor can contact the company using the contact form. For this purpose, the personal data entered will be processed in order to respond to the request. An explicit consent to the processing of data in the contact form is available.

Transmission of personal data of special categories

We ask you not to transmit sensitive data (personal data of special categories - Art. 9 as well as Art. 10 GDPR) via the website, e.g. by using the contact form.

Online shop

All data that you enter as a customer in our online shop is processed for the purchase of the goods, the payment process and the dispatch. In the course of this, your data may be passed on to third parties (e.g. payment service providers, forwarding agents, etc.).

In the course of this, the following types of data, among others, may be processed:

  • Anagraphic Data: Name, address, contact data, payment data
  • Usage data (e.g. access times)
  • Metadata (e.g. device information).
  • Data transfer: The data processed in the online shop will be transferred exclusively within the framework of the business relationship, for the fulfilment of the pre-contractual/contractual obligations.
  • Purposes of processing: The purpose of data processing is the fulfilment of your customer enquiry and pre/contractual services, provision of customer service and security measures.
  • Legal Basis for processing: Contractual performance and pre-contractual requests (Art. 6 1b) GDPR) - e.g. fulfilling your request; Legitimate Interests (Art. 6 1f) GDPR) - e.g. taking security measures; Legal Obligation (Art. 6 1c) GDPR) - e.g. disclosure of fiscal data.
  • Archiving period: Our archiving period is based on the legal provisions. You can exercise your right to erasure (Art. 17 GDPR) and your right to object (Art. 21 GDPR) at any time.

Without this data entry, your order cannot be properly followed up by us.

Stripe

Our website offers you payment with the payment service provider Stripe. The data controller is: Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). The following data, among others, may be processed and passed on to Stripe:

  • Name of the cardholder
  • Customer number
  • order number
  • Mail address
  • IP address
  • Card information (validity period, verification number, card number)
  • Date and time of transaction
  • Transaction amount
  • Information on account coverage

The provision of payment details is voluntary, however, the payment cannot be made with Stripe without this information. Stripe assumes the role of data controller as well as processor in the data processing. As a controller, for the fulfilment of regulatory obligations (Art. 6 1f GDPR) as well as for contract execution/payment processing (Art 6 1b GDPR). As a processor, Stripe processes data in order to be able to carry out payment transactions within the payment networks. Your data will be stored by our side until the completion of the payment processing. This also includes the period required for processing refunds, claims management and fraud prevention. For more information on how Stripe processes your data and on how to object to Stripe, please visit https://stripe.com/privacy-center/legal.

PayPal

Our website offers you payment with the payment service provider PayPal. The data controller is: PayPal Europe S.a.r.l. et Cie s.c.a, 22-24 Boulevard Royal, L-2449 Luxembourg. We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). Among other things, the following data may be processed and passed on to PayPal:

  • Name
  • Address
  • Contact details (such as e-mail)
  • Account number
  • Device information of the user
  • Technical usage data

The provision of payment data is voluntary, however, without its transmission the payment with PayPal cannot be carried out. PayPal may carry out credit checks to ensure the ability to pay. The legal basis for this is Art. 6 1f) GDPR. The legal basis for the execution of the contract is Art. 6 1b) GDPR. In the course of the credit assessment, your data (e.g. name, address, bank account details and similar) may be passed on to credit agencies. We have no influence on this and only learn whether the payment was rejected or carried out. Your data will be stored until the payment has been processed. This includes the period required for processing refunds, claims management and fraud prevention. You can find more information on how PayPal processes your data and on how to object to PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Legal basis of data processing:

The main legal basis for the processing is Art. 6b) GDPR (Fulfilment of precontractual/contractual measures) and Art. 6f) GDPR (functionality of the website) as well as the consent obtained, if given by you (Art. 6a GDPR).

Cookies

Our website uses cookies, whereby personal data can be processed.

There are four categories of cookies:

  • Essential cookies - for the basic functionality of the website.
  • Functional cookies - for ensuring the optimal performance of the website, this includes, for example, saving the language selection
  • Performance cookies - for improving the user experience and processing information about the use of the website, e.g. measuring loading times
  • Marketing cookies - to record the behavior and interests of the user for marketing purposes, e.g. to serve targeted advertisements.

Non-essential cookies are deactivated by default on our websites and are only activated if you have given us your consent to do so. Most cookies used are "session cookies" which are deleted after closing the browser. Other cookies are stored for example to display the correct language the next time you visit the website. For all cookies that are not subject to a legitimate interest of the website operator (Art. 6f) GDPR), you will be explicitly asked for your consent. You can delete your cookies at any time by, depending on your browser, usually clicking on the 3 dots/stripes at the top right and then opening the settings, entering cookies in the search field, and selecting: delete cookies/delete browser data.

Provision of the data

The provision of your data is voluntary (with the exception of the processing of navigation data) and not required by law. However, failure to provide it may result in restricted use of the website and the services offered.

Data transfer to third parties

Your data may be passed on to third parties, if necessary, but only within the scope of our business relationship, e.g. for the fulfilment of your request or, if applicable, the execution of payments via third parties and for the fulfilment of legal obligations. In principle, your data will not be transferred to non-EU countries without your explicit consent. The same also applies to the use of profiling and automated decisions.

Hosting of the website

This website is hosted by an external service provider. For this purpose, the external hoster receives personal data collected on the website. The legal basis is Art. 6b) GDPR - pre-contractual measures as well as Art. 6f) (Smooth guarantee of the tools on our website).

Google services

Our website uses services from the operator Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google may therefore process information and personal data. Please note that American authorities could theoretically gain access to this data due to American legislation (in particular the Cloud Act). Information on the legal framework for data transfer can be found at https://policies.google.com/privacy/frameworks.

With given consent: Google Tag Manager

Our website uses Google Tag Manager. The provider is Google Ireland Limited ("Google"), House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager makes it easier to integrate tracking codes. It also gives site operators the opportunity to make changes that are automatically applied to the pages without having to adapt the source code. The Google Tag Manager can communicate with the Tag Manager servers, in the course of which, when a tag is triggered, personal data may be processed (e.g. the IP address). You will be explicitly asked for your consent before the Google Tag Manager is activated. The legal basis is Art. 6a) GDPR. You can find detailed information at: https://policies.google.com/privacy

With given consent: Web analysis with Google Analytics

Our website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, U S A. Google Analytics. The information obtained through the cookies about your use of the website (including your IP address) can be transmitted to Google on servers in the U S A. The full information letter can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en. We use Google Analytics as an analysis tool to monitor the performance of our website, analyse customer behavior and take appropriate action. You will be explicitly asked for your consent before Google Analytics is activated. The legal basis is Art. 6a) GDPR. You can also prevent the described collection and processing of data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

YouTube

We use social plugins from YouTube, a site operated by Google. The operator of this site is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, U S A. When you visit a page equipped with a YouTube plugin, a connection to the YouTube servers is established. This informs the YouTube server that you have visited our site and user statistics can be compiled, e.g. by means of cookies. If you are logged into your YouTube account, YouTube can assign your visit to our website to your user account. You can prevent this by logging out of your YouTube account. For more information on how YouTube handles your user data, please see the privacy policy at https://www.google.de/intl/de/policies/privacy.

Open Street Map

We use Open Street Map to display the map and thus make it easier to see our location. The operator is: OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS United Kingdom. With the use of the map service, data is forwarded to OpenStreetMap, e.g.: IP address, device type, time of access. According to OpenStreetMap, this data is not passed on, the third-party provider Piwik stores your IP address in shortened form (shortened to 2 bytes), for a maximum of 180 days. The legal basis is Art. 6a GDPR (your voluntarily obtained consent). You can find the complete information letter on this at: https://wiki.osmfoundation.org/wiki/Privacy_Policy

SSL Encryption

This site uses SSL encryption for transmission security, e.g. for enquiries in contact forms. Active SSL encryption is used to encrypt the transmission of data that you send to us.

Underage visitors

This website is not intended for use by minors. We therefore do not collect and store data of underage visitors (except involuntarily)

The duration of data retention

The duration of data retention is measured according to the statutory retention obligations and legal obligations applicable to us.

Information on the rights of the data subjects

You can exercise your rights free of charge at any time: right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR). Please contact the above data controller. You also have the right to lodge a complaint with the Italian supervisory authority for data protection "Garante per la protezioni dei dati personali".

This privacy Information may be updated at any time.