Privacy Policy

Privacy Policy

Web privacy policy to be provided pursuant to the Legal Decree 196/2003 and Art. 13, EU Reg. 2016/679 (GDPR)

Identity and contact information for data controller 

The data controller is Enoitalia S.p.A (below: “Enoitalia” or “the Owner”), with registered office at Loc. Colombara, 5, 37011 Calmasino di Bardolino (VR) – P. IVA and C.F. 01871110233.

The organization responsible of data protection (DPO), named by the Owner as pert the art. 37 GDPR, is the Omniconsulting S.r.l.s. with registered office in Torino, Via Roma 366, P.IVA and C.F. 11868170017, email 

Category of personal data, purpose of processing, legal basis


The computer systems and software procedures that operate the site acquire certain personal data that is implicitly transferable in the use of Internet communication protocols. Although this information is not collected to be associated with identified users, it could, by its very nature, through processing and association with data held by third parties, allow users to be identified.

This data category includes the IP addresses or domain names of the computers used by users connecting to the site, the Uniform Resource Identifier (URI) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful). , error, etc.) and other parameters related to the operating system as well as the User’s IT environment. 

This data is utilized for the purpose of obtaining anonymous statistical information about use of the site and to check the site’s proper functioning. The data could also be used to ascertain liability in case of computer crimes against the site.

The processing takes place in pursuit of the Data Controller’s legitimate interest in ensuring the correct functioning of the site (art.6, 1 co.,lit. f) GDPR.


Cookies are short fragments of text (letters and/or numbers) that allow the web server to store information on the client (the browser). The information can be used during an ongoing visit to the site (session cookies) or a day, or several days later (persistent cookies).

Cookies are stored by the individual browser on the specific device used (computer, tablet, smartphone), according to the User’s preferences.

This site uses different types of cookies:

  • Strictly necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to the protected areas of the site. The website cannot function properly without these cookies (art. 6, 1 co., lit. f) GDPR).
  • Preference cookies allow a website to recall information that influences how the site behaves or presents itself, such as the preferred language or region in which the user is located (art. 6, 1 co., lit. a) GDPR).
  • Statistical cookies help website managers understand how visitors interact with sites by collecting and transmitting information anonymously (art. 6, 1 co., lit. a) GDPR).
  • Marketing cookies are used to monitor visitors on websites. The intent is to display ads that are relevant and engaging to the individual user, and which  are therefore more valuable to third-party publishers and advertisers (Art. 6, 1 co., lit. a) GDPR).

This websites uses different cookies. Some cookies that appear on the pages of the site are placed by third-party services. At any time you may change or withdraw your consent through the “Declaration of Cookies” form which appears on our website.


While browsing certain parts of the site, users may see a contact form to receive information from Enoitalia S.p.A. In addition, the optional, explicit and voluntary sending of an e-mail to addresses indicated on this site involves the subsequent acquisition of the sender’s email address (needed for responding to requests), as well as any other personal data provided in the user’s letter. This data may also be used for the creation of an archive for the purpose of sending e-mails about legitimate proposals or future initiatives by Enoitalia S.p.A. based on legitimate interest (art.6, co.,let.f) GDPR).

Length of time data is stored 

Navigation data is stored for short periods of time, with the exception of any extensions related to investigation activities or for the assessment of liability in case of hypothetical computer crimes against the site. Cookies are stored according to the “Declaration of Cookies”. Data collected through contact  forms or received by email will be kept for as long as necessary to fully respond to requests.

Data processing

Personal data is processed by the Data Controller in predominantly electronic ways: it is stored on servers within the controller’s corporate management system  and/or third-party companies appointed and duly appointed as Data Processors. Appropriate security measures are observed to prevent data loss or alteration (including accidental), unlawful or incorrect uses and unauthorized access.

Scope of data communication

Where appropriate, and in accordance with applicable laws and requirements, we may transmit your personal data in various ways and for various reasons to the following categories of end-users:

  • External service providers acting on our behalf (including external consultants, business partners and professionals, IT consultants and technical support personnel who carry out audits and development activities on our IT systems);
  • External providers of IT services and data analysis, as well as ADV and social digital marketing services acting as our external managers, who have been appointed as such on the basis of art.28 GDPR, or autonomous owners.

Place of processing and transfer of data in non-EU countries

Processing, including storage, of personal data takes place on servers owned by Enoitalia and/or third-party companies in charge, and duly appointed as data processors, located within the European Union. However, personal data may be transferred to third countries, mainly for analysis and digital and  social  marketing services, or to social networks platforms. Such transfers are carried out in accordance with the contractual clauses referred to in the Decision of the European Commission of 5 February 2010 for the transfer of personal data to managers located in third countries, in compliance with the requirements of art. 46, GDPR and, where applicable for compliance with contractual obligations of which it is part of the interested party, in compliance with the provisions of art. 49, paragraph 1, point b), GDPR.

Rights of data subjects pursuant to Articles 15 to 22, GDPR 

You have the right to contact the to the Data Controller Enoitalia S.p.A., a data subject can exercise the rights to: 

  • access (art.15, GDPR), rectification (art.16, GDPR), 
  • cancellation (art.17, GDPR), 
  • limitation of processing (art.18, GDPR), 
  • notification in case of correction or cancellation (art.19, GDPR), 
  • data portability (art.20, GDPR), withdrawal of consent, 
  • opposition to processing (art.21, GDPR) for legitimate reasons or for sending marketing and direct sales communications, even limited to one or more modes of contact (e.g. by post and/or e-mail and/or telephone), 
  • as well as to oppose profiling (art.22, GDPR) if connected to direct marketing. At any time, the data subject may request a complete and up-to-date list of data controllers and third parties to whom personal data may be disclosed.

Complaint to the Supervisory Authority

The data subject has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Guarantor for the Protection of Personal Data – Piazza Venezia 11, 00187 Rome (RM)–, sending emails to, using the form available on the Authority’s website.

Data Protection Officer

The Data Protection Officer can be contacted at for information on data processing.

This information is provided to the Users of the Site pursuant to art. 13 EU Regulation 2016/679.

Data Controller

The Data Controller is the company Enoitalia S.p.A. with headquarters in Italy, Località Colombara, Bardolino (VR) fraz. Calmasino.

Data Types

The processing relates to Personal Data (name, surname, company name, address, landline / mobile phone, e-mail address, VAT number and any other information requested by the User).

Purpose and legal basis of the processing

The processing of personal data is based on the principles of correctness, lawfulness, transparency and protection of the privacy and rights of the User and is conducted for the following purposes:

  1. organization and implementation of activities connected to and instrumental in planning, start-up, conclusion and execution of contractual relationships;
  2. execution of obligations deriving from the contract concluded with the User;
  3. fulfillment of legal obligations of an administrative, accounting, civil, fiscal, regulatory,community and non-EU nature;
  4. general management of the relationship with the User (data acquisition and pre-contractual information, contacts, correspondence, orders, deliveries, invoices);
  5. management of litigation (breach of contract, notice, transactions, debt collection, legaldisputes);
  6. carrying out market research, sending advertising material and promotional activities(sending, also via e-mail, information and communications relating to technical and commercial services, value-added services, pre and post sales services, news and promotions), with prior consent of the User; this type of service allows to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User and may allow to collect data relating to the date and time of display of messages by the User, as well as the User’s interaction with them, such as information about clicks on links inserted in messages.

The Data Controller processes Personal Data relating to the User in the event one of the following conditions exists:

  1. the User has given consent for one or more specific purposes;
  2. the processing is necessary for the execution of a contract with the User and / or theexecution of pre-contractual measures;
  3. the processing is necessary to fulfill a legal obligation to which the Data Controller issubject;
  4. the processing is necessary for the performance of a task carried out in the publicinterest or for the exercise of public authority vested in the Data Controller;
  5. the processing is necessary for the pursuit of the legitimate interest of the DataController or third parties.

It is possible to request the Data Controller to clarify the concrete legal basis of each treatment and to specify whether the treatment is based on the law, foreseen by a contract or necessary to conclude a contract.

Provision of Data

The provision of data is mandatory and their failure, partial or incorrect conferment may have, as a consequence, the inability to provide the services as well as fulfill the contractual obligations or requests of the User.


The consent given for carrying out market research, sending advertising material and promotional activities is optional and can be revoked at any time pursuant to art. 6 GDPR.

Processing Mode

The processing is carried out with manual and / or computerized and telematic tools with organizational and processing logics strictly related to the purposes themselves and in any case in order to guarantee the security, integrity and confidentiality of the data in compliance with organizational, physical and logics provided for by the provisions in force.

The Data Controller shall take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

In addition to the Data Controller, in some cases, other subjects (administrative, commercial, marketing, legal, system administrators) or external subjects (suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, Data Processors by the Data Controller. The updated list of Data Processors can always be requested to the Data Controller.

Data Transfer

The Data are not transferred outside the European Union, but the Owner reserves the right to change the location of the servers even outside the European Union, ensuring, in this case, that the transfer will take place in accordance with the provisions and with the appropriate guarantees of the law.

Data Retention

Data processing and storage are carried out on servers located within the European Union, where appropriate also with third-party companies in charge and duly appointed as Data Processors.

Personal Data is stored in such a way as to allow identification of the Data Subject for a period not exceeding the achievement of the purposes for which it is processed and, in the case of revocation of consent, will be deleted.

Rights of the Data Subject

The User may at any time ask:

  1. to have access to personal data;
  2. to obtain the correction or cancellation of the personal data or the limitation of theprocessing that concerns him;
  3. to oppose the processing;
  4. data portability;
  5. to revoke the consent, where provided: the withdrawal of consent does not affect thelawfulness of the processing based on the consent given before the revocation;
  6. to propose a complaint to the supervisory authority (Privacy Guarantor).


The exercise of your rights as well as information and requests regarding privacy can be sent to Enoitalia by e-mail to the address .