INFORMATION NOTICE
Privacy Policy
INFORMATION NOTICE FOR CUSTOMERS
REGARDING THE PROTECTION OF PERSONAL DATA
(EU Regulation No. 2016/679, “GDPR”)
Liquorificio Morelli is committed to ensuring the protection and security of the personal data (“Data”) provided to it. To this end, pursuant to Art. 13 of Legislative Decree 196/2003 and Articles 13 et seq. of the European General Data Protection Regulation 2016/679 (hereinafter also “EU Regulation”), the Controller intends to provide you with the following information regarding the processing of personal data carried out through the websites liquorimorelli.it and shop.liquorimorelli.it
A – Who is the data controller?
B – What types of data do we process?
C – On what basis and for what purposes do we process the data?
D – How do we process the data?
E – To whom do we disclose the data?
F – Transfer of data to a third country or international organizations
G – How long do we retain the data?
H – What data can you access and what rights can you exercise?
I – How can you contact the data controller?
A – Who is the data controller?
The data controller is Liquorificio Morelli located in Palaia (PI), Via Antonio Meucci, 29-33, 56036, fraz. Montanelli. Strad. 31100, (VAT and Tax Code 00957820509).
Contacts: +39 0587 629044 – alexandra@liquorimorelli.it
B – What types of data do we process?
Through the website, we process the personal data you may choose to provide, including but not limited to: email address, telephone number, and the identifying information required to complete a purchase on the e-shop. We do not process your special categories of personal data (formerly “sensitive” data). Providing the personal data required for processing is optional. However, failure to provide all or part of the requested data for the purposes described below may result in the partial or total impossibility to establish or continue the relationship with the Customer, insofar as such data are necessary for its execution.
Regarding cookies, we invite you to visit the dedicated page: Cookie Policy
C – For what purposes do we process the data and on what legal basis?
The purposes for which the data are processed are as follows:
| Purpose | Legal basis |
| fulfilling pre-contractual and contractual obligations related to the purchase; | performance of pre-contractual or contractual measures to which the data subject is a party |
| Advertising and marketing activities | Consent of the data subject* |
| Soft-spam activities | Legitimate interest |
| Actions aimed at ensuring the protection and security of the controller, company assets, and third-party safety | Legitimate interest |
| Legal obligations | Compliance with legal and regulatory obligations |
*Please note that consent may be withheld or revoked at any time (the revocation will not affect other processing activities). In any case, processing carried out based on consent prior to its withdrawal will be considered lawful.
D – How do we process the data?
Data processing is carried out using electronic tools and/or paper supports by personnel bound to confidentiality, following procedures related to the purposes indicated and in any case ensuring data security and confidentiality.
E – To whom do we disclose the data?
Where necessary, the data may be disclosed to third parties known to us who will process them exclusively for the purposes stated above and solely on our behalf. In particular, we disclose data to: external companies providing services on our behalf; public bodies and public administrations (for legal obligations); professionals and third-party service providers acting on our behalf.
When we use service providers that involve the transmission and processing of personal data, we enter into agreements requiring them to adopt appropriate technical and organizational measures to protect personal data. In any case, the data will not be disseminated. The list of designated external processors is available at the Controller’s office and can be provided upon request.
F – Transfer of data to a third country or international organizations
As part of managing the contractual relationship, no transfer of Customer data to non-EU third countries or to international organizations is foreseen.
G – How long do we retain the data?
Personal data are retained in a form that allows the identification of data subjects for no longer than necessary to achieve the purposes for which they are processed.
For the purposes indicated in points 1, 4, and 5, the Customer’s personal data will be processed and retained by the Controller for the entire duration of the contractual relationship and, after its termination for any reason, for the period required by applicable accounting, tax, civil, and procedural regulations.
For the purposes in point 2, the Customer’s personal data will be processed and retained by the Controller until consent is withdrawn or until the Customer exercises the right to deletion. In any case, in the absence of an ongoing contractual relationship, the data will not be processed for more than 24 months.
With reference to soft-spam activities, emails will be sent only following a purchase, after which the email address will be deleted unless the Customer has provided consent to receive marketing communications, in which case the retention periods in point 2 apply.
H – What data can you access and what rights can you exercise?
As a Data Subject and in relation to the processing described in this Privacy Notice, the Customer has the rights set out in Articles 7, 15–21, and 77 of the GDPR. In particular, the Customer has the right to exercise:
- access to their data, in order to know which personal data concerning them are being processed and to obtain a copy;
- rectification of their data, if inaccurate or incomplete;
- erasure of their data, when the processing is no longer necessary for the declared purposes or is unlawful, or in case of withdrawal of consent or objection to processing;
- restriction of processing, when considered unlawful as an alternative to deletion, or when rectification has been requested or processing has been objected to;
- data portability (limited to purposes 1, 7, 8, and 9), when requesting to receive personal data concerning them or their transfer to another controller in a commonly used, machine-readable format (where technically feasible).
- right to lodge a complaint – Article 77 GDPR: the Customer has the right to lodge a complaint with the Data Protection Authority, Piazza Venezia 11, 00187 Rome (RM).
The Customer may exercise their rights at any time by sending a registered letter with return receipt to: Liquorificio Morelli, Via Antonio Meucci, 29-33, 56036, Montanelli, Palaia (PI), (VAT and Tax Code 00957820509), or by sending an email to: alexandra@liquorimorelli.it.
See also https://www.garanteprivacy.it/i-miei-diritti.
In addition to the rights listed above, the Data Subject may file a complaint with the Supervisory Authority: Garante per la protezione dei dati personali – website: www.garanteprivacy.it – email: protocollo@gpdp.it. For further information on how to exercise your rights or for clarifications, you may contact us at any time.
I – How can you contact the data controller?
For any communication to the Controller, please use the following contacts:
Postal address (registered letter): Liquorificio Morelli, Via Antonio Meucci, 29-33, 56036, Montanelli, Palaia (PI);
Tel. +39 0587 629044;
Email address: alexandra@liquorimorelli.it – Certified Email (PEC): info@pec.liquorimorelli.it
(last rev. 03/Jan.24)
