Privacy Policy

Information on the Processing of Personal Data pursuant to EU Regulation 2016/679

This privacy notice is provided in accordance with Article 13 of EU Regulation 2016/679 and supplies the Data Subject with the information required under current legislation regarding the processing of their personal data. This notice applies exclusively to data collected and processed through the websites https://wineclub.talosa.it/en/ and https://wineclub.talosa.it/en/wine-club-talosa/ (websites of the “Talosa Wine Club”).

1) Data Controller

The Data Controller is Fattoria della Talosa Società Agricola a Responsabilità Limitata (Tax Code and VAT no. 00136070521), with registered office in Montepulciano (SI), Via Talosa no. 8, email: info@talosa.it, certified email (PEC): fattoriatalosa@legamail.it (hereinafter referred to as the “Data Controller”).

The Data Protection Officer (DPO) is Mr. Michele Merola (Tax Code: MRLMHL74C23L303J), who can be contacted for any information or requests (email: info@talosa.it; certified email: fattoriatalosa@legamail.it).

2) Types of Data Processed

The Data Controller processes the following personal data of the Data Subject, specifically:

– Browsing data: the IT systems and software procedures responsible for the operation of the websites https://wineclub.talosa.it/en/ and https://wineclub.talosa.it/en/wine-club-talosa/ (websites of the “Talosa Wine Club”) acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information not collected to be associated with identified data subjects, but which by their nature could, through processing and association with data held by third parties, allow the identification of users. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.) and other parameters related to the user’s operating system and IT environment.

– Personal data voluntarily provided by the Data Subject: The optional, explicit, and voluntary transmission of personal data to the Data Controller, by e-mail messages sent to addresses indicated on the websites https://wineclub.talosa.it/en/ and https://wineclub.talosa.it/en/wine-club-talosa/ and/or by filling in forms on the aforementioned websites, entails the acquisition of the sender’s e-mail address as well as all other personal data requested by the Data Controller to respond to any specific requests, such as first name, last name, residence address, nationality, landline and/or mobile phone, tax code.

The following personal data will not be processed pursuant to Art. 9 of the GDPR: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, health data, data concerning sexual life or sexual orientation. If the service requested from Fattoria della Talosa Società Agricola a Responsabilità Limitata requires the processing of such data, specific information will be provided to the Data Subject in advance and explicit consent will be requested.

3) Purpose of Data Processing

The personal data of the Data Subject will be processed for the following purposes:

  1. a) compliance with legal obligations, both national and European, as well as orders/instructions from Public Authorities and/or Supervisory Bodies;
  2. b) fulfillment of obligations related to registration and membership in the “Talosa Wine Club,” to identify, register, and enroll the Data Subject in the “Talosa Wine Club”; to carry out activities connected to participation in the “Talosa Wine Club,” which cannot be exercised anonymously, necessary for the attribution of benefits/advantages related to the club, including use and recognition of promotions, participation in promotional events reserved for Wine Club members, ensuring correct operation of the “Talosa Wine Club” and related websites (https://wineclub.talosa.it/en/ and https://wineclub.talosa.it/en/wine-club-talosa/), and resolving any issues;
  3. c) sales activities, to allow preliminary and subsequent activities related to the purchase of a product and/or service from Fattoria della Talosa Società Agricola a Responsabilità Limitata by the Data Subject, management of the order, shipping of the purchased product and/or provision of the service, invoicing, payment management, handling complaints, as well as fulfillment of any other obligations (including legal ones) arising from the contract;
  4. d) direct marketing activities, including but not limited to market research, sending e-mails containing informational, advertising, and promotional material related to the “Talosa Wine Club” and, more generally, concerning Fattoria della Talosa Società Agricola a Responsabilità Limitata and its products or services;
  5. e) client profiling activities to send personalized commercial and promotional information to the Data Subject via e-mail;
  6. f) use of newsletters for periodic sending, via e-mail, of communications containing updates, informational, advertising, and promotional material related to the “Talosa Wine Club” program and, more generally, concerning products and/or services provided by Fattoria della Talosa Società Agricola a Responsabilità Limitata or initiatives and events of the same;
  7. g) pursuit of the legitimate interest of the Data Controller [e.g., to allow correct navigation of the Data Subject on the websites https://wineclub.talosa.it/en/ and https://wineclub.talosa.it/en/wine-club-talosa/ (Talosa Wine Club websites); debt recovery; reporting and auditing; service quality monitoring and verification; dispute management; exercising or defending a right in out-of-court and judicial proceedings, etc.]:
  8. h) statistical activities, to carry out statistical analyses on aggregated and anonymous data to verify the proper functioning of the websites https://wineclub.talosa.it/en/ and https://wineclub.talosa.it/en/wine-club-talosa/ (Talosa Wine Club websites) and improve the products and services provided by the Data Controller. More information on this purpose is provided in the section “Details on the Processing of Personal Data”.

4) Details on the Processing of Personal Data

For processing the personal data of the Data Subject, the following third-party tools are also used:

Google Analytics 4 (GA4)

Google Analytics is a statistical service provided by Google LLC or Google Ireland Limited, depending on how the Data Controller manages data processing (“Google”). Google uses the personal data collected to track and examine the use of the websites https://wineclub.talosa.it/en and https://wineclub.talosa.it/en/wine-club-talosa/, compile reports, and share them with other Google services. Google may use personal data to contextualize and personalize ads on its advertising network. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before data is recorded in any data center or server. For more details, consult Google’s official documentation.

To learn about Google’s data usage, please consult Google’s partner policies.

Personal Data processed: Usage data; Tracking tools.

Location of processing: United States – Privacy PolicyOpt Out; Ireland – Privacy PolicyOpt Out.

Meta Ads Conversion Tracking (Meta Pixel)

Meta Ads conversion tracking (Meta Pixel) is a statistics service provided by Meta Platforms Inc. or Meta Platforms Ireland Limited, depending on how the Data Controller manages data processing, which links data from the Meta advertising network to actions performed within the websites https://wineclub.talosa.it/en and https://wineclub.talosa.it/en/wine-club-talosa/. The Meta Pixel tracks conversions attributable to ads on Facebook, Instagram, and Audience Network

Personal Data processed: Usage data; Tracking tool.

Location of processing: United States – Privacy PolicyOpt out; Ireland – Privacy PolicyOpt out.

5) Nature of Data Provision and Legal Basis for Processing

Regarding the purposes in Art. 3), letter a):
i) provision of data is necessary because, without it, the Data Controller cannot carry out the activity requested by the Data Subject that presupposes fulfillment of a legal obligation by the Data Controller;
ii) the legal basis for processing is compliance with a legal obligation.

Regarding the purposes in Art. 3), letter b):
i) provision of personal data is necessary because, without it, registration/membership in the “Talosa Wine Club” is impossible;
ii) the legal basis for processing is the execution of services provided through the Data Subject’s registration in the “Talosa Wine Club” and the Data Controller’s legitimate interest to ensure the proper functioning of the “Talosa Wine Club,” rapid problem resolution, and improving the user experience of members.

Regarding the purposes in Art. 3), letter c):
i) provision of personal data is necessary because, without it, management of purchases made by the Data Subject is impossible;
ii) the legal basis for processing is compliance with legal obligations and fulfillment of contractual obligations with the Data Subject.

Regarding the purposes in Art. 3), letters d), e), f), and h):
i) provision of personal data is optional;
ii) the legal basis for processing is the Data Subject’s explicit consent.

Regarding the purposes in Art. 3), letter g):
i) provision of data is necessary for pursuing the Data Controller’s legitimate interest;
ii) the legal basis for processing is the Data Controller’s legitimate interest, balanced against the rights of the Data Subject.

6) Methods of Data Processing

Personal data processing (collected and/or received) respects the principles of lawfulness, fairness, and transparency as well as integrity and confidentiality according to applicable laws.

The Data Controller processes personal data adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction. Processing is carried out using IT, telematic, and/or manual tools, with organizational methods and logics strictly related to the purposes indicated.

7) Communication and Access

Besides the Data Controller, other persons involved in the “Talosa Wine Club” program (administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may access personal data and may be appointed as Data Processors when necessary. The updated list of Data Processors can always be requested from the Data Controller.

Personal data may also be communicated to third parties (e.g., administrative, judicial, supervisory, and control authorities) if required by law, regulation, or EU legislation.

If recipients are located outside the EU in countries without an adequate level of data protection, the Data Controller will adopt all necessary measures to ensure data transfers outside the EU are properly safeguarded as required by applicable privacy laws.

The Data Subject’s personal data will not be subject to dissemination.

8) Data Retention Period

Except for legal obligations, personal data are retained no longer than necessary for the purposes processed. Specifically:

– For membership purposes to the “Talosa Wine Club,” data will be kept as long as the Data Subject remains a member and for related legal, regulatory, and defensive purposes;

– For marketing/promotional purposes, data will be kept for 24 months from when consent was given, unless revoked;

– For profiling purposes, data will be kept for 12 months from when consent was given, unless revoked;

– For other purposes based on consent, data will be kept until consent is withdrawn;

– For purposes based on legitimate interest, data will be kept until the interest is satisfied. Further information about the legitimate interest pursued can be requested from the Data Controller.

Data may be retained longer if necessary to comply with legal obligations or authority orders.

At the end of the retention period, personal data will be deleted or anonymized within 30 days.

9) Data Subject Rights

The Data Subject, within the limits and modalities of EU Regulation 679/2016 (GDPR) and applicable laws, has the right to:

– withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal;

– obtain from the Data Controller confirmation as to whether or not personal data concerning them are being processed and, if so, to gain access to the personal data and the information provided for under Article 15 of the GDPR;

– to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them, as well as the completion of incomplete personal data, including by means of providing a supplementary statement;

– to obtain from the Data Controller the erasure (“right to be forgotten”) of personal data concerning them without undue delay where one of the grounds set out in Article 17 of the GDPR applies, provided that the processing is not necessary for the purposes outlined in paragraph 3 of Article 17 of the GDPR;

– to obtain from the Data Controller the restriction of processing where one of the circumstances under Article 18 of the GDPR applies;

– to request that the Data Controller inform recipients to whom personal data have been disclosed about any rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort;

– to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and, where applicable under Article 20 of the GDPR, to transmit those data to another controller without hindrance from the Data Controller to which the data were provided (“data portability”). Where technically feasible, the data subject also has the right to have the personal data transmitted directly from one controller to another;

– to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them pursuant to Article 6(1)(e) or (f) of the GDPR;

– where personal data are processed for direct marketing purposes, to object at any time to the processing of personal data concerning them for such purposes, including profiling to the extent that it is related to such direct marketing;

– to lodge a complaint with the Data Protection Authority (Garante per la Protezione dei Dati Personali), as the competent supervisory authority;

– and, more generally, to exercise all the rights granted to them by applicable data protection legislation.

These rights may be exercised by sending a written request via email to info@talosa.it, certified email (PEC) to fattoriatalosa@legalmail.it, or by registered letter with return receipt to the registered office of Fattoria della Talosa Società Agricola a Responsabilità Limitata, Via Talosa no. 8, Montepulciano (SI), Italy.

10) Cookies

The websites https://wineclub.talosa.it/en and https://wineclub.talosa.it/en/wine-club-talosa/ use cookies. For more detailed information, data subjects may consult the Cookie Policy available on the websites.

11) Changes to this Privacy Notice

The Data Controller reserves the right to modify and/or update this Privacy Notice at any time. To facilitate access to the amended and/or updated text, each version of the notice will include the date of the last update.

Privacy Notice updated: July 2025