Privacy policy

Privacy Policy - https://dibaldospirits.com/

Last Update: April 4 2025

 

What is this document? Through this information notice, drawn up pursuant to Article 13 of the European Regulation No. 679/2016 (“General Data Protection Regulation” or “GDPR”), and in compliance with its principles, DIBALDO S.r.l. intends to inform each user (the “Data Subject”) about the processing of personal data collected through the website https://dibaldospirits.com/ (the “Website”).

Data Controller and Contact Details

DIBALDO S.r.l. (hereinafter “Data Controller”, under Art. 4(7) GDPR), with registered office in Via Pasquale Tosi 302, 47822, Santarcangelo di Romagna (RN), VAT and Tax Code: 04715080406, e-mail: info@dibaldospirits.com.

Purpose of Processing, Legal Basis, Processed Personal Data and Data Retention Period

The Data Controller acquires personal data for the following purposes, as specified below, where the legal basis and the duration of data processing are also indicated.

Purpose	Personal Data	Legal Basis	Data Retention Period
Website registration and account management	✓ Identification data (Name, Surname) ✓ Contact details (Email address, Phone number)	Execution of pre-contractual and contractual measures [Art. 6(1)(b) GDPR]	Until erasure request or, otherwise, 24 months from the user’s last login
Contract conclusion, execution and management	✓ Identification data ✓ Contact details ✓ Tax Code ✓ Product data	Execution of contractual/pre-contractual measures [Art. 6(1)(b) GDPR]	For the duration of the contract and for the time required to comply with legal obligations and statutory limitation periods under Art. 2946 et seq. of the Italian Civil Code
To collect anonymous statistical information on Website usage and ensure correct functioning	✓ IP addresses or domain names of devices ✓ URI addresses, time, method, status codes, file size, etc.	Legitimate interest of the Data Controller [Art. 6(1)(f) GDPR]	7 days from collection
Customer service and support (via email, phone)	✓ Identification data ✓ Contact details ✓ Support request details	Execution of contractual/pre-contractual measures [Art. 6(1)(b) GDPR]	As required by legal retention obligations and limitation periods
Marketing (newsletter and other product/service communications via email)	✓ Identification data ✓ Contact details	Consent [Art. 6(1)(a) GDPR]	Until withdrawal of consent or, otherwise, no more than 24 months from last contact
Sending of marketing communications about similar products/services (soft spam)	✓ Identification data ✓ Contact details ✓ Product data	Legitimate interest of the Data Controller [Art. 6(1)(f) GDPR]	Until objection request or, otherwise, 24 months from last contact
Compliance with legal, accounting, tax and alcohol-related obligations	✓ Identification data ✓ Contact details	Legal obligation [Art. 6(1)(c) GDPR]	For the period required by applicable legislation
Fraud prevention and legal rights protection	✓ Identification data ✓ Contact details ✓ IP address and domain names ✓ URI addresses and timestamps	Legitimate interest of the Data Controller [Art. 6(1)(f) GDPR and Art. 24 Constitution]	10 years

The Data Subject may request clarification on the legal basis for each processing operation at any time.

Nature of Data Provision

The provision of data for purposes A), B), and D) is necessary to access the requested services. Failure to provide such data will make it impossible to provide the requested service.
Data provision for purpose E) is optional. Refusal to give consent does not prevent the use of the Website.
Data provision for purposes C), F), and H) is necessary for the legitimate interest of the Data Controller. The Data Subject retains the right to object at any time.

Data provision for purpose G) is mandatory for legal compliance.

Data Processing Methods

Processing is carried out through IT and manual tools designed to ensure suitable security measures and prevent unauthorized access, disclosure, loss, or unlawful or incorrect use of data.

Data Access

The Data will be processed by the internal staff of the Data Controller specifically authorized pursuant to Article 29 of the GDPR.

The Data may also be shared with the following external subjects: (i) Internet service providers and platforms used by the Data Controller as organizational tools, communication and/or promotion channels; (ii) entities that carry out logistics, warehousing, promotion and delivery activities related to the Data Controller’s products and services; (iii) entities providing customer support services; (iv) firms and other entities that provide assistance, consultancy and services of a legal, fiscal, accounting, economic-financial, technical-organizational, data processing or communication nature; (v) entities providing banking, financial, insurance and debt collection services; (vi) entities carrying out anti-fraud checks on payments; (vii) persons or organizations involved in mergers, sales of company assets, financing or acquisitions of all or part of our business by another company.

These subjects act as independent data controllers or as data processors. In the latter case, the Data Controller has signed a specific agreement pursuant to Article 28 of the GDPR (Appointment as Data Processor). The list of data processors is available by sending a request to the Data Controller at the addresses indicated in the section “Data Controller and Contact Details.”

Data Processing Location

Personal data are processed at the Data Controller’s registered office, as well as on the servers hosting the website https://dibaldospirits.com/. The Data Controller may transfer personal data to third countries located outside the EEA (including the United States of America). In such cases, the processing of personal data by these recipients is carried out in compliance with the applicable law. Transfers are carried out using appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards provided for by the GDPR.

Rights of the Data Subject

The User may exercise all the rights provided for in Articles 15–21 of the GDPR at any time and without unjustified restrictions, by contacting the Data Controller at the email address info@dibaldospirits.com. Requests are submitted free of charge and handled by the Data Controller within 30 days.

In particular, the User may:

• Obtain confirmation as to whether or not data processing is taking place (Art. 15);
  
• Obtain the rectification of inaccurate or incomplete data (Art. 16);
  
• Obtain the erasure of the data without undue delay (Art. 17);
  
• Restrict the processing to only part of the personal data (Art. 18);
  
• Receive a copy of the personal data held by the Data Controller, in a commonly used and machine-readable format; obtain its transfer without hindrance to another Data Controller (Art. 20);
  
• Object at any time to the processing of personal data (Art. 21);
  
• With regard to purposes of processing based on consent, withdraw it at any time.

Complaints

The User may always lodge a complaint with the competent Authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the GDPR, if they believe that the Data Controller is processing their Personal Data in violation of the applicable legislation.

Amendments

The Data Controller reserves the right to modify and update this Privacy Policy following any new national or European legal provision on the protection of personal data.