Privacy Policy
Last updated: March 19, 2025

This Privacy Policy explains how Azienda Agricola Montaribaldi ("Company," "We," "Us," or "Our") collects, processes, and protects your personal data when you use our Montaribaldi Wine Tasting Booking service ("Service"). It also outlines your rights under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA) and how you can exercise them.

By using the Service, you agree to the collection, use, and processing of your personal data as described in this Privacy Policy.

1. Interpretation and Definitions

The meanings of capitalized words in this Privacy Policy are outlined in the Definitions section at the end.

2. Legal Basis for Data Processing (Article 6 GDPR)

We process your personal data only when there is a legal basis to do so:

• Contractual Necessity: To provide and maintain our Service.
• Legal Obligation: Compliance with applicable laws.
• Legitimate Interest: Analytics, fraud prevention, and security.
• User Consent: When you opt in for marketing communications.

3. Data Collection and Usage

Types of Data Collected

We collect the following personal data during the wine tasting booking process:

• Name
• Surname
• Phone number
• Email
• Country

These details are collected only for booking-related purposes, including:

• Confirming and managing reservations.
• Contacting users if necessary regarding their booking.

We do not collect or process sensitive personal data as defined in Article 9 of GDPR.

Third-Party Data Processors

We may use Google Analytics to improve website functionality and user experience. Google Analytics may collect anonymous usage data to analyze trends and improve our service. You can learn more about Google’s data practices in their Privacy Policy.

We do not use any payment processor, as all payments are made directly at our winery.

Tracking Technologies & Cookies

We use cookies to enhance your experience. For details, see our Cookie Policy.

4. User Rights Under GDPR (Articles 15-22) & CCPA/CPRA

Your Rights Under GDPR

You have the following rights under GDPR:

• Access Your Data: Download all your personal data at any time from your profile.
• Correction: Update inaccurate or incomplete data.
• Right to Erasure (Oblivion): You can request permanent deletion of your personal data directly inside the app. Once deleted, no personal data remains in our system.
• Restriction of Processing: Limit data usage in certain cases.
• Data Portability: Receive a copy of your data in a structured format.
• Right to Object: Stop specific data processing activities.
• Automated Decision-Making & Profiling: We do not use AI profiling on your personal data.

Your Rights Under CCPA/CPRA (For California Residents)

If you are a California resident, you have the right to:

• Know what personal data is collected and how it is used.
• Request access to personal data (similar to GDPR).
• Request deletion of personal data (except for legal exceptions).
• Opt-out of data sharing (even if we do not sell data, California law requires an opt-out mechanism).
• Correct inaccurate data.
• Limit the use of sensitive personal data.
• Non-discrimination for exercising these rights.

To exercise these rights, contact us at info@montaribaldi.com or https://booking.montaribaldi.com/user/profile.

5. Data Retention & Anonymization

• Oblivion Requests: When you delete your account, all personal data is permanently erased.
• Long-Term Data Handling: After 5 years of inactivity, user data is anonymized for analytical purposes.
• Business Data Retention: Some non-personal, aggregated data is retained for historic analysis.

6. Marketing Communications

• User Choice: During sign-up, users specify if they want to receive newsletters or marketing emails.
• Opt-In/Opt-Out: Users can update their preferences at any time inside their profile settings.

7. Data Security & International Transfers

• Encryption: All sensitive data is stored in an encrypted format inside our database.
• GDPR & CCPA Compliance: We ensure any data transferred outside the EU meets GDPR standards via Standard Contractual Clauses (SCCs).

8. Data Breach Notification Policy (Article 33-34 GDPR & CCPA/CPRA)

We take data security seriously. In the event of a data breach, we will notify affected users within 72 hours via:

• Email notification
• A banner on the user’s profile page

9. Do We Sell or Share Personal Information? (CCPA Compliance)

We do not sell, trade, or rent personal data to third parties. We also do not share personal information for cross-context behavioral advertising.

California residents may request to opt out of any future data sharing by contacting us at info@montaribaldi.com.

10. Right to Lodge a Complaint with the Data Protection Authority (DPA)

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

For European Union Residents:

• Italian Data Protection Authority (Garante per la Protezione dei Dati Personali): https://www.garanteprivacy.it

For California Residents:

• California Privacy Protection Agency (CPPA): https://cppa.ca.gov

11. Contact Information

For questions or to exercise your rights under GDPR, CCPA, or CPRA, contact us:

• Email: info@montaribaldi.com
• Website: https://booking.montaribaldi.com/user/profile

This Privacy Policy may be updated periodically. Please check this page for any changes.