What Information We Gather
We may gather certain information, either personal or anonymous, based on your activities or data submitted while browsing our website, in the following formats.
If you submit an order, and/or opt in to a mailing list on our website, we collect any personal data submitted by you in order to process your request.
Our website uses the following tools to collect statistical information about browsing behaviour and device or browser information, in order to improve the experience of our website:
To opt out of Google Analytics data collection, you can install this tool.
Embedded content from other websites
Articles on this site may occasionally include embedded content (e.g. videos, certain advertisements). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We sometimes provide links to third-party websites. While on these sites, these parties may collect information about you. Because we do not control the information policies or practices of these third parties, you should review their privacy policies to learn more about how they collect and use personally identifiable information.
How We Use Your Information
We may use your personal information when we have a valid reason to do so. This includes:
- Deliver subscriber services such as mailing list blasts or newsletters. The processing of data is carried out based on the consent given by the user (Article 6 (1)(a) GDPR);
- Send you by email updates on news and commercial offers relating to Birra Nursia products. The processing of data is carried out based on the consent given by the user to the use of his/her personal data for marketing purposes (Article 6 (1)(a) GDPR). However, consent is not required when we use your email address to send you information about similar products and services to those you have already purchased. In this case, the processing activities are performed on the basis of the legitimate interest of the data controller (so-called “soft spam”);
- Process and/or respond to an order. The processing of data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1)(b) GDPR);
- Respond to questions, support requests and any other special requests. The processing of data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1)(b) GDPR);
- Enable you to browse our website and to manage your account registrations and functionalities. The processing of data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1)(b) GDPR);
- Improve your website experience. The processing of data is carried out based on the legitimate interest pursued by the controller or by a third party (Article 6 (1)(f) GDPR);
- Defending our rights in the event of complaints. Processing is necessary for the purposes of the legitimate interests pursued by the controller (article 6(1)(f) GDPR).
The provision of your personal data is essential to interact with our website, to provide you with the services you have requested and to allow you to send us a request for information or support. The provision of data for the purposes based on consent is optional with consequence that your refusal to provide such data for the said purposes will not affect your possibility to browse this website or use its services. You have the right to revoke your consent and the right to request that we cease to use or store your information. See Accessing your data for more information.
How We Protect Your Information
We take the greatest care in the security of your submitted information. Our website uses up-to-date Secure Socket Layers (SSL) encryption in order to protect the transmission of your data upon submission to our servers.
Where your information is stored
Depending on the type of information you have submitted, your data will either be stored securely in a database on our server; or in the database of our trusted third-party partners, if data was directly submitted by you for a particular purpose on our website. These third-party partners include:
- MailChimp – for email mailing list subscriptions and for sending communications for marketing purposes;
- Paypal – for orders or subscriptions submitted via PayPal on our website;
- Stripe – for orders or subscriptions submitted via credit card on our website;
- ShippyPro – for providing order fulfillment and shipping services;;
- Farchioni – for orders or subscriptions submitted for distribution;
- Salesforce – for form and email list submissions, in order to organize submission data and facilitate any required communications;
- Google – for statistical information, and/or personalized data (for visitors from outside the EU)
In order to obtain an updated list of the subjects who may become aware of your personal data, please contact us by email at firstname.lastname@example.org , taking care to specify the reason for the request.
The Birra Nursia European Online Store is hosted on a server located in Germany. Due to the multinational locations of our vendors, as well as our third-party partners, any information which you consented to provide may be transferred to a location outside of the country or region you are located in. Data will only be transferred to either:
a) our servers;
b) trusted third-party partners, as indicated in the above section, which we determine to have adequate transparency and security parameters in place for the protection, storage and accessibility of your data.
In these cases, we will transfer your personal data on the basis of an adequacy decision adopted by the European Commission or by implementing appropriate safeguards to ensure adequate protection of your personal data in the place of destination pursuant to articles 44 ff. of the GDPR.
Data breach prevention
Our servers and website infrastructure are kept up to date and secured by a Web Application Firewall (WAF) to protect against a data breach via a third party attack.
In the unlikely event of a breach where your stored data is, or may have been compromised, we will inform you accordingly to article 34 of GDPR.
Note that due to a multitude of different vulnerabilities which are present during the submission of data and are outside of our control (local computer viruses, unsecured/compromised internet connections, etc.), we cannot guarantee and are not responsible for compromised data which occurs during the submission of data and as the result of such factors outside of our control. However, once the data has been submitted and is stored in our infrastructure, we ensure that the data is responsibly held and secured.
The data controller is the organization/entity responsible for the protection of information on and submitted to this website. The Data Controller is Monastero di San Benedetto in Monte Via Case Sparse n. 164, CAP 06046 Norcia (PG), Italy.
How Long We Store Your Data For
Personal information submitted directly on our website through a form will be kept as long as necessary to fulfill the purposes indicated above, without prejudice to the cases in which the retention for a longer period is necessary to comply with the applicable legislation or with requests received by competent authorities. The personal data that we process on the basis of your consent are retained until your consent is withdrawn.
Data collected by Google for statistical and personalization purposes is retained for 50 months before being deleted automatically. More information about Google’s data retention policy can be found here.
Accessing Your Data
If you have submitted data on our site, you can request access to your personal information, or correct or update out-of-date or inaccurate personal information we hold about you. You may also request that we delete personal information that we hold about you.
You can object to processing of your personal information, ask us to restrict the processing of your personal information or request portability of your personal information; if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time; withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You can exercise you rights by filling a request through the form provided or by contacting the Data Controller at email@example.com
You also have the right to lodge a complaint with a Data Protection Authority about our collection and use of your personal information, in particular in the Member State in which you habitually live or work or in the place where the alleged violation took place.
Our data collected via Google Analytics is anonymized and therefore not personally traceable to you unless you are signed into your account. If you have a Google account, you can request a copy of your information from Google here.
Changing your cookie settings
Changes To This Policy
Last update: July 2021