Privacy Policy

gestore

PRIVACY POLICY

for users browsing the websites and mobile application of M.D. Comunication S.r.l.
pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”)
[Last update: December 02, 2025]

1. Data Controller

The Data Controller is M.D. Comunication S.r.l., with registered office at Piazza dei Santi Apostoli, 81 – 00187 Rome, Italy, VAT No. 05818091000.
Contact e-mail: info@doctorwine.it

2. Data Protection Officer (DPO)

In accordance with Article 37 of Regulation (EU) 2016/679, M.D. Comunication S.r.l. is not required to appoint a Data Protection Officer (DPO), as its processing activities do not fall under the categories that make such appointment mandatory.

For any questions regarding the processing of personal data or to exercise the rights granted under Articles 15–22 of the GDPR, users may contact the Privacy Representative of M.D. Comunication at info@doctorwine.it.

3. Scope of this Policy

This Privacy Policy applies to:

It does not apply to third-party websites, applications, or online services that may be linked from our platforms.

4. Categories of Data Processed

  • Data provided by users: name, surname, e-mail address, phone number, registration data, uploaded content, preferences, support requests, and any third-party data voluntarily provided by users.

  • Automatically collected data: IP address, traffic data, device identifiers, operating system, settings, and location data (if enabled).

  • Data from third parties: analytics tools, newsletter and marketing platforms, and advertising partners.

  • Mobile app data: optional consent for push notifications, geolocation, and advertising identifiers (IDFA or GAID).

5. Purposes and Legal Bases for Processing

Purpose Legal Basis
Website/app operation, account management, security Execution of pre-contractual measures taken at the request of the data subject and/or execution of a contract to which the data subject is party (Art. 6.1.b GDPR) and/or legitimate interest of the Data Controller (Art. 6.1.f GDPR)
Customer support and response to inquiries Performance of pre-contractual measures or performance of a contract (Art. 6.1.b GDPR)
Sending informational, promotional, or commercial communications – Explicit consent of the data subject (Art. 6.1.a GDPR), where required;
– Where permitted, legitimate interest of the Data Controller (Art. 6.1.f GDPR), for communications to existing customers or contacts acquired during previous initiatives/conferences/events.
Personalized marketing and profiling (if enabled) Explicit consent (Article 6.1.a GDPR)
Legal, accounting, or tax obligations Legal obligation (Art. 6.1.c GDPR)
Service improvement and usage statistics Consent (Article 6.1.a GDPR) or legitimate interest of the Data Controller, if the data is processed in aggregate or anonymized form
Geolocation-based services (if requested by the user) Explicit consent (Article 6.1.a GDPR)

Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

6. Data Recipients

Personal data may be shared with:

  • entities acting as Data Processors (e.g., IT, hosting, cloud, and security service providers);
  • entities acting as independent Data Controllers, when necessary for legal obligations, contractual compliance, or the management of related services;
  • partners or co-promoters with the Data Controller of marketing, promotional, or commercial initiatives, in the context of jointly carried out activities — considered subjects with whom we may share data for promotional/event/communication purposes;
  • legal, accounting, or tax advisors;
  • competent authorities, only when required by law.

An updated list of Data Processors (pursuant to Art. 28 GDPR) is available upon request at info@doctorwine.it.

7. Data Transfers Outside the EU

If certain service providers operate outside the European Economic Area (EEA), data transfers will occur only:

  • to countries recognized by the European Commission as providing adequate protection;

  • or to organizations certified under the EU–US Data Privacy Framework (DPF);

  • or based on Standard Contractual Clauses (SCCs) approved by the European Commission.

Copies of such safeguards are available upon request.

8. Processing Methods and Security

Data is processed using both manual and electronic tools, in accordance with principles of fairness, lawfulness, and transparency.
Appropriate technical and organizational measures are implemented to ensure data security and confidentiality, preventing loss, misuse, or unauthorized access.

9. Data Retention Periods

  • Account data: retained for the duration of the service; deleted or anonymized within 90 days of account closure.

  • Billing and purchase data: 10 years.

  • Security and access logs: up to 6 months.

  • Newsletter and marketing data: until consent is withdrawn or up to 24 months from last interaction.

  • Cookies and tracking data: as specified in the Cookie Policy.

10. Cookies and other tracking systems

Cookies are text strings that websites visited by users place and store
on the user’s terminal device, so that they can be retransmitted to the same
sites on the next visit. Cookies are used for different purposes: performing computer authentication, monitoring sessions, storing information on specific
configurations concerning users accessing the server, storing preferences, or to
facilitate the use of online content; but they can also be used to profile
the user, i.e. to “observe” their behavior, for example in order to send targeted advertising, measure the effectiveness of the advertising message, and adopt consequent commercial strategies.
M.D. Comunication uses the following types of cookies in accordance with the following methods:

  • Technical cookies: Technical session cookies (non-persistent) are used only to the extent necessary to enable safe and efficient exploration of the site. The installation and use of these cookies does not require prior consent from the user.

  • Analytical cookies: fAnalytical cookies are also used to produce statistics that do not allow the identification of the IP addresses of those browsing the Authority’s website. The installation and use of these cookies does not require the prior consent of the user, as they are equivalent to technical cookies.

  • Profiling cookies: Cookies are not used to profile users (nor are other tracking methods used). During your first visit, browsing the Website will imply your implicit acceptance of the use of technical and analytical cookies by M.D. Comunication as explained in this Policy. You may decide to withdraw your consent at any time by deleting cookies from your computer (or mobile device) using your Internet browser settings and configuration. However, please note that disabling these cookies may prevent the proper use of certain features of the Website.

11. Minors’ Privacy

The websites and mobile applications of M.D. Comunication are not intended for individuals under 18 years of age.
No intentional collection of minors’ data is performed.

12. Data Subject Rights

Users may exercise their rights under Articles 15–22 of the GDPR, including:

  • access to personal data,
  • rectification or updating,
  • erasure (“right to be forgotten”),
  • restriction of processing,
  • objection,
  • data portability,
  • withdrawal of consent

Requests can be sent to info@doctorwine.it.
Users also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali),
Piazza Venezia 11, 00187 Rome – protocollo@gpdp.itprotocollo@pec.gpdp.it.

13. Policy Updates

Any changes to this Privacy Policy will be published on this page and communicated through our official channels (websites or app).
In case of substantial modifications, renewed consent will be requested when required.