The protection of your personal data is important to us. We process your personal data confidentially and in accordance with the European General Data Protection Regulation (GDPR), the Italian Data Protection Act (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018) and this privacy policy.
Bernhard Pichler
St. Peter 7
I-39100 Bolzano (BZ), South Tyrol — Italy
Tel / Fax: +39 0471 977162
Mobile: +39 339 4732612
E-mail: info@messnerhof.net
To exercise these rights, an informal notice to info@messnerhof.net is sufficient. In addition, you have the right to lodge a complaint with the competent supervisory authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, www.garanteprivacy.it
Our website is operated by the hosting provider Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Each time the website is accessed, data is technically recorded in server log files: browser type and version, operating system, referrer URL, IP address, as well as the date and time of access. This data serves to ensure the smooth and secure operation of the website and is not merged with other data sources. Processing is based on our legitimate interest in a technically flawless presentation and security (Art. 6(1)(f) GDPR). Log files are automatically deleted after a short period (generally 30 days). A data processing agreement is in place with Vercel; insofar as data is transferred to the USA, this takes place on the basis of the EU Standard Contractual Clauses (Art. 46 GDPR).
The data collected on this website (e.g. contact enquiries, bookings, orders, consents, as well as generated documents such as vouchers and certificates) is processed and stored in a database and a file store of the provider Supabase (Supabase, Inc.). Data is held on servers within the European Union. A data processing agreement pursuant to Art. 28 GDPR is in place with Supabase. Depending on the processing purpose, the legal basis is Art. 6(1)(b) GDPR (performance of a contract) or Art. 6(1)(f) GDPR (legitimate interest in secure operation).
If you send us a message via the contact form, your details (name, e-mail address, telephone number where applicable, and the content of your message) are stored to process your enquiry. Processing is based on our legitimate interest in responding to your enquiry (Art. 6(1)(f) GDPR) or — insofar as your enquiry is aimed at concluding a contract — on the basis of Art. 6(1)(b) GDPR. This data is not passed on to third parties for advertising purposes and is deleted after your enquiry has been conclusively dealt with, unless statutory retention obligations apply.
When you order wine or book an offering via our website (experiences, wine tastings, holiday apartment), we collect the data required to process it: first and last name, e-mail address, telephone number and — depending on the transaction — booking date, period and group size, or, for wine orders with shipping, the delivery address. The processing of this data is necessary for the performance of the contract (Art. 6(1)(b) GDPR). Order, booking and invoice data is stored for the duration of the statutory retention obligations (10 years under Italian tax law).
When gifting a wine sponsorship you may additionally provide the recipient's e-mail address on a voluntary basis. We process it solely to send the recipient information about the sponsorship (for example, how the vines are growing) (Art. 6(1)(f) GDPR; legitimate interest, with the right to object at any time). Providing it is optional; by doing so you confirm that you are entitled to share the address. The recipient may object to this processing at any time and is reminded of this in every message. We do not share the address with third parties and delete it once the sponsorship ends or upon objection.
Payment processing is carried out via the service Stripe (Stripe Technology Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland). Your payment data (e.g. card details) is processed directly by Stripe; we do not gain access to your full payment data. For payment processing, Stripe is provided with your name, e-mail address, billing and/or delivery address and the order amount. Processing is based on Art. 6(1)(b) GDPR (performance of a contract). Insofar as a transfer to third countries takes place, Stripe relies on the EU Standard Contractual Clauses. Further information: https://stripe.com/privacy
For sending booking and order confirmations as well as other transaction-related e-mails (e.g. cancellation and shipping notifications) we use the e-mail service Azure Communication Services of Microsoft Ireland Operations Ltd. (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). Sending takes place via data centres within the European Union (EU Data Location). In doing so, your e-mail address and the content required for the respective message (e.g. order or booking data) are processed. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). A data processing agreement is in place with Microsoft.
Insofar as you give your consent or the legal requirements are met, we send you information about our wines, offers and events by e-mail. We distinguish here:
Every advertising e-mail includes an unsubscribe link via which you can revoke receipt at any time and free of charge with effect for the future; alternatively an informal notice to info@messnerhof.net is sufficient. These e-mails are sent via the same service provider as the transaction-related sending (Azure Communication Services, Microsoft, EU — see section 9). Your data is not passed on to third parties for advertising purposes.
This website uses technically necessary cookies or local storage mechanisms of your browser, as well as — exclusively with your consent — cookies for web analytics:
We do not use any advertising or marketing cookies and no social media cookies. Technically necessary storage operations take place on the basis of our legitimate interest (Art. 6(1)(f) GDPR) and do not require separate consent; the analytics cookies (section 12) are set exclusively with your consent (Art. 6(1)(a) GDPR). You can set your browser to reject cookies generally; in this case the functionality of the website may be limited. Instructions: Chrome: chrome://settings/cookies · Firefox: about:preferences#privacy · Safari: Preferences > Privacy.
For the statistical analysis of website usage and for reach measurement we use the analytics tool PostHog (PostHog, operated via the EU Cloud). On your first visit to our website you are asked for your consent via a consent banner. Only if you actively click "Accept" does PostHog set cookies or use comparable storage techniques (localStorage) in your browser; in doing so, a persistent pseudonymous identifier (distinct_id) and first-touch parameters (e.g. UTM/campaign parameters) are stored in order to analyse visits across several sessions and to measure the origin of traffic. If you decline ("Essentials only"), no analytics cookies are set.
The legal basis is your consent (Art. 6(1)(a) GDPR; with regard to storage on your device, the corresponding consent-requiring provision of the Italian Codice Privacy). Your consent is voluntary and can be withdrawn at any time with effect for the future — via the "Cookie settings" link in the footer; the identifiers that have been set are then reset. Processing takes place via servers within the European Union.
For security reasons this website uses SSL or TLS encryption. You can recognise an encrypted connection by the padlock symbol in your browser's address bar and the use of "https://". Thanks to this encryption, all data you transmit to us cannot be readily read by third parties.
To ensure stable and secure operation, we use the error-monitoring tool Sentry (operated via the EU region). If a technical error occurs during operation of the website, technical error data (e.g. error message, affected function, technical context such as IP address) is recorded in order to fix the error. Personal content is cleansed before transmission (`sendDefaultPii: false` plus redaction). The legal basis is our legitimate interest in error-free and secure operation (Art. 6(1)(f) GDPR). A data processing agreement is in place with the provider; processing takes place via servers within the European Union.
We have entrusted the technical operation of this website and the online services to Westios UG (haftungsbeschränkt), Baaderstr. 50, 80469 München, Germany (commercial register HRB 270273, Amtsgericht München; VAT ID DE347543847), as our processor. A data processing agreement pursuant to Art. 28 GDPR is in place with it. To provide the service, Westios in turn uses the following carefully selected sub-processors:
Independently of this, payment processing is carried out via Stripe Technology Europe Ltd. (Ireland/EU) on the basis of our own Stripe account; in this respect Stripe acts directly as our processor (see section 8).
A transfer of your data to third countries only takes place to the extent described above and on the basis of appropriate safeguards (in particular EU Standard Contractual Clauses).
The use of contact data published in the legal notice to send unsolicited advertising not expressly requested is hereby expressly prohibited. We reserve the right to take legal action in the event of unsolicited sending of advertising information.
Personal data is deleted once the purpose of processing no longer applies, unless statutory retention obligations apply: