Notice on the processing of personal data in accordance with arts. 13 and 14 of EU Regulation no. 2016/679 relating to the website www.zuccheroec.it
Pursuant to the current legislation regarding the protection of personal data, “Zucchero & c S.r.l.”, with registered office in Bagno a Ripoli (FI), Via del Fornaccio 7/ F-G-H, postalcode 50012,, as Data Controller (hereinafter, “Holder”) and Holder of the site, wants to provide users of the website with the notice on the processing of personal data.
This notice is provided only for the website www.zuccheroec.it / (hereinafter, "site"), and not for other web spaces accessible through links on the site, that are provided with their own personal data protection policies that the user can consult by accessing their respective websites.
The site also allows interaction with the platforms Facebook, Twitter, Google +, LinkedIn, Flickr, Vimeo, and Google Map, each of which, if used through the site, could detect and process data of the user according to the respective privacy policies also from places outside the European Union. Therefore, before interacting with these Web platforms, the user is encouraged to consult the policies on the processing of data on each of them and only then to decide whether to use them or not through the site.
The services offered through the site are generally aimed at companies and are exclusively reserved for individuals who have completed eighteen years of age. The Data Controller will provide for the immediate cancellation of all personal data involuntarily collected in relation to persons who have not completed the age of eighteen.
To take advantage of the services offered through the site, the user is asked to fill in the appropriate information request form in the "contacts" page. If desired, the user can also contact the Holder by sending an e-mail or even by telephone.
Categories of data undergoing the processing
1.1. Browsing data
The computer systems that ensure the operation of the site detect certain data so-called "Browsing", such as: the IP addresses, the domain names of the computers used by the consumers connecting to the site, the addresses in URI notation of the requested resources, parameters relating to the user's computer system. The provision of these data is automatic and it is mandatory for browsing the site. These data are not collected to refer to identified users, but they could allow user’s identification if they were associated with other data held by third parties. The Holder has no possibility to independently identify the user by using the browsing data only, and he guarantees that these data will be used for the sole purpose of obtaining statistical information on the use of the site and deleted as soon as carried out the activities for which they have been collected. The data may be used to ascertain responsibility in the event that computer crimes are committed against the site.
1.2. Data provided by the user voluntarily
The personal data provided by users when completing the information request form belong to the category of common data, and do not include sensitive, health, genetic, biometric, judicial data, or data referred to in art. 9 and 10 of EU Regulation no. 2016/679, being not necessary the processing of these last categories of data for the achievement of the purposes pursued by the Holder. The data that the user inserts for the compilation of the electronic information request form, and which will be acquired by the Data Controller, are: name, surname, e-mail address, telephone number. The Data Controller can process data entered voluntarily by the user in the "message" section of the information request form, as well as the data that will be communicated spontaneously by sending e-mail, including the sender's e-mail address. In any case, only personal data that are strictly necessary to the pursuit of specific and legitimate purposes, with respect to which the processing will always be relevant and never excessive, will be processed.
2) Source from which personal data originate
The so-called "Browsing" data referred to in the previous art. 1.1 are acquired automatically by the software procedures used to operate the site. Personal data referred to in the previous art. 1.2 are provided by users of the site through the compilation of special electronic forms for requesting information on the pages of the aforementioned site, or by sending spontaneous communications.
3) Purposes of the processing
Except as specified in the previous art. 1.1 with regard to the so-called “browsing” data, personal data provided by users of the site can be processed: in order to satisfy the requests submitted by the user and to execute specific pre-contractual activities possibly requested by the user (for example, the elaboration of a quote); for the fulfillment of obligations provided for by the law and regulations; for commercial, advertising, promotional and broadly speaking marketing purposes, which involve processing: c. 1) for sending information about new offers of products and services, of a commercial nature and / or commercial solicitation (Newsletters) by the Data Controller; c. 2) to carry out sales activities of the Data Controller's services; c. 3) for the sending of unsolicited commercial communications, immediately identifiable as such and containing the indication that the recipient of the same can oppose the receipt of further communications of this kind. for acrivities of so-called "profiling". This activity consists in processing the personal data of the individual user in order to analyse his commercial preferences and to obtain a profile as a consumer, so as to send him personalised commercial offers of products or services. This processing therefore involves the sending of commercial communications regarding products or services deemed compliant with the commercial profile of the individual user (for example, because they are similar to products or services already requested or purchased by the latter), for a time not exceeding that of the processing. This purpose is in fact connected to those of a commercial, advertising, promotional and marketing nature in the broader sense of the aforementioned letter c) and it is pursued only with the express consent of the person concerned.
4) Expression of consent
The consent to the processing of personal data, where necessary, is provided by the person concerned through the selection of the appropriate fields on the data collection form.
5) Effects of the failure to communicate personal data
The communication of personal data requested in the information collection forms on the site, even if it is left to the user's free will, is necessary to achieve the specific purposes pursued by the Holder and related to the processing of this information. Consequently, the failure to communicate, through the aforementioned information collection form or through other means of contact, of the mandatory data will prevent from achieving the main purpose for which they are requested. Therefore, the failure to communicate these data will prevent the Holder from filling the user's requests, carrying out any pre-contractual activities possibly desired by the latter. Even if he does not communicate mandatory data, the user can still keep browsing the site. The communication of additional data compared with those required in the information collection form is left to the discretion of the user; as a consequence, the lack of communication of these data, which are defined as discretionary data, will not produce any effect. Likewise, the consent to the processing of personal data for marketing purposes referred to in art. 3 letter c) of the notice, or for the profiling ones referred to in art. 3 letter d), is purely optional. Therefore, the failure to consent to the related processing will not entail any effects for the user, except for that the user does not receive the promotional and commercial communications indicated in art. 3 letter c) and is not subjected to profiling. By consenting to the processing of personal data for commercial, advertising, promotional and marketing purposes in a broad sense, the user authorises the processing of personal data: both through "traditional" methods, such as: telephone calls with operator and contact by other non-electronic means or not supported by automatic or telematic procedures, and through automated telephone calls and similar such as: text messages and similar, systems supported by automatic, electronic or telematic procedures, without operator; with reference to all the purposes indicated in art. 3 letter c), ie both those indicated in letter c.1) and those indicated in letter c.2), and those indicated in letter c.3). The user has the right to request the Holder at any time to limit the processing of personal data for the purposes referred to in art. 3 letter c) to some of the above explained methods only (for example, only through "traditional" means) or to some of the types of processing referred to in letters c.1), c.2) and c.3) (for example, only when sending the Newsletters).
6) Legal basis of the processing
The legal basis of the processing of data for the purposes referred to in Article 3 letter a) consists in the need to implement specific pre-contractual measures requested by the user. With reference to these purposes, even if it is not mandatory, the Holder also requires the user's consent. In the event that the user decides to contact the Data Controller by sending e-mail messages or by other means of communication other than completing the appropriate form, the legal basis of the processing will only consist in the need to implement specific pre-contractual measures requested by the user. The legal basis for the processing of personal data relating to the purposes referred to in Article 3 letter b) consists in the fulfillment of legal obligations. The legal basis of the processing of personal data relating to the purposes referred to in Article 3 letter c) consists solely in the prior, free, specific, optional and informed consent to the processing for the aforementioned purpose. The legal basis for the processing of browsing data consists solely in the need for the site to function.
7) Processing methods
The personal data provided by users of the site will be processed at the premises of the Holder, or in other places where the parties involved in the processing operate, through electronic and / or mechanical and analogical methods for the strictly necessary time to achieve the purposes for which they were collected and in any case not exceeding the limits indicated in art. 13 of this information notice, in full compliance with the purposes pursued by the Data Controller and in compliance with the current regulations on privacy. Specific security measures are observed to prevent data loss, illicit or incorrect use of the same and unauthorised access.
8) Communications of personal data for the satisfaction of the request for information sent by the user or for the fulfillment of legal obligations
In compliance with the current privacy legislation, the personal data of the user may be communicated to third parties to which the communication is necessary for the purposes of pursuing the objectives referred to in art. 3 letter a) and b), without the need to acquire separate consent. In accordance with art. 13 letter e) of the EU Regulation no. 216/679, it is specified that the personal data of the Customer can be communicated to the following categories: - the employees and collaborators of the Data Controller, appointed as Data Processors and instructed specifically in accordance with art. 29 of the the EU Regulation no. 2016/679;
-the Data Processor or the Data Protection Supervisor of the Holder and of the co-owner, if appointed; - third parties offering services related to digital communication and belonging to the following categories: offices, subjects and / or companies offering digital communication services, including hosting services, services related to website publishing, softwares’ design and development, or operating as suppliers of IT and logistic services functional to the site’s operation;
9) Public Authority or to any other third party if it is imposed by a legal obligation.
Communications of personal data for the pursuit of promotional and marketing purposes in broad sense
The Data Controller will not communicate the user's data to third parties for promotional or marketing purposes in the broader sense referred to in art. 3 letter c).
10) Additional hypotheses of communications of personal data
For the sole purpose of satisfying the legitimate interest of the Data Controller to protect his rights, the personal data of the user can be communicated, without the consent of the latter, to individuals and companies that perform legal, tax, administrative, tributary consultancy activities, or defence and technical assistance, both judicial and extrajudicial, which will act as autonomous data controllers.
Dissemination and transfer of personal data to countries outside the EU or to international organisations
User’s data may be transferred to one or more countries within or outside the European Union, exclusively in those countries deemed by the European Commission able to offer an adequate level of protection, the list of which can be consulted here: https://ec.europa.eu/info/law/law-topic/data-protection_en. The Holder will not disclose the user's personal data to international organisations.
12) Period of retention of personal data
Personal data provided voluntarily by the person concerned to request information or other pre-contractual activities will be kept for the time strictly necessary to fulfill the request made by the user and in any case not exceeding 12 months after their collection, save previous cancellation upon request of the interested party. Where the user's request follows the stipulation of a contract for the provision of services offered by the Holder, personal data will be processed for the period indicated on the specific information notice that is attached to the contract. Personal data processed for promotional, commercial and marketing in the broader sense and profiling purposes referred to in art. 3, letter c) d), will be kept for a period not exceeding 12 months after the collection. Browsing data will be remaining for a period not exceeding one month. In any case, the terms of five or ten years of conservation of the documents and related data will be respected for the purpose of fulfilling the civil, accounting and tax obligations prescribed by the legislation in force.
13) Rights of the person concerned
In accordance with art. 7 of the Privacy Code and of the articles 13, co. 2, letters b) and d), 15, 18, 19, 21, of the EU Regulation no. 2016/679, the user may at any time exercise the rights referred to in the aforementioned art. 7 of the Privacy Code as well as the rights referred to in Articles from 15 to 23 of the aforementioned EU Regulation. In particular, the person concerned can exercise: the right to have access to his personal data and to obtain confirmation of the existence of personal data concerning him, even if not registered yet, and communication in an intelligible form of the same data, as well as the right to data portability (ie the right to receive the personal data provided, in a structured format, of common use and legible by automatic devices); an indication of their origin, of the purposes and methods of the processing, as well as, in the event that the processing is carried out using electronic means, of the logic on which the processing is based; the indication of the identification details of the Holder and any person in charge; the indication of the individuals and the categories of individuals to whom the personal data may be communicated or who may become aware as managers or individuals in charge; updating, rectification or, if interested, integration of data; cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data which retention is unnecessary for the purposes for which the they were collected or subsequently processed; to oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning him, even though they are relevant to the purpose of the collection; to oppose the processing of personal data concerning him intended for the purposes of commercial information or of sending of advertising or direct sales material or for carrying out market researches or commercial communication; to obtain the correction and / or cancellation of the same data and / or the limitation of the processing that concerns him; to revoke the consent to the processing, if the processing is based solely on his consent, without compromising the processing already carried out; to submit a complaint to the supervisory authority. This authority is represented, in Italy, by the Guarantor for the privacy, based in Rome, piazza Monte Citorio n. 121, postcode 00186.
14) Use of profiling processes by the Holder
The Data Controller may subject the user's personal data to profiling processes as indicated in art. 3 letter d), only with the express consent of the latter.
15) Data controller
For the exercise of their rights the users can contact, at any time, the Data Controller, whose details are indicated: “Zucchero & c S.r.l.”, with registered office in Bagno a Ripoli (FI), Via del Fornaccio 7/ F-G-H, postalcode 50012, telephone +39 055 69 64 27 pec email@example.comThe Data Controller makes available to users of the site the following e-mail address for the exercise of rights, also with reference to requests addressed to third parties to which the data have been communicated with the specific consent of the person concerned: pec firstname.lastname@example.org. At the indicated offices of the Data Controller, the updated list of the appointed data processors is available.