Dear visitor, in accordance with Article 12 and subsequent articles of the EU Regulation 2016/679 of the European Parliament and Council of the 27th April 2016 (General Data Protection Regulation, “Regulation” or “GDPR”), and in general in accordance with the principle of transparency foreseen in the same Regulation, we are to provide the following information on the processing of personal data (that is, any information concerning an identified or identifiable natural person: “interested party”) made in connection with the browsing on the website “www.pastaisanniti.it” (“website”) and on the related interaction by the user (it is noted that this statement does not therefore concern other websites that may be visited by the user through links on the website).
1. DATA CONTROLLER
The Data Controller (i.e. the person who determines the purpose and means of processing of personal data) is Antico Pastificio Sannita S.r.l., based in San Giorgio del Sannio (BN), Via Cesine, 28, 82018, VAT registration number IT01688840626, tel. +39 0824 49063.
For contacts specifically relating to the protection of personal data, including the exercise of the rights described in the section “Rights of the interested parties”, we indicate in particular the e-mail address: firstname.lastname@example.org to which you may address any requests.
2. BROWSING DATA OF THE USER
The IT systems and computer programs used for the operation of the website collect some personal data whose transmission is implied in the use of Internet communication protocols (e.g. the IP addresses or the domain names of computers used by users who connect to the website, the URI -Uniform resource Identifier- addresses of the requested resources, the time of the request, the method used to submit the request to the server, the dimension of the file obtained, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and other parameters related to the operating system and the user’s computing environment). Although the information is not collected in order to associate it to specific users, by their nature and through processing and association with further data held by third parties, such data may permit to identify users.
Such data shall only be used for statistical purposes, without associating them to any identifier of the users, to ensure the correct operation of the website and are deleted immediately after processing.
This data may also be used for the purposes of investigating liabilities in the event of information crimes committed against the website.
The legal basis of the processing is therefore the legitimate interest in the operation and security of the website.
4. DATA PROVIDED VOLUNTARILY BY THE USER, ALSO THROUGH THE WEBSITE, IN ORDER TO CONTACT THE DATA CONTROLLER
No personal information of the user is required for the website to be visited. However, any contact with the Controller, or the optional, explicit and spontaneous sending of messages, e-mail or traditional mail, to the contact details of the Controller indicated on the website or the compilation of the fields in the “CONTACTS” section entail the subsequent acquisition of the address, including e-mail of the sender, necessary to answer the requests, as well as any other personal data provided in the related communications. Such data will be processed in the sole purpose of following up on the user’s request and may be communicated to third parties only if this is necessary for this purpose.
For the processing of the data for these purposes, the user’s consent is not required, since the processing is necessary for the execution of a contract of which you are part or the execution of pre-contractual measures adopted at your request (art. 6, paragraph 1, lit. b) of the Regulation), as well as to comply with a legal obligation (art. 6, paragraph 1, lit. a) of the Regulation).
The processing of personal data will be done by personnel trained and authorized by the Controller with procedures, technical and information tools suitable to protect the confidentiality and security of the data. Such data are stored for the time necessary to give the interested party the answers related to its requests and during the quotation’s validity time, without prejudice to further storage obligations required by law. In case of conclusion of the contract, the interested party will immediately receive the specific information on the processing of personal data.
Personal data will not be disseminated.
The user can subscribe to our newsletter, via the specific section of the website, by indicating his/her email address to receive periodic information concerning the products and services of the company; in that case, the processing of personal data for this purpose will take place based on the consent of the concerned person, who can withdraw it at any time and the failure to consent or the failure to provide the data will not have any consequence on the possible contractual relationship.
With regard to direct marketing, this means also for the sending of the newsletter, the consent (and the related right to withdraw it) constitutes the legal basis also for legal persons. The data will be processed for this purpose until the withdrawal of the consent (newsletter unsubscription) and in any case no more than 48 months from the time in which the consent was given or from its renewal.
With the registration to the website, it will be possible purchasing products via the e-commerce section ONLINE SHOP.
In that case, the following common personal data will be subject to processing:
-Surname, name, date and place of birth, residence;
– Fiscal code and/or VAT registration number;
– telephone number/email address;
– destination address;
– order description andpurchased product .
The data subject to processing are provided by the customer or are resulting from public registers (such as CCIAA or Registry Office).
The data are processed for purposes strictly related to the management of the pre-contractual and contractual relationship, included the administrative formalities and requirements, accounting ad fiscal requirements (for example: acquisition of prior information for the conclusion of the contract; carrying out of activities based on obligations derived from the conclusion of the contract) and litigation management (contractual purpose).
There is no obligation to provide the data in the pre-contractual phase, but if they are not conferred it will not be possible to make a quotation or to conclude the contract; when the contract is concluded, the conferral of the further necessary data, or the update of the already conferred ones, is compulsory for all that is required by legal and contractual obligations, therefore any refusal to provide them in whole or in part may configure contractual failure of infringement of the law (if such data are necessary for legal requirements or requirements of the authorities) by the supplier. The legal basis of the processing is the fact that it is necessary: for the execution of the contract of which the person concerned is part or the pre-contractual measures adopted at his/her request; for the fulfilment of a legal obligation to which the Data Controller is subject.
The data may be processed also for marketing purposes, according to the following conditions: The Controller can send to the email address supplied in the context of a former purchase communications related to the direct selling of products and services similar to those already purchased, which is allowed, unless the receiver – adequately informed,- objects such use, initially or during subsequent submissions,; in this last case, the legal basis for the processing is the legitimate interest of the Controller in the marketing activity.
As regards the contractual purpose, the data will be kept for the duration of the contractual relationship, and, after its termination – limited to the data at that point necessary – for the termination of the contractually assumed obligations and for the fulfilment of all the possible legal obligations and for the requirements of protection (also contractual) connected or deriving from it. With regard to marketing purposes, the processing can take place until the objection of the recipient, but in any case, not more than 24 months since the last purchase.
The data are not subject to dissemination and may be communicated to collaborators, suppliers of the Controller, in the context of their duties and/or contractual obligations relating to the execution of the contractual relationship with the interested parties; among the suppliers of the Controller there are, for example, banking and credit institutions, insurance companies, legal advisors; software providers and related assistance, subjects carrying out shipments and delivery; financial administration and other entities for which mandatory communications are foreseen.
7. PROCESSING MODALITIES AND COMMUNICATION OF THE DATA TO THIRD PARTIES
Processing will be carried out:
– Through the use of manual and automated systems;
– by entities or categories of authorized people in order to fulfil their duties,
– with the use of appropriate measures to ensure the confidentiality of data and to avoid access to them by unauthorised third parties.
Without prejudice to what indicated in the specific sections above, in the context of your activity and for the above-mentioned purposes, the Controller may make use of services rendered by third parties operating either as independent Controllers or on behalf of and in accordance with the instructions of the Controller, as Data Processors. These are subjects that provide the Controller with processing or instrumental services.
The person concerned may request a complete and updated list of the appointed Data Processors by contacting one of the contacts listed below.
All the subjects to which the faculty of access to such data is recognized by virtue of normative measures can have access to such data.
It is not intended to transfer personal data to non-EU countries or to International Organisations.
8. RIGHTS OF THE INTERESTED PARTIES
The GDPR gives the person concerned the exercise of the following rights with reference to the personal data concerning him/her (the summary description is indicative, the complete statement of the rights can be found in the Regulation, in particular in Artt. 15-22):
– Access to personal data (the concerned person will therefore have the right to have free information about the personal data held by the Controller and about the related processing, and to obtain a copy in an accessible format);
– Rectification of data (we will provide, on recommendation of the concerned person, the correction or integration of your data – which are not an expression of evaluative elements – incorrect or inaccurate, even if they have become so, because they have not been updated);
– Erasure (right to be forgotten) (for example, data are no longer needed with regard to the purposes for which they were collected or processed; they have been illegally processed; they must be deleted in order to fulfil a legal obligation; the concerned person has withdrawn the consent and there is no other legal basis for processing the data; the person objects to processing, if there are the conditions);
– Right to restrict processing (in certain cases – objecting the accuracy of the data, during the time required for verification; objecting the lawfulness of processing with opposition to the erasure; need of use for the rights of defence of the concerned person, while they are no longer useful for processing; if there is objection to processing, while the necessary verifications are carried out- the data will be stored in such a way in order to be able to be restored, but, in the meantime, they are not available to the Controller except in relation to the validity of the restriction request of the concerned person, or with the consent of the person or for the assessment, exercise or defence of a right in court or to protect the rights of another natural or legal persons or for reasons of relevant public interest of the Union or of a member State);
– Right to object to processing carried out on the base of legitimate interest, in full or in part for legitimate reasons, (in certain circumstances the concerned person may however object to processing of his/her data, in particular, if the personal data is processed for direct marketing purposes, he/she have the right to object to processing at any time, including profiling to the extent that it is connected to such direct marketing);
– Data portability (if processing is based on consent or on a contract and is carried out by automated means, on request, the concerned person will receive his/her personal data in a structured format, in common use and readable by an automatic device, and he/she may transmit them to another Controller, unimpeded by the Controller which has provided them and, if technically feasible, the concerned person can obtain that such transmission is made directly by the latter);
– Withdrawal of consent (if the processing takes place by virtue of the consent expressed by the person concerned, he/she may withdraw the consent at any time without prejudice to the lawfulness of the processing provided before the withdrawal);
– Complaint to the supervisory authority (Garante per la protezione dei dati personali).
The Garante per la protezione dei dati personali can be contacted via the contacts indicated in the website of the Authortity “www.garanteprivacy.it”. The other rights of the person concerned can be exercised via request to the following email: email@example.com or the other contacts of the Data Controller.
The Data Controller has appointed the data protection Officer-Data protection Officers-(“DPO”), who can be contacted by e-mail: firstname.lastname@example.org : You can contact the DPO for any issue concerning the processing of personal data referred to in this statement.
The Controller may modify or update the content in whole or in part, also considering any changes in the rules on the protection of personal data. We therefore invite the persons concerned to consult this page regularly so that they are aware of the processing processes.