Cioccolato fondente. Gusti vari.
The GDPR provides that, before proceeding with the processing of Personal Data — with this term meaning, according to the relevant definition contained in article 4 at point 2) of the GDPR, “any operation or set of operations, carried out with or without the aid of automated processes applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, distribution, or any other form of availability, comparison or interconnection, limitation, cancellation or destruction “(“Processing“) — it is necessary that the person to whom such Personal Data belongs is informed about the reasons for which such data are requested and how they will be used.
In this regard, this document aims to provide, in a simple and intuitive way, all the useful and necessary information so that you can provide your Personal Data in a conscious and informed way and, at any time, request and obtain clarifications and/or corrections.
This information has therefore been drawn up on the basis of the principle of transparency and all the elements required by article 13 of the Regulation and is divided into individual sections, each of which deals with a specific topic in order to make reading faster, easier, and easy to understand (“Policy“). The information is provided exclusively for the aforementioned website and does not concern any other sites that can be reached by the user through any links present on the same.
The data controller is the company la Pasqualina S.r.l. based in Almenno San Bartolomeo, Via Papa Giovanni XXIII, 39, 24030 Italy (“Company“).
TYPE OF DATA PROCESSED
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment.
These data are used for the sole purpose of checking the correct functioning of the website and are deleted no later than 7 days after collection; except in the case in which they must be used to ascertain responsibility in the event of computer-related crimes against the website: in this case, the information will be kept available to the Authority for the time necessary to guarantee the Company the exercise of its rights of defense.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of emails to the addresses indicated on this website and the compilation of the specifically prepared “forms” (templates) entail the subsequent acquisition of the email address and any other personal data included in the electronic communication, as well as the sender/user data, necessary to respond to requests or to provide the service.
Specific summary information will be provided for particular services.
PURPOSE OF THE PROCESSING, LEGAL BASIS AND OPTIONAL NATURE OF DATA PROVISION
The Data Controller, in order to allow subscription to the newsletter service, needs to collect some Personal Data, as requested in the registration form.
Personal data will be processed by the data controller to allow the user, therefore, to receive newsletters, or, possibly, to send requests for information and to use all the other services offered from time to time. The processing of personal data will be legally based on the relationship that will be created between the User and the Company.
To allow the Data Controller to carry out processing activities for the aforementioned purposes, it will be necessary to provide the Personal Data marked with the * symbol. In the absence of even one of the asterisk-marked data, it will not be possible to proceed with the processing of personal data and, consequently, it will not be possible for the User to complete his registration and/or benefit from the services provided by the same for which the provision of Personal Data is required.
The Personal Data that will be required for the pursuit of the aforementioned purposes will be those reported in the registration and/or contact form, that is, by way of example and not limited to: first name, last name, email address, city, country.
DATA COMMUNICATION AND DISCLOSURE
Personal Data may be disclosed to specific subjects considered recipients of such Personal Data. In fact, article 4 at point 9) of the GDPR defines as the recipient of Personal Data “the natural or legal person, public authority, service, or other body that receives communication of personal data, whether or not it is a third party“(“recipients “).
In this perspective, in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Policy, they may find themselves in a position to process your Personal Data:
The collected data will in no case be disclosed.
RETENTION TIMES FOR PERSONAL DATA
One of the principles applicable to the processing of your Personal Data concerns the limitation of the retention period, governed by Article 5, paragraph 1, point e) of the GDPR which states “Personal Data are stored in a form that allows identification of the Data Subjects for a period of time not exceeding the achievement of the purposes for which they are processed; Personal Data may be stored for longer periods provided that they are processed exclusively for archiving purposes in the public interest, for scientific or historical research, or for statistical purposes, in accordance with Article 89, paragraph 1, without prejudice to the implementation of technical measures and organizational requirements required by this regulation to protect the rights and freedoms of the interested party.”
In light of this principle, Personal Data will be processed by the Data Controller limited to what is necessary for the pursuit of the purposes described above. In particular, as long as the User does not express the desire to stop receiving newsletters.
RIGHTS OF THE INTERESTED PARTIES
The User may exercise the rights recognized by the Privacy Law including, by way of example, the right (i) to access his Personal Data (and to know the origin, purposes, and motives of the processing, the data of the subjects to which they are communicated, the retention period of the data or the criteria useful to determine it), (ii) to request their rectification, (iii) their cancellation (“oblivion”), if no longer necessary; incomplete, erroneous, or collected in violation of the law, (iv) to request that the processing be limited to a part of the information concerning him; (v) to the extent that it is technically possible, to receive in a structured format or to transmit to the User or to third parties by the user himself indicated the information concerning him (c.d. “Portability”). In this case, it will be the user’s responsibility to provide us with all the exact details of the new data controller to whom he intends to transfer his Personal Data by providing us with written authorization; (vi) to withdraw his consent at any time, if this constitutes the basis of the processing. In any case, the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal itself.
The aforementioned rights may be exercised by means of a written request addressed without formalities to the Data Controller at the aforementioned office or by sending a communication to the following email email@example.com.
The Company also informs the User that — without prejudice to the right to appeal to any other administrative or judicial office — if he considers that the processing of personal data conducted by the data controller is in violation of the GDPR and / or applicable legislation, he may lodge a complaint with the competent Personal Data Protection Authority.
Last update date: June 2018