- PERSONAL DATA CONTROLLER
- PERSONAL DATA COLLECTED
b) Online purchases The user can proceed to purchase online, even if he is not a registered user with an account, providing the following data: name, surname, VAT number/tax code, country, city, address, postcode, telephone, email. These data are necessary, therefore, in the absence of their contribution, it will not be possible to proceed with the online purchase. It is also possible to insert the company name as optional data. Failure to include this information will in no way compromise the execution of the online purchase contract. In the case of online purchases, some data relating to the sale are also acquired on the E-commerce site, such as, for example, products purchased, payment data, product codes, amount.
c) Assistance / request for information To obtain a support service or to request information, the User can send a request to the email address email@example.com or to the other email addresses indicated on the Website, or use the “Contact” section on the Website, and must provide the following personal data: name, surname, mail, telephone. These data are necessary: failure to provide such data could prevent DMA from providing the requested assistance. It is also possible to provide additional optional data (such as company, interest, comment): failure to provide such data could prevent DMA from providing assistance that is adequate to the user’s requests.
d) Browsing data During the browsing of the Sites by the user, the information systems and software procedures relied upon to operate these Sites acquire personal data as part of their standard functioning, the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.
- PURPOSE OF THE PROCESSING, LEGAL BASIS AND DATA STORAGE PERIOD
The personal data provided by the user or collected when the user subscribes to the newsletter creates an account on the Website or requests assistance/information, will be used:
a. provide the requested services (for example, perform account registration processes, manage authentication on the Website and user accounts, assist it and manage any complaints and respond to a question or contact request possibly forwarded by the user, also through customer service);
b. to manage newsletter subscription if the user is not registered.
Personal data must be provided for the aforementioned purposes and the refusal would prevent completing the request.
The processing of data for the aforementioned purposes is carried out to follow up on the request to receive newsletters, create/manage the account, and the request of information/assistance.
The personal data processed for newsletter subscription will be kept until the user requests cancellation from the newsletter or, in any case, until the user is an active user (the user is considered inactive if he/she does not open mail for more than 12 months).
The personal data processed for the management of an account on the Website will be retained until the user closes his account or, in any case, until the user is an active user (the user is considered inactive if he/she does not log in to his/her account for more than 12 months).
The personal data processed for the assistance/request for information will be kept for the time necessary to manage the request.
Once the retention periods indicated above have expired, personal data will be permanently deleted or anonymized. Without prejudice to the foregoing, the user’s personal data will be kept only for any legal and regulatory obligations (such as for example, accounting and tax obligations).
3.2 Online sales
The personal data provided by the user or collected at the time of purchase, made as a registered user or not, will be used for order processing, for the related administrative activities as well as to comply with any legal obligations. The processing of data for the purposes indicated is carried out, as necessary to execute the order. Personal data processed for online purchases, made by users not registered on the Website, will be kept for the duration of the business relationship, including any return practices or credit recovery procedures. Personal data processed for online purchases, made by users registered on the Website, will be kept until the account is closed or, in any case, until the user is an active user (the user is considered inactive if he/she does not log in to his /her account for more than 12 months). Passed the retention periods indicated above, personal data will be permanently deleted or anonymized. Without prejudice to the foregoing, the user’s personal data will be kept only for any legal and regulatory obligations (such as for example, accounting and tax obligations).
3.3 Use of web services
The browsing data, which are acquired by the Controller during the browsing of the Sites by the Customer, are necessary for the use of web-based services and are also processed in order to: a. extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.); b. check the functioning of the services. Browsing data are kept for no longer than seven days and are erased immediately after being aggregated (except where judicial authorities need such data for establishing the commission of criminal offenses).
Personal data collected on the Sites will be used, after obtaining consent, to offer promotions, discounts, and other tailored services and send newsletters, other marketing, and commercial communications on products of Pastificio DI Martino, surveys and researches, market analysis, promotions and other initiatives for users or registered customers (“marketing”). The Controller may use traditional (postal mail and telephone) and/or digital and automated (e-mail, SMS) contact means. The use of data for marketing purposes is optional and free, due to the fact that it is based on the consent that the user can choose to lend. The user can revoke his consent at any time. In any case, the refusal to provide personal data for marketing purposes does not prevent the user from using the services of the Sites or making purchases, but the same will not be informed of marketing initiatives promoted by the Controller. Personal data processed for marketing purposes will be kept, in accordance with the provisions of the Italian data protection authority’s (hereinafter the Garante), for a period not exceeding 24 months, unless the user renews his consent and except for further measures issued by the Garante. Passed the retention period indicated above, personal data will be permanently deleted or anonymized. Without prejudice to the foregoing, the user’s personal data will be kept only for any legal and regulatory obligations (such as for example, accounting and tax obligations).
- COMMUNICATION OF PERSONAL DATA
- PROTECTION OF THE PRIVACY OF MINOR
- METHOD OF PROCESSING
- TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
- USER RIGHTS
8.1 Right of access
The user shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data; the recipients or categories of recipient; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the user, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the user; Where personal data are transferred to a third country or to an international organization, the user shall have the right to be informed of the appropriate safeguards relating to the transfer. The user has the right to obtain a copy of the personal data undergoing processing.
8.2 Right of rectification The user shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Considering the purposes of the processing, the User shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8.3 Right to erasure
The user shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the user withdraws consent on which the processing is based; c) the user objects to the processing and there are no overriding legitimate grounds for the processing, or the user objects to the processing for direct marketing purposes, which includes profiling; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; f) the personal data have been collected in relation to the offer of information society services directly to a child.
8.4 Right of restriction The user shall have the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the user, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead; c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defense of legal claims; d) the user has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
8.5 Right to data portability The user shall have the right to receive the personal data concerning him/her, which he/she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of Regulation or on a contract pursuant to point (b) of Article 6(1) of Regulation; and b) the processing is carried out by automated means. In exercising his/her right to data portability pursuant to paragraph 1, the user shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
8.6 Right to object The user shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
8.7 Further rights The user shall have the right not to be subjected to a decision based only on automated processing, including profiling, which produces legal effects that affect him/her or that significantly affects his person. The user shall have the right to lodge a complaint with a supervisory authority (in Italy, the Italian data protection authority’s, Garante).
- UPDATE OF PERSONAL DATA
- UPDATES OF THIS INFORMATION – COMMUNICATIONS