Information on the processing of personal data
Article 13 of EU Reg. 2016/679
Pursuant to Article 13 of EU Reg. 2016/679, we hereby inform users about the processing of personal data carried out through this website (hereinafter also referred to as "the Site") without extending to other websites that the user may reach by means of links included herein.
The processing of personal data is carried out in compliance with current legislation on the protection of personal data and is based on the principles of correctness, lawfulness, transparency and data protection.
The Data Controller is: BATTAGLIO S.P.A.
The headquarters are located at Strada del Portone 30, postal code 10195, Grugliasco (Province of Turin).
The Data Controller can be contacted at the following addresses: telephone +39 011 34 94 444; e-mail: firstname.lastname@example.org.
The Data Protection Officer (DPO) is: SPAZIOTTANTOTTO S.r.l., V.A.T. no. 08283280017, with registered office in Via Nino Bixio 8 TORINO (Province of Turin).
The DPO can be reached via email at email@example.com.
The information notice is a general obligation that must be fulfilled before or, at the latest, at the moment of starting the direct collection of personal data. In the case of personal data not collected directly from the data subject, the information notice must be provided within a reasonable period of time, or at the time of the disclosure (not the recording) of the data (to third parties or to the data subject). Pursuant to the General Regulation for the Protection of Personal Data of Natural Persons (GDPR - Reg. (EU) 2016/679), the undersigned organisation, Data Controller, hereby informs you of the following:
Sources of personal data
The personal data held by the undersigned organisation are collected directly from the data subjects. This site does not collect any data belonging to special categories of data, by which is meant those which reveal racial or ethnic origin, religion or philosophical or other beliefs, political opinions, trade union membership, associations or organisations of a religious, philosophical, political or trade-unionist character membership, state of health and sexual life.
Personal data categories
The Data Controller processes the following personal data (hereinafter referred to as 'data') you discolse when using the Data Controller's website, for information requests, to request the Frutta Party service:
personal data (first name, surname);
telephone number, e-mail and contact address;
any other data entered voluntarily by the user.
Like other websites, this Website saves cookies on the browser used by the user to transmit information of a personal nature and to enhance the user experience. In fact, cookies are small text strings that the sites visited by the user send to their terminal (usually to the browser), where they are stored, sometimes even for an extensive time, to be then re-transmitted to the same sites during the next visit.
The computer systems and software procedures used to operate the website acquire, during their normal functioning, personal data , the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained as a response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
In particular, we use so-called session cookies, which are not stored permanently on the user's computer and disappear when the browser is closed. The use of such cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site and which avoid the use of other IT techniques potentially prejudicial to the confidentiality of users' browsing and do not allow the acquisition of personal data identifying the user. Then, analytics cookies that help understand how visitors interact with the site's content, gathering information (geographical and web origin, technology used, language, entry pages, visited pages, exit pages, dwell times, etc.) and generating website usage statistics without personally identifying individual visitors, are used. All these cookies are to be considered technical cookies for which the opt-out mechanism applies as it is not necessary to give consent. Technical cookies are not communicated to third parties as they are necessary or useful for the functioning of the site; therefore, they are processed only by subjects qualified as data processors, data controllers or system administrators.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on the Site entails the subsequent acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the e-mail. The explicit and voluntary sending of the forms that can be filled in on the Site containing the data of the person concerned also entails processing in order to comply with pre-contractual obligations or to perform the services provided with the sending of the forms. Such information present in the forms may concern personal data, contact details, telephone numbers, requests and preferences, e-mail addresses of the interested parties and of identified and identifiable third parties, assignees of the user of the site.
The Data Controller does not intentionally collect or keep personal data of individuals under 18 years of age, nor does it intentionally allow such minors to use the Site. Users under the age of 18 are requested not to register on the Site and not to provide personal data.
Purpose and legal basis of processing
Personal data are used:
to allow navigation on the site (reference: Article 6(1)(f) of the GDPR);
in order to perform the service or provision requested as part of the normal activity carried out by the undersigned organisation, if necessary (reference: Article 6(1)(b) of the GDPR);
In addition, all personal data may be processed:
for purposes connected with obligations laid down by law, as well as by provisions issued by authorities authorised to do so by law (reference: Article 6(1)(c) of the GDPR);
for the establishment, exercise or defence of a right in judicial and extrajudicial proceedings (legitimate interest) of the undersigned organisation Article 6(1)(c) of the GDPR);
for functional purposes, in accordance with the legitimate interest of the Data Controller; in particular, in order to verify the correct functioning, maintenance and management of the site; for navigation and usage logs to protect the site and the service from cyber-attacks, identify any malicious or fraudulent actions (ref. art. 6 co. 1 lett. f) of the GDPR).
Consequences of refusing to provide data
The provision of data collected from the data subject is optional but indispensable in order to process them for the purposes set out in points a) and b). In the event that the interested parties do not communicate their indispensable data and do not allow the processing, it will not be possible to proceed with the fulfilment and implementation of the proposed services and to follow up on the contractual obligations undertaken, with consequent prejudice to the correct fulfilment of regulatory obligations, such as accounting, tax and administrative obligations, etc.
. Apart from what is specified for navigation data, the user is free to provide personal data for cookies and specific requests via forms e.g. on products and/or services. Failure to provide such data may make it impossible to obtain what has been requested. For all non-essential data, including those belonging to special categories, provision is optional. Failure to provide consent or incomplete or incorrect provision of certain data, including those belonging to special categories, may result in the required fulfilments could be so incomplete as to cause prejudice either in terms of sanctions or loss of benefits, either because of the impossibility of guaranteeing the adequacy of the processing itself to the obligations for which it is performed, or because the results of the possible non-compliance of the results of the processing itself with the obligations imposed by the legal provisions to which it is addressed, with the intention of exonerating the undersigned organisation from any and all responsibility for any sanctions or afflictive measures.
Data processing methods
Processing related to the site's web services is carried out by automated tools for the time strictly necessary to achieve the purposes for which it is collected; it takes place at the server in Italy and is handled only by technical personnel in charge of processing, or by those responsible for maintenance and administration operations. Specific security measures are put in place to prevent loss of data, illicit or incorrect use and unauthorised access and loss of confidentiality.
Data processing means the collection, recording, organisation, storage, processing, modification, deletion and destruction of data, or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data is carried out by means of manual, computerised and telematic tools, with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee security and confidentiality. Personal data will therefore be processed in compliance with the methods indicated in Article 5 Reg. (EU) 2016/679, which provides, inter alia, that the data shall be processed lawfully and fairly, collected and recorded for specified, explicit and legitimate purposes, accurate, and if necessary updated, relevant, complete and not excessive in relation to the purposes of processing, respecting the fundamental rights and freedoms and the dignity of the person concerned with particular reference to confidentiality and personal identity, by means of protection and security measures. The undersigned organisation has set up and will further refine the security system for accessing and storing data.
No automated decision-making (e.g. profiling) is carried out.
The processing will mainly take place in Italy and the EU, but it may also take place in non-EU and non-EEA countries if deemed functional to the efficient performance of the purposes pursued in compliance with the guarantees in favour of the data subjects.
Lastly, processing that takes place in non-EU and non-EEA countries is outside the responsibility of the Data Controller when, at the request of the data subject, connections to the site originate from such countries.
Unless you explicitly express your wish to delete your personal data, in relation to the different purposes and the purposes for which they were collected, they will be kept for the time provided for by current legislation, and in any case for a period of time not exceeding that necessary to achieve the above-mentioned purposes.
Categories of recipients
The data (only the indispensable ones) are communicated:
to data processors and persons in charge of processing - both internal to the organisation of the undersined organisation and external -who perform specific tasks and operations (site administration, analysis of navigation and traffic data, management of e-mails sent voluntarily by the user, etc.);
in the cases and to the persons provided for by law.
Data will not be disclosed unless otherwise provided for by law or after anonymisation. Without prejudice to what has been specified for cookies and third-party elements, without the general prior consent of the person concerned for communications to third parties, it will only be possible to carry out services that do not provide for such communications. If necessary, specific and punctual consents will be requested and the subjects receiving the data will use them as autonomous holders.
In some cases (not object of the ordinary management of this site) the Authority may request news and information, for the purpose of controlling the processing of personal data. In these cases, it is compulsory to answer under penalty of administrative sanction.
Rights of the data subject
You may, at any time: exercise your rights (access, rectification, erasure, limitation, portability, objection, no automated decision-making processes) when provided against the data controller, pursuant to Articles 15 to 22 of the GDPR (norma); lodge a complaint with the Garante; where the processing is based on consent, revoke prevously given consent, taking into account that the revocation of consent does not affect the lawfulness of the processing based on consent before revocation.
Inquiries should be addressed to the Data Controller, writing to firstname.lastname@example.org