The information describes the way in which the website www.fontanafredda.it (“Website”) is managed, with reference to the processing of the personal data of its Users.
The policy is released pursuant to art. 13 of the Regulation (EU) 2016/679 (“GDPR”) and the national laws on the protection of personal data, and is applicable to all Users who visit the Website and interact with the services of Casa E. Mirafiore & Fontanafredda s.r.l.
The policy applies to the Website www.fontanafredda.it and not to other Websites belonging to Third Parties (so-called “Partners”) that may be accessed by the User via links present on the Website.
Who is the Data Controller?
The Data Controller is Casa E. Mirafiore & Fontanafredda s.r.l. with registered office in Via Alba 15, 12050 Serralunga d’Alba (CN), Italy, in the person of its legal representative pro tempore, (“Data Controller”).
Casa E. Mirafiore & Fontanafredda s.r.l. has appointed a person responsible for the protection of personal data, who can be contacted at the email address firstname.lastname@example.org.
Which data is collected?
The Data Controller collects the following types of personal data:
- Browsing data: the Website may collect information that could enable identification of the User. This type of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error) and other parameters.
- Data supplied voluntarily by the User: the Data Controller processes personal and identifying data (name, surname, address, telephone, e-mail). Users are free to supply their personal data when submitting requests for information. If the User does not communicate the identification and personal data correctly, the Data Controller may be unable to process the requests, either in full or in part.
With regard to the sending of personalised newsletters, the Data Controller processes the User’s e-mail addresses in order to send commercial promotions dedicated to the services/products of Casa E.Mirafiore & Fontanafredda and also of group companies and business partners.
Why and on what legal basis do we process data?
- Browsing data: browsing data is used to manage statistical information, for the purposes of security and the operation of the Website. The data could also be used to ascertain responsibility in the event of cyber crimes. The legal basis of the process is the legitimate interest of the Data Controller and, in the case of requests by the Legal Authorities, the legal obligation.
- Data supplied voluntarily by the User: personal data entered in the contact form is processed exclusively to respond to the request submitted, i.e. for the provision of the Data Controller’s service. The legal basis is the fulfilment of pre-contractual, contractual or fiscal obligations.
- Personalised newsletter (marketing activities): personal data may be processed for marketing purposes only with specific consent, which is optional. The term “marketing activity” refers to the sending of promotional communications via newsletters relating to products and services offered by the Data Controller, group companies and business partners affiliated with Casa E. Mirafiore & Fontanafredda s.r.l.. The legal basis is the User’s consent. With your specific consent, which can be withdrawn at any time, the Data Controller may collect from its social media business pages (Facebook, Instagram, LinkedIn) information relating to your preferences, habits and lifestyle, as well as details of purchases made where Casa E. di Mirafiore & Fontanafredda s.r.l. has an e-commerce platform, in order to create group or individual profiles for sending targeted communications in line with your interests, or to carry out market research and statistical analysis, also with anonymous data, organised in aggregate form. When the User subscribes to the newsletter service, they receive a “registration confirmation” e-mail, without which the newsletter will not be active. The user is entitled to withdraw the consent given at any time, unsubscribing or writing to email@example.com.
The User is informed that their personal data may be processed to comply with legal obligations or an order issued by the Authority and to pursue a legitimate interest of the Data Controller or to exercise the latter’s rights, such as the right of defence.
Who are the data recipients?
Personal data may be disclosed to those belonging to the following categories:
- authorised persons (employees and collaborators);
- event organisers, in their capacity as outsourcers;
- providers of services for the management of the activities indicated above, such as sending newsletters (MailUp service);
- providers of services for the management of the information system (IT consultants);
- web platform operators.
Those belonging to the above categories act as Data Processors pursuant to art. 28 GDPR. The personal data is processed only by persons authorised by the Data Controller (employees/collaborators), in compliance with art. 29 GDPR, by virtue of their duties or corporate role, who have been instructed on matters relating to privacy.
The personal data collected is not transferred or disclosed to group companies or third parties (Partners) for marketing purposes without the User’s specific consent and is not circulated.
How long do we keep the data?
The user’s personal data supplied when requesting information are processed by the Data Controller only for the period of time necessary to achieve the purposes of the process, after which they are kept only in compliance with the legal obligations in force on the matter, for administrative purposes or to assert or defend an entitlement.
Personal data processed for the purpose of sending newsletters is kept as long as the User shows interest in receiving the newsletter. To this end, a data retention period criterion which envisages “regular verification” by the Data Controller has been established. According to this criterion, the User who does not show interest in receiving the Casa E.Mirafiore & Fontanafredda s.r.l. newsletter for 36 consecutive months will be automatically deleted from the mailing list.
What are the security measures?
The personal data collected is recorded in digital form, using organisational and technical security measures to ensure the protection of confidentiality and to avoid the risks of loss and destruction, unauthorised access, processing that is not permitted or does not comply with the purposes mentioned above.
Some of the security measures implemented include: – backup – use of the https protocol; – use of anti-malware and anti-spam; – use of security plug-ins; – use of a ban list.
Is the data transferred to countries outside the EU?
The personal data is not transferred to non-EU countries or international organisations. The data is stored on servers located in Italy. Where necessary, the Data Controller may transfer the location of the server, making sure that the transferral of the data outside the EU will take place in compliance with the legal provisions applicable, entering into agreements, if necessary, that guarantee an adequate level of protection or adopting the standard contractual clauses envisaged by the European Commission.
Does the Website target minors?
The Website is not intended for use by minors and no data is collected from minors or processed. In compliance with applicable law, the person exercising parental authority is required to give consent to the collection of the minor’s personal data. In the event that the data of minors is unintentionally sent, the Data Controller will delete it promptly.
What are the user’s rights?
The User may exercise their rights as stated in articles 15, 16, 17, 18, 19, 20, 21, 22 of Regulation (EU) 2016/679, by writing to the Data Controller at firstname.lastname@example.org by registered letter with notification of receipt addressed to Casa E.Mirafiore & Fontanafredda s.r.l. via Alba 15, 12050 Serralunga d’Alba (CN), Italy.
For each processing operation, the User may exercise:
- the right to access: to obtain a copy of the personal data being processed;
- the right to object to the processing of personal data for commercial purposes: the User may request the termination of the sending of promotional communications at any time by unsubscribing through the newsletter or by writing to email@example.com;
- the right to object to decisions based on purely automated processes: the User may request exclusion from activities, such as profiling, resulting from decisions based on purely automated processes;
- the right to rectification: to rectify the personal data held by the Data Controller if it is not up to date or correct;
- the right to withdraw consent: to withdraw the consent given at any time;
- the right to deletion: the User may request the deletion of personal data when the purposes of the process no longer exist and there are no legitimate interests or legal provisions requiring continuation;
- the right to restrict processing: to request that processing operations be restricted;
- the right to data portability: the right to obtain a copy of the data in a structured format that can be electronically transferred to another Data Controller;
- the right to contact the Data Protection Authority with registered office in Piazza Venezia 11, IT-00187, Rome, 00186 – Rome, firstname.lastname@example.org (https://www.garanteprivacy.it/).
For further information on the rights of Users, please visit the page of the Data Protection Authority: https://www.garanteprivacy.it/home/diritti