Privacy policy and information notice on the processing of personal data pursuant to Articles 13 and 14 of (EU) Regulation 2016/679 (General Data Protection Regulation- GDPR)
- Data Controller
Pastificio Lucio Garofalo Spa - Via dei Pastai 42, 80054 Gragnano (NA)
Email address of the Data Controller: info@pastagarofalo.it
- Types of Data collected
The Personal Data collected by this Application, either independently or through third parties (Xister Reply S.r.l), are: usage data, email, first name and last name, tax code / VAT number, address and telephone number of the User (referred to collectively as the "Data").
The Data may be freely provided by you or, in the case of the Usage Data, collected automatically while using the Application. Providing the Data collected by this Application is optional. However, if you refuse to provide such Data, it may be impossible for this Application to provide the Service.
- Purpose of the Processing of the collected Data
The Data is collected for the following purposes:
3.1 Online sales
The services contained in this section allow the Data Controller to operate the collection of customer data necessary for the purchase and delivery of the product. Personal data provided during contact, purchases or requests through the appropriate form, e-mail, telephone or fax will be processed for the sole purpose of carrying out the requested service
Personal Data collected: Last name, email and first name.
3.2 Contact with the User via mailing list or newsletter
By registering for the mailing list or newsletter, the User's e-mail address is automatically included in a list of contacts to which e-mail messages containing information, including commercial and promotional information, relating to this Application may be sent. Your email address may also be added to this list as a result of registering for this Application or making a purchase.
Personal Data collected: Last name, email and first name.
Legal basis for processing
The legal basis for the processing is your free and informed consent. Therefore, the processing of Your Data will only take place after provision of the same. Consent will be obtained by means of the appropriate formbefore data collection.
- Processing methods for collected Data
Processing Methods
The Data Controller shall take appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the Data.
The processing is carried out by means of computer and/or telematic instruments, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the organisation of this Application (administrative, commercial, marketing, legal or system administrators) or external parties (such as third-party technical service providers, couriers, hosting providers, computer companies, communication agencies), appointed for this purpose by the Data Controller pursuant to article 28 of the GDPR, may have access to the Data. The updated Manager list may always be requested from the Data Controller.
Retention Period
Personal data will be kept by the Data Controller in full compliance with the principles of necessity, minimisation and limitation of retention, by adopting the technical and organisational measures appropriate to the risk level of the processing and for a period of time not exceeding the achievement of the purposes for which the data is processed.
Consequently:
- Data collected for purposes relating to the execution of a contract between the Data Controller and the User will be retained until the execution of such contract is completed;
- Data collected for purposes relating to the legitimate interest of the Data Controller will be retained until such time as this interest is satisfied.
When processing is based on User consent, the Data Controller may retain Personal Data until such consent is revoked. In addition, it may be an obligation to retain Personal Data for a longer period of time by law or by order of an authority.
Personal Data will be deleted at the end of the retention period. Therefore, upon expiry of this term, the rights of access, cancellation, rectification and portability of the Data may no longer be exercised.
- User Rights
Users may exercise. against the Data Controller, all the rights referred to in articles 15 et seq. of the GDPR applicable to them, including the right to ask the Data Controller at any time to access, rectify, delete or limit the processing of the Data, as well as to object to its processing. Furthermore, Users may always lodge a complaint with the Guarantor Authority for the protection of personal data or with any other competent supervisory authority.
How to exercise your rights
In order to exercise the User's rights, Users may address a request to the Data Controller contact details indicated in this document. Requests shall be filed free of charge and processed by the Controller as soon as possible and in any event within one month.
- Further information on processing
Legal defence
User Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages for the possible establishment to defend against misuse of this Application or related Services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of public authorities.
Specific information
At your request, in addition to the information contained in this privacy policy, this Application may provide you with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.
System and Maintenance Log
This Application and any third-party services used by it may collect system Logs, which are files that record interactions and may also contain Personal Data, such as the User IP address, for operational and maintenance purposes.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Response to "Do Not Track" requests
This Application does not support "Do Not Track" requests.
To find out if any third party services used support privacy, Users are invited to review their privacy policies.
Changes to this information notice
The Data Controller reserves the right to make changes to this policy at any time by informing Users on the page and, if possible, on the Application and, if technically and legally feasible, by sending a notification to Users through one of the contact details available to the Data Controller. Please consult this page regularly, referring to the last change date indicated at the bottom.
If the changes involve processing where the legal basis is consent, the Data Controller will acquire the User's consent a second time, if necessary.