Pursuant to and for the purposes of Art. 13 of EU Regulation no. 679/2016 relating to the protection of natural persons with regard to the processing of personal data ('GDPR')
With this information, LE CHIOCCIOLINE® SRLS provides information relating to the processing of the User's personal data carried out through this Website, confirming from now on that such processing will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality and of the User's rights.
Data controller
The Data Controller is LE CHIOCCIOLINE® SRLS, with registered office in Via toscaoromagnola 1242- 56021 – Cascina (PI) – VAT number 02315850509 – Email address: privacy@lechioccioline.com
Type of data processed
LE CHIOCCIOLINE Srls may process data relating to the User's visits to the website, but also any other data collected in the various sections of the site itself and/or through the various contact channels made available. Below is the list of data processed:
• Navigation data whose transmission is implicit in the use of Internet communication protocols, such as IP addresses, domain names of the devices used, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the 'User
- Data relating to Cookies (for any other more detailed information, please refer to the Cookie policy)
- Data collected following the User's sending of a letter via email to the contact email address indicated on the site in order to receive information or request a specific service
- Data released by the User during the purchase of the products, such as personal and contact data (name, surname, tax code, address, telephone, email, VAT number), purchase and payment data (credit card number and any other data necessary to complete the order)
- Contact data provided by the User in case of subscription to the newsletter
Purposes and legal bases
The data provided will be processed in compliance with the conditions of lawfulness pursuant to Article 6 of the GDPR for the following purposes:
- to execute all contractual and pre-contractual measures adopted at the request of the interested User as well as all related operational and management needs. The legal basis in this case is represented by the need to execute the contract of which the interested User is a party or to execute pre-contractual measures (article 6, letter b) of the GDPR);
- to comply with the legal obligations to which the Data Controller is subject. In this last case, the legal basis is represented by the need to fulfill legal obligations that require the Data Controller to collect and/or further process certain types of personal data (article 6, letter c) of the GDPR);
- to execute User requests and respond to questions raised through the various contact channels. In this case, the processing of the collected data has as its legal basis the legitimate interest of the Data Controller (article 6, letter f) of the GDPR) to be more efficient, to respond to requests, to provide information on the services offered, as well as to improve and develop new products and services;
- for promotional communications and the sending of advertising material, the processing has as its legal basis the consent given by the User when subscribing to the newsletter (article 6, letter a) of the GDPR).
Data processing and storage methods
The User's data will not be disseminated, disclosed or made known to undetermined subjects in any way, including by making them available.
For purposes related to the provision of the requested service, the data may be communicated to the following subjects:
- to subjects who have the right to access the data pursuant to provisions of law, regulation or European legislation, within the limits and for the purposes established by such regulations;
- to other companies or professional service providers, who will process the data as autonomous data controllers or duly appointed data controllers (the list can be consulted upon request to the Data Controller).
Categories of data recipients
The Owner carries out the necessary treatments in compliance with the regulations. Personal data are processed at the operational offices of the Data Controller, by specifically authorized and trained personnel, using telematic methods and with logic strictly related to the above purposes, ensuring the use of suitable measures for data security and guaranteeing the confidentiality of the same. . In some cases, the data may also be processed on paper.
In any case, the Data Controller will process personal data in compliance with current security provisions in order to minimize the risks of destruction and loss, even accidental, of data; of unauthorized access; processing not permitted or not compliant with the purposes of data collection and illicit or incorrect use of the data.
No data transfer is carried out to non-EU countries. If this is necessary, the Data Controller guarantees that the transfer will take place in compliance with the measures referred to in the articles. 44 et seq. of the GDPR. The company does not implement any automated decision-making process.
Rights of the interested party
Pursuant to the articles. 15 et seq. of the GDPR, the User may exercise, at any time, the following rights:
- access the personal data being processed, request more information on certain aspects of the same and receive a copy of the data processed (art. 15 GDPR); • obtain the cancellation or removal of the data collected (art. 17 GDPR);
- obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
- object to the processing of the data processed (art. 21 GDPR);
- receive your data in a structured format and obtain the transfer without obstacles to another Data Controller (art. 20 GDPR);
- revoke consent to processing at any time (where applicable);
- lodge a complaint with the competent Personal Data Protection Supervisory Authority (in Italy, the Privacy Guarantor) or take legal action if you believe that the processing of your data is contrary to the legislation in force.
To exercise the rights, the User can send a written request to the email address privacy@chiordi.com or to the other contact details of the Owner indicated in this document.
Requests are filed free of charge and processed by the Data Controller as quickly as possible, in any case within one month.