1. Data Controller and Data Protection Officer
The data controller is “Il Mondo di Fio di Mutti Fiorella” (hereinafter the Company) with registered office in Flero (BS) Via Colomberino 24 L, Tax Code MTTFLL47R51G359J and VAT number 9439749080, registered in the BRESCIA Business Register with no. BS – 611670. The person responsible for the protection of personal data is the Company itself.
2. Source from which the personal data originates
2.1 Web browsing data
The Company informs that the personal data provided and acquired by you together with the request for information and/or contact, registration on the Website and use of services via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including navigation data and data used for the possible purchase of products and services offered by the Company, through its own website, but also only the website navigation data from the Users, will be processed in compliance with the applicable legislation. The IT systems and software procedures used to operate this Website acquire, as part of their routine operation, certain personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category includes IP addresses, or domain names, of the computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, timestamp of the request, method used to submit the request to the web server, size of the file obtained in response, numerical code indicating the web server response status (successful, error etc.), and other parameters pertaining to the User’s operating system, and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check the correct functioning of the Company’s website. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the Company’s website.
2.2 Data voluntarily provided by the User
The Company collects, stores and processes your personal data (or the data of persons of legal age who, by registering, assume responsibility for the declaration regarding their age) in order to provide the products and services offered on the Website, or for legal obligations.
With regard to certain services and/or Products etc., the Company may also process your data for commercial purposes. In these cases, a specific, separate, optional and always revocable consent will be required with the methods and the contact details indicated below. The optional, explicit and voluntary sending of e-mails to the addresses indicated in the relevant section of the Website, as well as the filling of questionnaires (e.g. forms), posting on social networks and so on requires the subsequent acquisition of some of personal data necessary to respond to requests. Please note that you may access the Website or connect to areas where you may be able to post information using blogs or bulletin boards, communicate with others, for example by coming from the Company’s page and other social networking sites, review products and offers, and post comments or content. Published information may be viewed by anyone with access to the Internet and all information you include in your publications may be read, collected and used by third parties.
3. Processing purposes and legal basis
The data are processed for the following purposes:
3.1 strictly connected and necessary to the registration to the Website, to the use of the related information services, to the management of contact requests or information, for the making of purchases of products and services.
3.2 for ancillary activities related to the management of User requests and the sending of feedback that may include the transmission of promotional material; for the completion of the purchase order of the products and services offered, including aspects relating to payment by credit card, the management of shipments, the possible exercise of the right of withdrawal provided for remote purchases, the update on the availability of temporarily unavailable products and services;
3.3 related to the fulfilment of obligations laid down by EC and national legislation, the protection of public order or the investigation and prosecution of offences;
3.4 direct marketing, i.e. sending advertising material, direct selling, market research or commercial communication of products and/or services offered. This activity may be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding Users, carried out in “traditional” ways (by way of example, paper mail and/or calls from the operator), or through “automated” contact systems, pursuant to art. 130 parr. 1 and 2 of Legislative Decree 196/03 and subsequent amendments;
3.5 to send commercial communications and personalized promotional offers based on profiling. The processing is carried out in order to improve and increase the ability to adapt the overall offer of the Company, therefore consumption preferences and analysis may also be detected in a personalized, automated or electronic form, of the information acquired through the use of products and services.
The provision of data for the purposes referred to in points 1), 2) and 3), connected to a pre-contractual and/or contractual phase or functional to a request from the User or provided for by a specific regulatory provision, is mandatory and, failing that, it will not be possible to receive the information and access the services that may be requested; with regard to point 4) of this Policy, the consent to the processing of data by the User is instead free and optional and can always be revoked without consequences on the usability of the products and services except for the impossibility for the Company to keep updated on new initiatives or on particular promotions or benefits that may be available to Users; with regard to point 5), the processing is based on the legitimate interest of the Company to improve and increase the ability to adapt its overall offer to the needs and preferences of Users. In this case, the User may always exercise the right to object to the collection of consumption preferences and analysis also in a personalized, automated or electronic form for the sending of personalized promotional offers based on profiling
4. Methods, processing logic, storage times and security measures
The processing is also carried out with the aid of electronic or in any case automated means and is carried out by the Company and/or third parties which the same can use to store, manage and transmit the data. The processing of data will be carried out with logic of organization and processing of your personal data, also related to the logs originating from the access and use of the services made available via the web, of the products and services used related to the purposes indicated above and, in any case, in order to guarantee the security and confidentiality of the data. The personal data processed will be stored for the time required by law in the applicable time.
Again with regard to data security, in the sections of the website prepared for particular services, where personal data is requested from the browsing User, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated to SSL. SSL technology encrypts information before it is exchanged via the Internet between the User’s computer and the Company’s central systems, making it incomprehensible to unauthorised persons and thus guaranteeing the confidentiality of the information transmitted; moreover, transactions carried out using electronic payment instruments are carried out using the Payment Service Provider (PSP) platform directly and the Company retains only the minimum set of information necessary to manage any disputes. Precisely with reference to the aspects of personal data protection, the User is invited, pursuant to art. 33 of the GDPR, to report to the Company any circumstances or events from which a potential “personal data breach” may arise in order to allow an immediate assessment and the adoption of any actions aimed at countering this event by sending a communication to firstname.lastname@example.org.
5. Areas of communication and data transfer
For the pursuit of the purposes indicated above, the Company may in Italy and abroad, the personal data of Users to third parties with whom they have relationships, where these third parties provide services at our request. The Data Controller will provide to these third parties only the information necessary to carry out the required services taking all the measures to protect the User’s personal data. The data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship and/or for internal economic analysis and/or for the legitimate interest of the Company. In this case, the recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Company. In any case, only the data necessary for the pursuit of the intended purposes will be provided and, where required, the guarantees applicable to transfers of data to Third Countries will be applied. We may also disclose personal data to our commercial suppliers, for marketing reasons, in which case will external processors be appointed. In addition, personal data may be communicated to the competent public subjects and authorities for compliance with regulatory obligations or for the assessment of liability in the event of computer crimes against the website as well as communicated to, or allocated to, third parties (as managers or, in the case of providers of electronic communication services, autonomous owners), who provide computer and telematic services (e.g. hosting services, website management and development) and which the Company uses and/or may use for the performance of tasks and activities of a technical and organisational nature also instrumental to the operation of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Data Processors appointed for this purpose by The Company. The personal data may also be known by the Company’s employees/consultants who have been specifically appointed as authorised subjects for processing. The updated list of the appointments of the Data Processors as well as the Joint Ownership Agreements is kept at the registered office of LF Data Controller.
6. Rights of the data subjects
The data subject can exercise at any time the rights granted by the law, including the right:
- to access your personal data, obtaining evidence of the purposes pursued by the Company, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes;
- to obtain prompt rectification of inaccurate personal data pertaining to the data subject, without unjustified delays;
- of obtaining, in the cases provided for, the deletion of your data;
- of obtaining the limitation of the processing or of opposing it, whenever possible;
- to request the portability of the data that you have provided to the Company, that is, to receive them in a structured format, commonly used and readable by an automatic device, also to transmit such data to another data controller, within the limits and with constraints provided for by art. 20 of the GDPR; In addition, you can propose a complaint to the Guarantor Authority for the Protection of Personal Data pursuant to art. 77 of the GDPR. For the processing referred to in point 4) of the purposes, you can always withdraw consent and exercise the right to object to direct marketing (in “traditional” and “automated” form); for the processing referred to in point 5) you can object to the detection of consumption preferences and analysis also in a personalized, automated or electronic form for the sending of personalized promotional offers based on profiling. Unless otherwise indicated, the opposition shall be taken as referring both to data provided via the traditional and automated forms.
To exercise your rights and/or to request further information in both cases, you can contact the Company by writing to:
Version updated to August 2022