INFORMATION ON THE PROCESSING OF PERSONAL DATA
VICENTINI 1920 S.R.L. – VAT ID 04055530242 – Tax Code 04055530242
Registered Office: Via Marco Corner, 7, 36016 Thiene (VI) (hereinafter referred to as “Data Controller”), in its capacity as data controller, provides the following information pursuant to Article 13 of Legislative Decree No. 196 of June 30, 2003 (hereinafter referred to as the “Privacy Code” or “Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter referred to as “GDPR”) that your data will be processed in the following ways and for the following purposes.
1. Subject of Data Processing
The Data Controller processes personal data, both identifying and non-sensitive (including but not limited to, name, surname, company name, address, telephone, email – hereinafter referred to as “personal data” or “data”) communicated during registration on our website or otherwise provided for the request and provision of the services offered, as well as for potential participation in opinion and satisfaction surveys, for the completion of registration forms via the website for events organized by the Data Controller, for online requests for clarifications or support, and for sending newsletters and commercial offers, including from third parties in the ways and forms specified below.
No request is made to provide so-called “special” data, that is, according to the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data related to health or sexual life or sexual orientation of the individual. If the requested service requires the processing of such data, specific information will be provided in advance, requiring appropriate consent.
Registration Data – Account
These are the personal data provided by the user or collected by us to enable registration and use of the services. This includes the email address, billing and shipping address, postal code, and country.
Some personal data we ask for is necessary to create an account. Other data is requested to process the service request and payments, as well as for the fiscal management of the relationship.
Users may also have the opportunity to provide additional personal data to customize their account and/or the requested service.
Service Usage Data
These are personal data collected about the user when they use the services offered.
Payment Data
We reserve the right to collect such personal data if the user purchases one of our paid products, as defined in the general conditions and/or regulations of the relationship. This will include information such as:
• Name;
• Type of credit or debit card, expiration date, and some digits of the card number;
• Postal code;
• Mobile number;
• Email;
• Shipping address.
Marketing Data
This personal data is used to enable us and our partners/service providers to send marketing communications via email and in printed form.
Browsing Data – Automatically Collected Data
The computer systems and applications dedicated to the functioning of this website detect, during their normal operation, certain data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The data collected includes the IP addresses and domain names of computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.), and other parameters regarding the operating system, browser, and IT environment used by the user. This data is processed, for the time strictly necessary, solely for the purpose of deriving statistical information on the use of the site and to monitor its regular functioning. Providing such data is mandatory as it is directly linked to the web browsing experience.
Data Provided Voluntarily by the User
The voluntary and explicit sending of emails to the addresses indicated in the various access channels of this site does not require consent, and the eventual completion of specifically prepared forms involves the subsequent acquisition of the sender/user’s address and data, necessary to respond to the requests made and/or provide the requested service. The voluntary sending of emails to our email addresses does not require further information or requests for consent. Conversely, specific summary information will be displayed or presented on the site pages prepared for particular requested services. The user explicitly consents to the use of the data provided in these forms to send the request.
If the provision of personal data is aimed at responding to a job/collaboration offer and therefore also involves the candidate’s educational and work experiences, each data will be processed solely for the purpose of assessing the candidate’s suitability; such data will not be communicated or disclosed to third parties except to the extent necessary for the conservation of the data, including digital preservation, and for the strictly necessary period for evaluating the application, up to 24 months from registration or from the last activity indicating interest in the selection. By sending their data, the candidate consents to its processing under the terms stated here.
Cookies
For further information, a dedicated section is available below with an extended cookie policy.
2. Purposes of Processing
Personal data are processed:
2A) Without express consent (Article 24, letters a), b), c) of the Privacy Code and Article 6, letters b), e) of the GDPR), for the following Service Purposes:
• To manage and maintain the Site;
• To allow the enjoyment of the requested Services by providing the related service, thus fulfilling contractual obligations;
• To participate via the Site in initiatives organized by the Data Controller;
• To process a contact request;
• To fulfill legal obligations, regulations, community legislation, or orders from Authorities, including regarding the fiscal treatment of the relationship linked to the service provided;
• To prevent or detect fraudulent activities or abuses harmful to the Site;
• To exercise the rights of the Data Controller, for example, the right to exercise a right in judicial proceedings.
2B) With prior specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Other Purposes:
• To send opinion and satisfaction surveys, newsletters, advertising material, and/or invitations to events organized or in which the Data Controller participates;
• To send commercial offers and promotional communications;
3. Methods of Processing
The processing of personal data is carried out through the operations indicated in Article 4 of the Privacy Code and Article 4, number 2) of the GDPR, specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.
Personal data is processed both in paper form and electronically and/or automatically, including through cloud services and providers managed by third-party companies that ensure compliance with legal security standards, using methods closely related to the purposes expressed above.
Data processing is conducted lawfully and fairly, in accordance with the aforementioned regulations, using suitable tools to ensure security and confidentiality. Processing may also be carried out through automated tools designed to store, manage, and transmit the data.
The processing is mainly conducted by the internal organization of the company under the direction and control of the Data Controller and for the purposes previously indicated, also by group companies or third parties.
Data will be stored in a form that allows for the identification of the data subject for a period not exceeding that necessary for the purposes for which they were collected or subsequently processed, and in any case for no more than 10 years from the termination of the relationship.
4. Security
The Data Controller has adopted a variety of security measures to protect your data against the risk of loss, misuse, or alteration.
User data will be processed lawfully and fairly, adopting appropriate security measures aimed at preventing unauthorized access, disclosure, alteration, or unauthorized destruction of the data.
Data is collected in accordance with the relevant legislation, particularly regarding the security measures provided by the GDPR (Article 32) for their processing through IT, manual, and automated tools, and in ways closely related to the indicated purposes, ensuring the security and confidentiality of the data.
In addition to the Data Controller, in some cases, access to the data may be granted to categories of personnel involved in the organization of the site (administrative, commercial, marketing staff, legal advisors, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies).
Various procedures, both IT and physical, are implemented to prevent unauthorized access, including access keys for premises, account pseudonymization, encryption, and access and storage behind unique personal passwords that should be changed at regular, predefined intervals.
A password is also provided to protect the user account, with the recommendation to choose a strong and unique password, limiting access to their computer and browser.
5. Access to Data
Your data may be made accessible for the purposes expressed here:
• To employees and collaborators of the Data Controller, in their capacity as internal processors and/or system administrators;
• To third-party companies or other subjects (including but not limited to website providers, cloud providers, e-payment service providers, suppliers, technical support for hardware and software, shippers, carriers, credit institutions, professional firms, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data processors.
6. Data Communication
Without your explicit consent (pursuant to Article 24, letters a), b), d) of the Privacy Code and Article 6, letters b) and c) of the GDPR), the Data Controller may communicate your data for the purposes indicated in point 2 to supervisory bodies, judicial authorities, and all other subjects to whom communication is mandatory by law for the fulfillment of said purposes. Your data will not be disseminated in any case.
7. Data Transfer
The management and storage of personal data will primarily take place on servers located in Nuremberg, Germany, and also with third-party companies acting as cloud service and web hosting providers. For this purpose, personal data may be transferred to both member states of the European Union and third countries outside the European Union where the relevant facilities are located.
The communication of the personal data of the data subject may occur mainly with third parties and/or recipients whose activities are necessary for the performance of activities related to the established relationship and to comply with certain legal obligations, such as: administrative, accounting obligations, and those related to contractual performance.
In particular, this may involve: – Third-party suppliers for assistance, maintenance, delivery/shipping of products for the provision of additional services, providers of networks and electronic communication services, and to resolve issues related to the requested service. – Credit institutions and digital payment institutions, banks/postal institutions for managing collections, payments, and refunds related to contractual performance. – External professionals/consultants and consulting firms for compliance with legal obligations, exercising rights, protecting contractual rights, and debt recovery. – The financial administration, public entities, judicial authorities, and supervisory and control authorities to comply with legal obligations and to defend rights, which may also involve transmission to lists and registers maintained by public authorities or similar entities based on specific regulations; in relation to contractual performance. – Individuals formally delegated or legally recognized as legal representatives, curators, guardians, etc.
The data controller imposes on its third-party suppliers and data processors the requirement to respect security measures equal to those applied to the data subject, restricting the data processor’s scope of action to activities related to the requested service.
While navigating this site, some of the collected data may be shared with services located outside the European Union, particularly with Google, Facebook, and Microsoft (LinkedIn) through social plugins and the Google Analytics service (in this case, the transfer is authorized based on specific decisions of the European Union and the Data Protection Authority).
The data controller does not transfer your personal data to countries where the GDPR is not applied (non-EU countries) unless specific contrary indications are provided, in which case you will be informed in advance and, if necessary, your consent will be sought.
The legal basis for such processing is the fulfillment of services related to the established relationship, compliance with legal obligations, and our legitimate interest in carrying out processing necessary for these purposes.
8. Nature of Data Provision and Consequences of Refusal to Respond
The provision of data for the purposes referred to in Art. 2.A) is mandatory. In their absence, it will not be possible to proceed with the relationship, nor to register.
The provision of data for the purposes referred to in Art. 2.B) is optional. You can choose not to provide any data or subsequently deny the possibility of processing data already provided: in this case, you will not receive email invitations to events, newsletters, and opinion surveys, as well as other services specified in this notice, while continuing to receive the services referred to in Art. 2A).
9. Rights of the Data Subject
At any time, you may exercise, pursuant to Art. 7 of Legislative Decree 196/2003 and Articles 15 to 22 of EU Regulation No. 2016/679, the right to: a) request confirmation of the existence of your personal data; b) obtain information about the purposes of the processing, categories of personal data, recipients or categories of recipients to whom personal data have been or will be communicated, and, when possible, the retention period; c) obtain the rectification and deletion of data; d) obtain the restriction of processing; e) obtain data portability, meaning to receive data from a data controller in a structured, commonly used, and machine-readable format, and transmit it to another data controller without hindrance; f) object to processing at any time, including in the case of processing for direct marketing purposes; g) object to automated decision-making related to individuals, including profiling; h) request the data controller access to personal data and the rectification or deletion of the same or the restriction of processing concerning them or to object to their processing, in addition to the right to data portability; i) withdraw consent at any time without affecting the lawfulness of processing based on the consent given before the withdrawal; j) lodge a complaint with a supervisory authority.
10. Methods for Exercising Rights
You may exercise your rights at any time by sending: • A registered letter to VICENTINI 1920 S.R.L. – Via Marco Corner, 7 36016 Thiene (VI) • An email to: ordini@teacaramelshop.it
11. Minors
This site and the services of the data controller are not intended for minors under 18 years of age, and the data controller does not intentionally collect personal information related to minors. If information about minors is inadvertently recorded, the data controller will promptly delete it, either at the explicit request of users or as a result of periodic checks to which the data are subject.
12. Data Controller, Processor, and Authorized Personnel
The data controller is VICENTINI 1920 S.R.L. – Via Marco Corner, 7 36016 Thiene (VI) VAT No. 04055530242, Tax Code 04055530242. The appointed data processor is Marco Vicentini, to whom any request can be sent (Art. 10). The updated list of data processors and authorized personnel is kept at the headquarters of the data controller.
13. Changes to This Notice
This notice may undergo changes. It is therefore recommended to regularly check this notice and refer to the most updated version.
EXTENDED INFORMATION ON COOKIE USAGE
This website uses technical cookies to ensure the proper functioning of procedures and to enhance the user experience of online applications. This document provides information on the use of cookies and similar technologies, how they are used by the site, and how to manage them.
Definitions
Cookies are small text files that websites visited by users send to their devices, where they are stored to be retransmitted to the same sites on subsequent visits. Cookies from “third parties” are instead set by a different website than the one the user is visiting. This happens because each site may have elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers different from that of the visited site.
Types of Cookies
Based on their characteristics and usage, cookies can be classified into different categories:
Technical Cookies.
Technical cookies are used solely for the purpose of “transmitting a communication over an electronic communication network, or to the extent strictly necessary for the provider of a service of the information society explicitly requested by the subscriber or user to provide that service” (see Article 122, paragraph 1, of the Code). They are not used for further purposes and are normally installed directly by the owner or manager of the website. They can be divided into navigation or session cookies, which ensure normal navigation and use of the website; analytics cookies, akin to technical cookies when used directly by the site manager to collect information, in aggregated form, about the number of users and how they visit the site; functionality cookies, which allow the user to navigate based on a set of selected criteria to improve the service provided. For the installation of these cookies, prior consent from users is not required, while the obligation to provide information pursuant to Article 13 of the Code remains, which the site manager, if only using such devices, may provide in the manner it deems most appropriate.
Profiling Cookies.
Profiling cookies are aimed at creating user profiles and are used to send advertising messages in line with the preferences expressed by the user during web browsing. Due to the particularly invasive nature of these devices in users’ private spheres, European and Italian regulations require that users be adequately informed about their use and thus give valid consent. This is referenced in Article 122 of the Code, which states that “the storage of information in the terminal device of a contractor or user or access to already stored information is allowed only on the condition that the contractor or user has expressed consent after being informed in the simplified manner referred to in Article 13, paragraph 3” (Article 122, paragraph 1, of the Code). This site does not use profiling cookies.
Third-Party Cookies
By visiting this website, users may receive cookies from sites managed by other organizations (“third parties”). An example is the presence of “social plugins” for Facebook, Twitter, and LinkedIn, or systems for displaying embedded multimedia content such as YouTube and Flickr. These are parts generated directly by the aforementioned sites and integrated into the web page of the hosting site visited. The presence of these plugins results in the transmission of cookies to and from all sites managed by third parties. The management of information collected by “third parties” is governed by their respective policies, which we invite you to refer to. For greater transparency and convenience, we provide the web addresses of the various policies and methods for managing cookies below:
YouTube, Google+, Google Maps policy: http://www.google.com/intl/en/policies/technologies/cookies/
YouTube, Google+, Google Maps management: http://www.google.com/intl/en/policies/technologies/managing/
WebTrends Analytics Cookies.
For the sole purpose of monitoring and improving site performance, we use a market analysis product for tracking access to the site. It may use both persistent and non-persistent cookies to collect statistical information about “unique visitors” to the site. These cookies, defined as “Unique Visitor Cookies,” contain an alphanumeric code that identifies browsing computers, without collecting any personal data. Google Analytics. The site also includes components transmitted by Google Analytics, a web traffic analysis service provided by Google, Inc. (“Google”). These cookies are used solely for monitoring and improving site performance. For more information, please refer to the link below: https://www.google.com/policies/privacy/partners/
Users can selectively disable Google Analytics by installing the opt-out component provided by Google on their browser. To disable Google Analytics, please refer to the following link: https://tools.google.com/dlpage/gaoptout
Cookie Duration
Some cookies (session cookies) remain active only until the browser is closed or until a logout command is executed. Other cookies “survive” the closing of the browser and are available on subsequent visits by the user. These cookies are called persistent cookies, and their duration is set by the server at the time of creation. In some cases, an expiration date is set; in other cases, the duration is unlimited.
Cookie Management
Users can decide whether to accept cookies or not using their browser settings.
Attention: Disabling all or part of technical cookies may compromise optimal site usage.
Disabling “third-party” cookies does not affect navigation in any way.
Settings can be defined specifically for different sites and web applications. Additionally, browsers allow different settings for “first-party” cookies and “third-party” cookies.
For example, in Firefox, through the menu Tools->Options->Privacy, users can access a control panel where they can define whether to accept different types of cookies and proceed with their removal. Documentation on how to set cookie management rules for one’s browser can be easily found online; for example, here are some links for major browsers:
Chrome: https://support.google.com/chrome/answer/95647?hl=en
Firefox: https://support.mozilla.org/en-US/kb/managing-cookies
Internet Explorer: http://windows.microsoft.com/en-us/windows7/how-to-manage-cookies-in-internet-explorer-9
Opera: http://help.opera.com/Windows/10.00/en/cookies.html
Safari: http://support.apple.com/kb/HT1677?viewlocale=en_US