- About us
This notice is made available pursuant to Art. 13 of the European Data Protection Regulation 2016/679 (“Regulation” or “GDPR”) and (It.) Legislative Decree of 30/06/2003 no.196 (“Privacy Code”), as amended and supplemented by (It.) Legislative Decree no.101/2018, as amended and supplemented – by Pastificio Fratelli Cellino S.p.A., (hereinafter also the “Company”).
The purpose of this Information Notice is to inform the data subjects about
how their personal data are processed.
The Data Controller is Pastificio Fratelli Cellino S.p.A., with registered office in Via Maldiventre, 09096 Porto Industriale (OR), mail:ufficiolegale@gruppocellino.it
The DPO, Data Protection Officer, is Howden Assiteca Consulting srl, e-mail lorenzo.lanzoni@assiteca.it
- Type of data processed
The website offers informative and sometimes interactive content. While the data subjects are browsing the site, the Company may, therefore, acquire information on the visitors in the following ways:
Navigation data
The computer systems and software procedures in charge of the operation of this website acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access was made, the information on pages visited by users within the site, the time of access, the time spent on the individual page, internal route analysis and other parameters relating to the operating system and the users’ computer environment.
Additional categoriesof data
These are all those personal data provided by the visitors through the website, for example:
- by filling in a “contact us” form through which the visitors ask to be contacted regarding a request made;
- by writing to the e-mail addresses indicated in our website to request information;
- by filling in a “join the community” form to receive our newsletter and dedicated promotions;
- by filling out a “baking lab” form to register for one of the Controller’s initiatives (conferences, seminars, workshops, events).
- Purpose of the processing and legal basis
The data provided are processed for the following purposes:
- to provide the good and/or service requested by the user, to manage the contracts entered into by the user, to fulfil relevant administrative, accounting, tax and legal obligations, as well as to fulfil the requests submitted by the users. The processing operations put in place for these purposes are necessary for the fulfilment of contractual obligations or as requested by the data subjects, and do not require specific consent;
- to detect the user experience of our platforms, of the products and services we offer and to ensure the proper functioning of web pages and their contents. The processing operations put in place for these purposes are based on a legitimate interest of the Controller;
- to send promotional and commercial information and offers (e.g.
newsletter service), by e-mail, post or SMS, both for the Controller and for the other companies in the Group. This processing is based on the consent freely given by the User; - to allow participation in the Controller’s initiatives (conferences, seminars, workshops, events). This processing is based on the consent freely given by the User;
- to carry out softspam activity enabling the Controller to send by
e-mail promotional communications to the User pertaining to Products and/or Services purchased without the need for express consent and prior agreement of the User, as provided for in Art. 130, para. 4, of the (It.) Privacy Code, and provided that the user does not exercise the right to object; This processing is based on Art. 130, para. 4, of the (It.) Privacy Code as amended by (It.) Legislative Decree no.101 of 2018; - to perform statistical analyses on aggregated and anonymous data, to
analyse user behaviour in order to improve the products and services provided by the Controller as well as meet the expectations of the User himself.
- Sharing and transfer of the personal data
The data collected by the Controller will only be shared for the purposes
mentioned above; we will not share or transfer personal data to third parties other than those mentioned in this Privacy Information Notice.
In the course of our activities and exclusively for the same purposes as those listed in this Privacy Information Notice, the personal data collected may be transferred to the following categories of recipients:
- the staff of Pastificio Cellino;
- service providers (e.g. IT system providers, suppliers of cloud services, database providers and consultants);
- other Cellino Group companies;
- the Public Administration for legal purposes;
- any public and/or private entity requiring the disclosure of your personal data in relation to the purposes mentioned above.
The updated list of Data Processors is available at the Controller’s registered office and will be provided upon written request.
The Company may have to transfer the personal data collected to countries outside the European Union/Common European Space (EEA), to so-called “third countries”. These transfers to third countries may include all the processing activities
referred to above.
This Privacy Information Notice is also applicable in the case of transfer of data to third countries where the level of protection of the data is different from that of the European Union: each transfer of personal data to third parties will be made only after having informed the user and, where required, having received his or her consent. Any transfer of data to countries other than
those for which the European Commission has taken a decision of adequacy takes place on the basis of agreements using standard contract clauses adopted by the European Commission or other adequate guarantees in compliance with applicable laws.
- Personal data protection
The Controller has implemented appropriate technical and organisational measures to provide an adequate level of personal data security and confidentiality.
These measures take into account:
- the technological state of the art;
- the costs of its implementation;
- the nature of the data;
- the risk of the processing operation.
The purpose is to protect them from accidental or unlawful destruction or alteration, accidental loss, unauthorised disclosure or access and other forms of illicit processing. Furthermore, the processing of the personal data must be
adequate, relevant and not excessive and the Controller must ensure that such data remain up-to-date and accurate.
- Data retention periods
Without prejudice to the right of each user to object to the processing of the personal data and/or request their deletion, the Company will retain the personal data collected only for the time required to achieve the purpose for which they were collected and received, or to fulfil legal or regulatory requirements,
as envisaged by Art. 5, para. 1, letter e) of the GDPR.
In particular:
- Data collected for Purposes related to the legitimate interest
of the Controller will be retained until the fulfilment of this interest; the user may obtain further information on this legitimate interest pursued by the Controller by contacting the Controller himself. - Data collected on the basis of user Consent may be retained until the legal expiry date or until such Consent is revoked;
The Data may be stored by the Data Controller for a longer period in compliance with legal obligations or by order of an authority.
At the end of the retention period, the Personal Data will be removed from the Controller’s active systems; therefore, the related rights may no longer be exercised.
- Exercising the rights of the data subject
The Data Subject has the right to exercise the rights envisaged by articles 15-22 of European Reg. 679/2016. In particular, the data subject has the following rights:
- Right to rectification. The data subject may obtain the rectification
of the personal data concerning him or her or communicated by him or her to the
Company. Pastificio Cellino makes reasonable efforts to ensure that the personal data in its possession are accurate and complete, updated and relevant, based on the latest available information;
- Right to restriction. The user may obtain a restriction to the processing of his or her personal data if:
- he or she disputes the accuracy of their personal data during the period in which the Controller must verify such accuracy;
- the processing is unlawful and the user requests a restriction of the
processing or the deletion of his or her personal data; - there is no longer a need for the Company to store the personal data collected;
- the user objects to the processing while the Controller verifies whether their own legitimate motives prevail over those of the user.
- Right of access. The data subject may request from the Controller
information on his or her stored personal data, including the information on which categories of personal data the Company holds or controls, what they are used for, where they were collected (if not directly from you), and to whom they may have been disclosed;
- Right to portability. The data subject may request that the Company transfer his or her personal data to another data controller, if technically possible, provided that the processing is based on the user’s consent or is necessary for the performance of a contract.
- Right to erasure. The data subject may obtain from the Controller the erasure of his or her personal data if:
- the personal data are no longer necessary in relation to the purposes
for which they were collected or otherwise processed; - the user has the right to object to further processing of his or her personal data;
- the personal data have been unlawfully processed.
Unless processing is necessary because of legal obligations, law or in order to establish, exercise or defend a right in court.
- Right to object. The data subject may object at any time to the processing of his or her personal data, on condition that the processing is not based on his or her consent but on legitimate interests of the Controller or of third parties. In such cases, the Company will no longer retain the user’s personal data unless it is able to prove cogent and legitimate reasons, an interest prevailing for the processing or establishment, or the exercise or
the defence of a right in court. Should the user object to the processing, it is necessary to specify whether he or she intends to erase his or her personal data or restrict their processing.
- Right to lodge a complaint. In the event of a supposed violation
of the applicable privacy law, the user may file a complaint with the competent authorities in his or her country or in the place where the alleged infringement took place.
- Changes to this privacy information notice
Any future changes or additions to the processing of personal data as described in this Privacy Information Notice will be notified through the usual channels of communication used by the Controller (e.g. via the website).
Privacy Policy updated 13/02/2024