POLICY STATEMENT ON THE PROCESSING OF PERSONAL DATA
The data controller is SaGa Coffee S.p.A., with registered office at Località Casona 1066 - 40041 Gaggio Montano, Bologna, Italia, registered in the Companies’ Register in Registro delle Imprese di Bologna at no. 336613, phone number: +39 0534 7741, e-mail address firstname.lastname@example.org (hereinafter also referred to as “Company”).
- PURPOSES OF THE DATA PROCESSING
- Contractual Purposes: viewing the web pages and using the services, including any sale of products, offered on www.saecoprofessional.it (“Website”).
- Marketing Purposes: sending - by automated means of contact (such as SMS and e-mail) as well as by traditional means (such as regular mail) - promotional and commercial communications relating to services/products offered by the Company or other Evoca Group companies or the notification of company events, as well as carrying out market studies and statistical analyses.
- Legal Obligations: fulfilling obligations under applicable national and supranational laws and regulations.
- Sending of Newsletters: if you have requested this service by registering for it.
- Data Controller’s Rights: if necessary, ascertaining, exercising or defending the rights of the Company in any location.
- Functioning of the Site: the computer systems and software procedures responsible for the operation of the Website may obtain, during their normal operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects. However, by its nature, it may - through processing and correlation with data held by the Company or by third parties - enable the identification of users of the Website.
- LEGAL BASES OF THE DATA PROCESSING
- Contractual Purposes: execution of a contract to which you are a party.
- Marketing Purposes: consent (optional and able to be withdrawn at any time).
- Legal obligations: the need to fulfil legal obligations.
- Sending newsletters: consent (optional and able to be withdrawn at any time).
- Data Controller’s Rights: legitimate interest.
- RETENTION PERIOD OF PERSONAL DATA
- Contractual Purposes and Legal Obligations: for the entire contractual term and, after the termination of the contract, for the period provided for by applicable law.
- Sending of newsletters and Marketing Purposes: until the consent for these purposes has been withdrawn. Only that personal data which relates to the details of any purchases made will be kept and processed for 24 months, or for other maximum period as provided by law.
- Data Controller's Rights: in the event of litigation, for the entire duration of the litigation, until the deadlines for recourse to appellate proceedings have expired.
- Functioning of the Website: throughout the browsing session on the Website.
When the above retention time limits have elapsed, your personal data will be destroyed, erased or rendered anonymous, in accordance with the technical cancellation and backup procedures.
- PERSONAL DATA PROCESSED
- Personal data processed for contractual purposes – legal obligations – rights of the data holder: personal details, contact information, administrative-accounting data.
- Personal data processed for marketing purposes: personal details, contact information, administrative-accounting data, details of purchases made on the Website, data collected by cookies installed on the Website.
- Personal data processed for newsletter delivery: Contact information.
- Personal data processed for the operation of the website: IP addresses or domain names of computers employed by users who connect to the Website; URI (Uniform Resource Identifier) notation addresses of the resources requested; time of request; method used to submit the request to the server; file size obtained in response; the digital code indicating the status of the response given by the server (success, error, etc.); other parameters relating to the operating system and the user's IT environment; data relating to the pages that have been visited or searched, in order to select advertising tailored to the user of the Website; and data relating to browsing behaviour on the Website using, for example, cookies.
- OBLIGATORY NATURE OF THE PROVISION OF DATA
The provision of personal data referred to in point 4.1 for the purposes indicated in point 1.1 is mandatory. Failure to provide such personal data therefore will result in the inability to use the Website’s services in connection with any reserving and purchasing of products.
The provision of the personal data referred to in points 4.2 and 4.3 for the purposes indicated in points 1.2 and 1.4 is optional and is subject to your consent.
Some of the personal data referred to in point 4.4 are strictly necessary for the functioning of the Website, others are used solely for the purpose of obtaining anonymous statistical information on the use of the Website and for monitoring its correct operation, and are deleted immediately after processing. In the processing of personal data that may identify you, either directly or indirectly, we seek to adhere to a principle of strict necessity. For this reason, we have designed the Website in such a way that the use of personal data is kept to a minimum and in order to limit the processing of personal data that would allow you to be identified to instances of necessity or at the request of the authorities and police forces (such as, for example, data relating to site traffic and your visits to the Website or your IP address) or to ascertain liability in the event of cyber attacks against the Website.
- DATA RECIPIENTS
Data may be processed by external parties acting as independent data controllers such as, by way of example, supervisory and control bodies and, in general, public or private entities entitled to request data, as well as other companies of the Evoca Group.
Data may also be processed, on behalf of the Company, by external parties designated as data processors, to whom adequate operational instructions are given. These parties essentially fall within the following categories:
- companies providing e-mail delivery services;
- companies providing maintenance and development services for the Website;
- companies providing support in carrying out market studies.
- EXTERNAL TRANSFER
Data may be transferred and processed in one or more countries within or outside the European Union. A full list of the countries in which we operate is available on our website www.evocagroup.com.
We may only transfer personal data outside the European Union to countries deemed by the European Commission to offer an adequate level of protection (a list of such countries is available here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), or where the Evoca Group has provided for the appropriate safeguards for seeking to maintain data privacy (for which we usually use one of the data transfer contract forms approved by the European Commission, a copy of which is available at the following address: http://ec.europa.eu/justice/data-protection/international-transfers /transfer/index_en.htm).
- YOUR RIGHTS – COMPLAINT TO THE CONTROL AUTHORITY
By contacting the Company via email at email@example.com, you may request that the Company provide access to the data concerning you, to delete it, to rectify inaccurate data, to complete incomplete data, to limit processing of the data in the cases provided for in Article 18 of the GDPR, and to oppose processing in cases of legitimate interest of the Company.
In addition, in the event that the data processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and, if technically feasible, to transmit it to another data controller without impediment.
With regard to the processing of data for marketing purposes, you have the right to withdraw your consent at any time and to object to the processing of such data. You may always indicate a preference to be contacted for marketing purposes solely by traditional means, and to express your objection only to receiving communications by automated means.
You have the right to lodge a complaint with the competent Supervisory Authority in the Member State in which you usually reside or work or in the Member State in which the alleged infringement occurred.
- DATA SECURITY
We have taken appropriate security measures to prevent the loss of personal data, the unlawful or incorrect use of personal data and the unauthorised access to such data. However, please do not forget that it is essential to the security of your data that your device be equipped with tools such as antivirus programs that are constantly updated. In addition, it is important that the provider of your Internet connection service ensures the secure transmission of data by means of firewalls, antispamming filters and similar safeguards.