INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO THE EUROPEAN REGULATION (EU) 2016/679 AND AS NEWED BY D. LGS. 101/2018
As required by the European Union Regulation n. 679/2016 (hereinafter "GDPR") and in particular to article 13, below we provide the information required by law regarding the processing of personal data.
We do not intentionally process personal data of children under the age of 16. If we find the existence of data belonging to children under 16 we will immediately delete them without any prior communication.
The website (hereafter "Site") is owned by Pastificio Gentile Srl , with registered office in Gragnano (NA), Italy, Via Castello 12, VAT number 06069361217, email: email@example.com (hereinafter "GENTILE").
This information is provided to users who interact with the web services of the Site (hereinafter "Interested") not only to comply with legal obligations, but also because transparency and fairness towards the interested parties is a fundamental part of our business.
Navigation within the Site is free and does not require any registration.
To make purchases on the Site it is necessary to create a personal account, in order to facilitate shopping and access additional services.
1. Data controller
The data controller pursuant to art. 4, paragraph 7 of the GDPR is Pastificio Gentile Srl with registered office in Gragnano (NA), Italy, Via Castello 12, VAT number 06069361217, email: firstname.lastname@example.org (hereinafter "Owner").
2. What is personal data?
Pursuant to Article 4 of the GDPR, personal data are defined each of the information concerning a natural person identified or identifiable (interested) directly or indirectly, with a particular reference to an identifier such as the name, an identification number, data relating to the location, an identifier online or to one or more characteristic elements of its physical, physiological, genetic, psychic, economic, cultural or social identity.
3. Providing data
Personal data will be acquired directly from the interested party, through:
3.1) Direct provision of the same
(section 4.2 "Data provided voluntarily by the user");
3.2) Automatic acquisition
(sections 4.2 and 4.3 "Browsing data" and "Cookies" or similar technologies).
4. Types of data
The categories of data indicated below (collectively, the "Data") may be processed:
4.1) Navigation data:
during their normal operation, the IT systems and software procedures used to operate the Site acquire some personal data (such as IP addresses or domain names of the computers used by users, the pages visited and the date / time of the visit) the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
These data, recorded anonymously, are used for the sole purpose of obtaining statistical information on the use of the Site and to check its correct functioning.
The data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Site.
to make navigation on this Site more efficient and immediate, while users access this Website, cookies are used: small text strings that allow you to keep the connection to the Site.
Please refer to the cookie information on the GENTILE web page.
4.3) Data voluntarily provided by the user:
it is personal data freely released by the user to access certain freely chosen services. Their absence can make it impossible to obtain the requested service. Specific information and requests for consent are shown on the pages of the Site dedicated to the services on request.
5. Purpose of the treatment
the Data are processed for the following purposes:
- manage registrations on the GENTILE website and manage activities directly related to the "Account Registration" (name, contact details);
- manage orders, provide products and services, process and manage payments, communicate with the interested party regarding orders, shipments (name, address);
- prevent or expose fraud or abuse to the detriment of our Site to allow third parties to carry out technical, logistical and other activities on our behalf;
- send administrative information from the same company;
- manage your contact request through the appropriate "Contact Form" (name and email)
Unless otherwise specified in the following provisions, the processing of personal data for the purpose of "online sales" finds the presupposition of lawfulness in the need to execute a contract of which the interested party is a party or in the execution of pre-contractual measures adopted on request of the same, pursuant to art. 6, paragraph 1, letter b of the GDPR.
The processing of personal data for "marketing" purposes instead finds the premise of lawfulness in the expression of consent pursuant to art. 6, paragraph 1, letter a of the GDPR.
6. Communication and dissemination of data
The data collected as part of the provision of the service may be communicated to:
- companies that perform functions strictly connected and instrumental to the operation - also technical - of the services of GENTILE, such as suppliers that provide services aimed at reviewing and verifying advertisements, suppliers of direct marketing and customer care services, companies that provide archiving, administrative, payment and billing services, companies that provide technical components for the provision of some features of the service;
- freight transport companies, couriers, shipping companies and the like in the freight transport sector;
- credit institutions, to arrange payments or credits;
- administrative and judicial bodies and authorities by virtue of legal obligations;
The Data may be communicated to other companies belonging to the GENTILE group or in any case connected to them, as well as to other third parties which GENTILE makes use of for the optimization of the services offered through the Site.
In no case do we transfer personal data to third parties for any reason (including sale).
If the Data Controller should entrust the processing operations to third parties, the latter will be appointed for this purpose responsible for the processing pursuant to Article 28 of the GDPR, after verifying the compliance of their activity with the provisions on the protection of personal data.
The Data Controller will only resort to data processors who present sufficient guarantees to implement adequate technical and organizational measures, so that the treatment meets the requirements of the GDPR and guarantees the protection of the rights of the interested party.
7. Mandatory or optional nature of the provision of data
The provision of personal data is mandatory only for the processing necessary for the provision of the services offered by GENTILE (any refusal for the purpose of providing the service makes it impossible to use the service itself); it is instead optional for promotional and profiling purposes and any refusal to give consent does not have negative consequences on the provision of the service offered within the Site.
8. Method and duration of treatment
Personal data will be processed by persons authorized to process who act under the authority of the Data Controller, adequately trained by the Data Controller, in compliance with the provisions of art. 29 of the GDPR through automated tools for the time strictly necessary to achieve the purposes for which they were collected, as well as for the additional period that may be necessary to fulfill specific legal obligations.
Except for cases of ascertainment of responsibility in case of hypothetical computer crimes to the detriment of the Site, the data relating to navigation on the Site will not be kept for more than 30 (thirty) days.
The data may be processed both electronically and on paper.
For analysis purposes aimed at the development and improvement of the service, the user's personal data will be kept for 36 (thirty-six) months.
The data relating to electronic traffic, however excluding the contents of communications, will be kept for a period not exceeding 6 years from the date of communication, pursuant to art. 24 of Law no. 167/2017, which transposed the EU Directive 2017/541 on anti-terrorism.
For direct marketing purposes we keep your data for a maximum period equal to that provided for by the applicable legislation, equal to 24 (twenty four) months.
Invoices, accounting documents and transaction data are kept for 10 (ten) years pursuant to the law (including tax retention obligations).
GENTILE guarantees the lawful and correct treatment of the Personal Data provided through the Site, in full compliance with current legislation, as well as the maximum confidentiality of the data provided during registration.
All data are collected according to the indications of the reference legislation, with particular regard to the security measures provided for by art. 32 of the GDPR for their treatment using IT, manual and automated tools and with logic strictly related to the purposes indicated in article 4 and in any case in order to guarantee the security and confidentiality of the data.
9. Transfer of data abroad
This Site may share some of the data collected with services located outside the European Union area. In particular with Twitter, Facebook and Instagram, through social plugins. The transfer is authorized based on specific decisions of the European Union and of the Guarantor for the protection of personal data, in particular the decision 1250/2016 (Privacy Shield), for which no further consent is required. The companies mentioned above guarantee their adhesion to the Privacy Shield.
10. Rights of the interested parties
At any time you can exercise, with a written request sent to Via Castello, 12, Gragnano (NA) 80054 , or to the email email@example.com , pursuant to art. 7 of Legislative Decree 196/2003 and of the articles 15-22 of the GDPR, the right to:
ask for confirmation of the existence or not of personal data
obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period
obtain the correction and deletion of data
obtain the limitation of the treatment
obtain data portability, i.e. receive them from a data controller and transmit them to another data controller without hindrance
oppose the treatment at any time
oppose an automated decision-making process relating to natural persons including profiling
asks the data controller to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability
withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
Any requests will be processed at the latest within one month of receipt, except for the possibility of extending this period for a further two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller.
In addition, you can appeal before the judicial authority (in accordance with the provisions of art. 80 of the GDPR and art. 13 of Legislative Decree 101/2018) or a complaint to the Guarantor for the Protection of Personal Data, through:
registered A / R addressed to Guarantor for the Protection of Personal Data, Piazza di Monte Citorio, 121, 00186 Rome
fax to the number: 06696773785
It should be noted that the complaint to the Guarantor cannot be proposed if, for the same object and between the same parties, an appeal has been lodged before the Judicial Authority.
Any request relating to the Data processed by the Data Controller may be sent by email to the following address .
11. Review clause
This information may be subject to changes. If substantial changes are made to the use of the Data relating to the user by the Owner, the latter will notify the user by publishing them with the utmost evidence on their pages or through alternative or similar means.