Nova Food S.r.l., in the person of the legal representative p.t. , with registered office in Via dei Combattenti 4 – 96015 Francofonte(SR) (p.iva: IT02020970899) (pec: email@example.com) (hereinafter, “Owner”), in its capacity as the Data Controller of personal data pursuant to Articles 4, no. 7) and 24 of the EU Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data (hereinafter, “Regulation”) informs under Articles 13 and 14 of the Regulation that it will proceed to the processing of personal data referring to users of the site.
1. Purpose of processing (what data we process)
Under the European Data Protection Regulation, legal persons cannot be considered data subjects and therefore the European Regulation does not apply. However, if personal data referring to a natural person is included in the context of the collection of corporate data, that person is to be considered a data subject under the aforementioned regulation.
REGISTRATION: We will ask for personal data and contact information (email and phone number) and you may also enter your social security number if necessary. You may also decide to register with the site when finalizing your purchase, and in this case we will use the data you provide when filling out the purchase form.
PURCHASE: If you make a purchase we will ask for your master data and contact information in addition to your shipping and billing address.
CHAT: If you decide to write to us via chat, we will collect the data you choose to provide. In general, we may ask for your full name and contact information.
NEWSLETTER: If you subscribe to the newsletter you will provide us with your name and e-mail address.
CONTACT US: If you fill out the contact form we will ask you to provide your name and email address.
In any case, we will collect ip address and browsing logs.
2. Legal Basis and Purpose of Processing.
Data will be processed to enable the performance of activities related to the establishment and management of the service requested from the owner.
The provision of data is compulsory in all cases where the legal basis is the execution of the contract or fulfillment of legal obligations arising from the purchase while it is optional in all other cases; in any case, in the event of failure to provide it will not be possible to carry out the requests.
The data will be processed lawfully, according to correctness and with the utmost confidentiality, in compliance with the appropriate security measures as required by the Code and the Regulations.
The processing will be carried out by analog/digital means. However, the data will not be subject to public dissemination.
REGISTRATION: The purpose is to allow you to enter our site and make purchases more easily. The legal basis is consent.
PURCHASE: the purpose is to enable you to finalize the purchase of our products and allow us to send them to you. The legal basis is the execution of a contract and the fulfillment of legal obligations (including accounting and tax obligations). Your data will be communicated to the courier company in charge of shipping, duly appointed as the data controller. With the purchase, your data will be exported to a CRM for sending commercial information. According to art. 130 c.4 d.lgs. n. 196/03, your consent is not necessary; however, you may exercise the optout at any time.
CONTACT US: The legal basis is consent and your data will be processed to enable us to respond to your requests.
NEWSLETTER: The purpose is to inform you of news and promotions and the legal basis is consent.
CHAT: The purpose is to offer you support and the legal basis is the consent of the person concerned.
In any case, the data may also be processed in the event of litigation with the client, and the legal basis for this processing is the owner’s legitimate interest in legal protection.
ip address and browsing log: we will process the data based on the legitimate interest of the company and the fulfillment of legal obligations.
3. Method of processing – and period of data retention
The Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for:
REGISTRATION: until you decide to unsubscribe; we will delete your account after 7 years since you last logged in. Before that and we will send an email to let you know if you want to keep your account active.
PURCHASE: we will keep your data, no more than 10 years after purchase.
CONTACT US: The data will be used to respond to your requests and will be deleted thereafter. Verification about the obsolescence of the data, is done every 12 months
NEWSLETTER: We will delete the data after 5 years from the last email sent.
CHAT: The data will be used to respond to your requests and then will be deleted. Verification about the obsolescence of the data, is done every 12 months
IP address and browsing log: data will be deleted after 24 months.
Longer data retention times may be justified by the possible occurrence of litigation; in such cases, the data controller will process the data for as long as necessary to defend the data in court.
4. Disclosure of data
The Data Controller may disclose the data for the purposes referred to in Article 2 to all subjects to whom the disclosure is required by law for the fulfillment of the purposes provided for by law. However, the data will not be subject to public dissemination. The data may be communicated to couriers who will act as data processors and payment gateways who will process them as autonomous controllers.
5. storage location and data transfer
The management and storage of your personal data will take place on servers located within the European Union of the Data Controller and/or third party companies contracted and duly appointed as Data Processors. In addition, for sending newsletters, the company uses a supplier that resides in countries outside the EU and therefore your data will be exported to the USA. The company hereby assures you that the data transfer is done in accordance with the GDPR and that the CCS has been applied.
6. Rights of the data subject
The user, in his or her capacity as data subject, has the rights set forth in Article 15 of the Regulations, namely:
1. The interested party has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form.
2. The interested party has the right to obtain the indication:
(a) of the origin of personal data;
(b) of the purposes and methods of processing;
(c) of the logic applied in the case of processing carried out with the aid of electronic instruments;
(d) of the identification details of the owner, managers and representative;
e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees.
3. The data subject has the right to obtain:
a) the updating, rectification or, when interested, the integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed;
c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right.
4. The data subject has the right to object, in whole or in part:
(a) for legitimate reasons to process personal data concerning him/her, even if relevant to the purpose of collection;
(b) to the processing of personal data concerning him/her for the pursuit of purposes not covered by Art. 2.
Also pursuant to Articles 15 et seq. of the GDPR, the user has the right to request at any time, access to his personal data, rectification or deletion of the same, restriction of processing in the cases provided for by Article 18 of the GDPR, obtain in a structured, commonly used and machine-readable format the data concerning him, in the cases provided for by Article 20 of the GDPR. At any time, the user may revoke ex art. 7 of the GDPR the consent given; lodge a complaint with the competent supervisory authority ex art. 77 of the GDPR if he/she considers that the processing of his/her data is contrary to the legislation in force.
The user may formulate a request to object to the processing of his/her personal data pursuant to Article 21 of the GDPR in which to give evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate the request, which would not be accepted in case of the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the user.
The interested party at any time may exercise the rights referred to in the preceding article by sending:
– a registered letter with return receipt to: Nova Food S.r.l Via dei Combattenti 4 – 96015 Francofonte(SR)
– an e-mail to the PEC address: firstname.lastname@example.org