The company Savino Del Bene S.p.A., registered address at 24/26 Via del Botteghino, Scandicci (FI) (50018), owner of the website www.savinodelbene.com, hereby gives notice of the method of management of this site with respect to the processing and protection of personal data of persons (users) who navigate within it, with direct access to the home page or internal pages. Through navigation of the site, personal data relating to identified or identifiable natural persons may be collected.
This document applies solely and exclusively to the website www.savinodelbene.com, of which the company is the Controller and not to other sites consulted by the user through any link that may be activated via the pages of the aforesaid website.The principles outlined below constitute the main pillars of the approach adopted by Savino Del Bene S.p.A with respect to the subject of privacy.
Your personal data will be:
a) processed in a lawful, fair and transparent manner;
b) collected for the specific, explicit and legitimate purposes indicated below and subsequently processed by methods compatible with those purposes;
c) appropriate, relevant and limited to what is necessary for the purposes for which it is processed;
d) accurate and updated as necessary. For this purpose, Savino Del Bene S.p.A. undertakes to adopt all appropriate measures to ensure prompt rectification and/or erasure of inaccurate data with respect to the purpose for which it is processed;
e) stored in a way which allows identification of the person concerned over a timeframe not greater than necessary for the purpose for which it is processed;
f) processed in a way that guarantees adequate security of personal data, including, by means of appropriate technical and organisational measures, protection from unauthorised or unlawful processing and loss, destruction or accidental damage.
CONTROLLER AND PROCESSORS
The Controller is Savino Del Bene S.p.A., registered address at 24/26 Via del Botteghino, Scandicci (FI) (50018). An updated list of processors, designated by the Owner in accordance with art.28 GDPR is available at the registered office of the Controller.
DATA PROCESSED AND PURPOSE OF PROCESSING
Navigation data: the computer systems and software processes provided to support the functioning of the website, in the course of their normal operation, capture some personal data the transmission of which is implicit in the use of the Internet communication protocols. It consists of information that it is not collected to be associated with identified persons, but which by its nature could, through the elaboration of and association with data held by third parties, allow identification of users. This category of data includes IP addresses or domain names of computers used by users which are connected to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system. Data collected in this way could be used to determine responsibility in the event of any computer crime involving site data.
Data provided directly by the user: Data requested by the various sections of the abovementioned website such as name, surname, email, are used to process users’ requests (for example, indicatively but not exhaustively, when they request information or clarifications writing to the email addresses shown on the website homepage or internal pages or when they spontaneously sent a curriculum vitae to apply as a candidate, or when they make direct phone calls or send a fax to numbers shown in the “Contact Us” section.
NATURE AND LEGAL BASIS OF DATA PROCESSING
Navigation data are processed as necessary to execute computer and telematic protocols. The provision of personal data by users is voluntary and optional, since failure to provide it could make it impossible to access the services provided by the portal. The legal basis of the processing is consent.
PROCESSING METHODS AND PERIOD OF CONSERVATION
The data collected through the abovementioned website is processed by means of computer and telematic procedures. Data of a technical type is stored on the company’s server. The personal data acquired through the web services provided by Savino Del Bene S.p.A., is stored by the subsidiary company Savino Del Bene IT S.r.l., located at 5/2 Via Benozzo Gozzoli 5/2, 50018 Scandicci and is processed only by authorised processing technical personnel or personnel authorised for occasional maintenance work. This data is stored by the Controller in full compliance with the principle of need, minimizing and limiting conservation, by adopting technical and organisational measures appropriate to the level of processing risk, for a timeframe no greater than is necessary to achieve the purpose for which the data is processed and in any case for the period allowed by law.
The Controller uses some cookies as indicated in detail in the relevant cookie information note displayed on the company’s website.
RIGHTS OF THE DATA SUBJECT
The persons concerned may assert specific rights under arts. 15 et seq. of the GDPR, including:
1) right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed;
2) access to the personal data and the following information (the purposes of the processing; the categories of personal data concerned; the recipients of the data, the envisaged period for which the personal data will be stored etc.);
3) right to request rectification or restriction of the processing of the data;
4) right to obtain erasure of the personal data on valid grounds;
5) right to lodge a complaint with a supervisory authority.
Lastly, the person concerned has the right at any time to withdraw his/her consent to the processing of the data. The withdrawal of consent is without prejudice to the lawfulness of the processing based on consent prior to the withdrawal.For the purpose of the exercise of rights under Privacy Legislation, the Controller provides the following email address: email@example.com.
COMUNICATION AND DISSEMINATION
The data collected will not be disseminated, sold or shared with third parties without the express consent of the person concerned, except eventual communication to authorised third parties, subject to a non disclosure obligation or, if applicable, processors appointed under art. 28 GDPR (such as computer support companies and hosting centres) where necessary for the abovementioned purposes. The data may be communicated to the competent authorities in accordance with the law.
For the fulfilment of the abovementioned purposes, the possibility of transfer of personal data to group companies located abroad is envisaged. It should be noted that some countries do not offer the same legal protection for the processing of personal data. In such cases, Savino Del Bene S.p.A. undertakes to ensure the existence of adequate guarantees of the protection of personal data respecting the applicable law and to promptly inform the person concerned of the abovementioned guarantees, how to obtain a copy of that data and the place where it is available.
Disclosure on Cookies
Who we are and what we do with your personal data?
Savino Del Bene S.p.A., with registered office in Scandicci (FI) (50018), Via del Botteghino 24/26, (hereinafter also the Controller), in the capacity of Data Controller, is concerned about the confidentiality of your personal data and to ensure it the necessary protection from every event that can put it at risk of violation.
For this purpose, the Controller puts into practice policies and practices having regard to the collection and use of personal data and on the exercise of the rights that you are granted by the applicable legislation. The Controller attends to updating policies and practices for the protection of personal data whenever this is necessary and in any case in the event of changes in legislation and organisational changes that can affect the processing of your personal data.
How does the controller collect and process your data?
Personal information concerning you will be processed for:
1) Browsing the website www.savinodelbene.com
The processing of your personal data, such as browsing data for example the IP address and cookies issued by browsing the website www.savinodelbene.com are processed by the Controller for a follow-up to the management of the website and to gather information also of an aggregate nature.
Your personal data will not be in any way disclosed or disseminated to undetermined subjects.
2) Communication to third parties and recipients
The communication of your personal data takes place mainly in respect of third parties and/or recipients whose activity is necessary for the performance of activities related to the purposes above, and also to respond to certain legal obligations. Every communication that does not respond to these purposes will be subject to your consent.
In particular, your data will be communicated to third parties/recipients for:
1. the conduct of the service (e.g. provider of IT services);
2. notifications in respect of the financial administration and public supervisory and control bodies in respect of which the controller must meet specific obligations arising from the specific nature of the activity pursued;
The personal data that the Controller is for this purpose is:
– browsing data (IP address)
3) IT security reasons
The Controller processes, including by means of its suppliers (third parties and/or recipients), your personal data (e.g. IP address) or traffic collected or obtained in the case of services exposed on the website to the extent strictly necessary and proportionate in order to ensure the security and the ability of a network or servers connected thereto to resist, at a given level of safety, unforeseen events or unlawful acts or malicious actions that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted.
For these purposes the Controller provides procedures for the management of the violation of the personal data (data breach).
What are cookies and for what purposes can they be used
A “cookie” is a small text file created by some websites on the user’s computer at the moment in which this latter accesses a particular website, with the purpose of storing and transporting information. The cookies are sent by a web server (which is the computer that is running the web site visited) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the computer of this latter; they are then re-sent to the website at the time of subsequent visits.
Cookies may remain in the system even for long periods and may also contain a unique identification code. This allows you to sites that use them to keep track of user browsing within the site itself, for statistical or advertising purposes, in other words to create a custom profile of the user starting from pages that the same has visited and show and/or send and then targeted advertising (so called Behavioural Advertising).
What cookies are used and for what principal purposes
The Controller sets out below the specific categories of cookies used, the purposes and the consequence that derives from their de-selection:
|TYPE OF COOKIE
|CONSEQUENCE IN THE EVENT OF DESELECTION
|Management of the website. Allow the operation and the safe and efficient exploration of the website.
|Valid for the browsing session.
|The full consultation of the website would not be possible.
|Facilitate browsing and the service delivered to the user as a function of a series of criteria selected by this latter.
|Valid for the browsing session.
|It would not be possible to maintain the choices made by the user during browsing.
|Collect information in aggregate form regarding browsing by users to optimize the experience of browsing and the services themselves.
|Established by the third party
|It would no longer be possible for the Controller to acquire the aggregated information.
Third-party cookies are also operational on this website, i.e. cookies created by a different website than the one that the user is currently visiting.
In particular, we would like to inform users that the website uses the following services that issue cookies:
On the website www.savinodelbene.com there are particular “buttons” (called “social buttons/widgets”) depicting the icons of social networks (e.g. Facebook, linkedin, etc.) and other web services (e.g. Youtube, etc.). The same allow users who are browsing on the Controller’s web page to access the social networks of reference with a “click”. In this case the social networks and web services acquire the data related to the user, while the Controller does not share any browsing information or data of the user acquired through its website with the social networks and web services accessible thanks to the social buttons/widgets. Such services issue “third party cookies”. Below are the links to the privacy policies of the most used social networks and of the web sites to which the buttons refer:
– for Facebook: https://www.facebook.com/help/cookies
– for Linkedin: https://www.linkedin.com/legal/cookie-policy
Deselection and activation of cookies
By going beyond the initial banner containing the short policy, the user has given their express consent to the use of website’s cookies, as detailed above.
This section allows the User to change the website’s cookies setting. To change the settings, you must click the SAVE button.
Necessary for the use of the Website, blocking them does not allow the operation thereof. Your consent is not necessary for their installation.
Allow browsing to be facilitated and the service delivered to the user. Your consent is not necessary for their installation.
Allow information to be collected in aggregate form regarding browsing by users to optimize the experience of browsing and the services themselves. Blocking them would not allow the Controller to optimize the user’s experience of navigation, but the website would still be capable of being browsed.
Once enabled, individual cookies can be deselected freely including through your browser (by selecting the settings menu, by clicking on Internet options, opening the tab relative to privacy and choosing the desired level of cookies block). For more information, see the following links: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.
You can also activate the “Do Not Track” option present in most browsers of the latest generation.
Disabling “third party” cookies does not compromise browsing of this website in any way.
What happens if you do not provide us with your data?
We invite you to view the consequences resulting from the deselection of individual cookies, as set out in the table above.
How, where and for how long is your data kept?
How we process your data
The processing of personal data is carried out through computerized procedures by specially authorized and trained internal subjects. They are allowed access to your personal data to the extent and within the limits in which it is necessary for the conduct of the processing activities that concern you.
The Controller will periodically check the instruments by means of which your data is processed and the security measures laid down for these for which constant updating is envisaged; verification, also by means of the persons authorised to process the data, that data for which processing is not necessary is not collected, processed, stored or preserved; verifies that the data is stored with the guarantee of integrity and authenticity and its use for the purposes of the processing actually carried out.
Where we process your data
The data is kept in computer and digital archives located within the European Economic Area.
The length of time for we will process your data
We invite you to view the terms of conservation of personal data as indicated in the previous table.
– Site browsing:
Personal data is stored for the time necessary to allow the website to be browsed except in the cases in which occurrence of events that involve the intervention of the competent Authorities, also in collaboration with the third parties/recipients to whom the task of computer security of the Controller’s data is requested, to carry out any enquiries about the causes that have led to the event, as well as to protect the interests of the Controller relative to possible liability related to the use of the website and the related services.
What are your rights?
In essence, at any time and free of charge and without special formalities and burdens for your request, you can:
– obtain confirmation of the processing performed by the Controller;
– access your personal data and know the origin thereof (when data is not obtained directly from you), the aims and purposes of the processing, the data of the subjects to which it is communicated, the retention period for your data or the criteria useful to determine that period;
– update or correct your personal data so that it is always correct and accurate;
– erase your personal data from the databases and/or from the archives including backup archives of the Controller in the event, among others, in which it is no longer needed for the purpose of processing or if this is assumed as unlawful and always if they meet the conditions laid down by law; and in any case if the processing is not justified by another equally legitimate reason;
– limit the processing of your personal data in certain circumstances, for example where you have challenged the accuracy thereof, for the period necessary to the controller to verify the accuracy thereof. You must be informed within a reasonable time frame, including of when the period of suspension is accomplished or the cause of the limitation of the processing no longer exists, and therefore the therefore the said limitation is revoked;
– obtain your personal data, if received or processed by the Controller with your consent and/or if the processing thereof takes place on the basis of a contract and with automated tools, in electronic format in
order to transmit to another data controller.
The Controller must do so without delay, and in any case not later than one month after receipt of your request. The time limit may be extended by two months, if necessary, taking account of the complexity and the number of requests received by the Controller. In such cases the Controller, within one month of receipt of your request, will inform you and will make you aware of the reasons for the extension. For the exercise of your rights write to the address firstname.lastname@example.org
How and when can you object to the processing of your personal data?
For reasons related to your particular situation, you can object at any time to the processing of your personal data if it is based on legitimate interest by sending your request to the Controller at the address email@example.com
You have the right to the erasure of your personal data if a prevalent legitimate reason with respect to that which has given rise to your request does not exist.
To whom can you make a complaint?
Without prejudice to any other action in administrative or court proceedings, you can submit a complaint to the competent supervisory authority or to that which carries out its duties and exercises its powers in Italy where you have your habitual residence or work or, if different, in the Member State where violation of Regulation (EU) 2016/679 took place.