Advisory note on processing personal data
This page describes how this site is managed in relation to processing the personal data of users who browse the site. This is an advisory note that is provided in accordance with the current legislation regarding the personal data of users who interact with the services available on this site within the framework of EU Regulation 2016/679. The advisory note is provided solely for this site and for no other website even if a user arrives at another site by following a link found on this site.
The Data Controller
Having browsed, or viewed the site, data may be processed that concerns identified or identifiable people. The Data Controller who is responsible for processing this data is Grandi Salumifici Italiani S.p.A. with offices in Strada Gherbella 320 41126 Modena, Italy.
The place where the data is processed
Processing connected to the web services is done by technical personnel from the department duly assigned, or by any party appointed to perform occasional maintenance operations. No data deriving from the web service is communicated or divulged.
Purposes of the processing and the legal basis for the processing
Personal data supplied by users who forward requests or who wish to use the services or products offered through the site, as well as to receive other specific content, is only used to respond to requests or to deliver the service requested and the data is communicated to third parties only in the case in which this is necessary for the purpose(s) in question. The legal basis for the processing is the need to respond to requests from data subjects or to carry out those activities envisaged in agreements established with the data subjects.
With the user’s express consent, data may be used for commercial communication activities related to product offers and other services provided by the Data Controller. The legal basis for this treatment is the consent freely given by the data subject.
Apart from these situations, the user’s browsing data is stored for the time strictly necessary to manage the processing activities within the limits established by law.
Types of data processed
The information systems and the software procedures used to operate the site acquire, as part of their normal operation, certain personal data the transmission of which is implicit to the use of internet communication protocols. This regards information that is not collected to be associated to any identified data subject, but that, given the information’s nature, could, through processing and associating it with data held by third parties, allow users to be identified. In this category of data are IP addresses or the names of the computer domains used by users who connect to the site, URI (Uniform Resource Indicator) addresses for the requested resources, the time of the request, the method used to make the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (OK, error, etc) and other parameters relative to the user’s operating system and computing environment. This information is only used to obtain anonymous statistical information on the use of the site and to check that it is operating properly. This information is deleted once it has been processed. The data could be used to ascertain responsibility in the event of computer crime against the site.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of an email to any one of the email addresses listed on the site leads to the subsequent acquisition of the sender’s email address, which is needed in order to respond to their request, as well as any other personal data that may have been supplied in the message. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
A cookie is a piece of text that is saved on the device being used to browse the internet only after authorisation has been given. Cookies are used to streamline web traffic analysis and to report when a specific site is visited, allowing web applications to send information to individual users. No personal data is acquired by the site in this regard. Cookies are not used to transmit information of a personal nature, nor are so-called persistent cookies used, whatever the type, nor any kind of system which tracks users. The use of so-called session cookies is strictly limited to transmitting session identifying data (made up of numbers generated at random by the server) which is needed to allow the user to securely and efficiently browse the site. The so-called session cookies used on the site avoid the use of other technologies that might compromise the user’s privacy or confidentiality whilst browsing and they do not allow personal data that might identify the user from being acquired.
The option of providing data
Apart from that specified for browsing data, the user is free to provide his/her personal data in order to request services offered by the Data Controller. Not supplying this personal data may make it impossible to fulfil the user’s request.
Processing methods and data retention times
Personal data is processed by automated means for the time strictly necessary to achieve the purpose(s) for which the data was collected. Specific security measures are taken to prevent any loss of data, unlawful or improper use and access to the data by unauthorised parties.
Data is kept for the time strictly necessary to fulfil the purpose(s) indicated in this advisory note and will be deleted at the end of this period, unless the data has to be kept as part of the Data Controller’s legal obligations or to assert a right in court.
The data subject’s rights
Within the limits and under the conditions provided for by law, the Data Controller must respond to a request made by a data subject with regards to the personal data that concern the said data subject. Specifically, based on current legislation:
1. The data subject has the right to obtain from the Data Controller confirmation or otherwise of whether the data subject’s personal data is currently subject to processing and, if so, to obtain access to this personal data and to the following information:
- the purpose(s) of the processing;
- the category(ies) of personal data in question;
- the recipient(s) or the category(ies) of recipients to which the personal data has been or will be communicated, particularly with regards to third-country recipients and international organisations;
- when possible, the envisaged retention period for the personal data or, if this is not possible, the criteria used to determine the retention period;
- the existence of the data subject’s right to ask the Data Controller to rectify or delete the personal data or to restrict processing of the data subject’s personal data or to oppose processing;
- the right to lodge a complaint with the Supervisory Authority;
- if the data was not collected from the data subject, all the information available on the data’s origin(s);
- the existence of an automated decision-making process, including profiling
2. The data subject has the right to obtain from the Data Controller the correction of any inaccurate personal data that concerns the data subject without undue delay. Taking into account the purpose(s) of the processing, the data subject has the right to obtain the integration of any incomplete personal data, including by supplying an additional declaration.
3. The data subject has the right to obtain from the Data Controller the deletion of any personal data that concerns the data subject without undue delay and the Data Controller is required to delete, without undue delay, the personal data within the limits and in the cases provided for by current legislation. The Data Controller will inform each recipient to whom the personal data has been sent, of any correction or deletion or restriction on processing within the limits and forms provided for by current legislation.
4. The data subject has the right to obtain from the Data Controller a restriction on processing.
5. The data subject has the right to receive, in a widely-used, structured form, which is readable by an automated device, the personal data that concerns the data subject supplied to a Data Controller and the data subject has the right to send this data to another Data Controller without hinderance from the Data Controller who supplied it.
To exercise the rights listed above, the data subject must submit a request using the following contact points, through which the Data Protection Manager may also be contacted.
Requests should be sent to the Data Controller at firstname.lastname@example.org o at which the Data Protection Manager (if appointed by the Data Controller) may also be contacted.
This version of the advisory note on the processing of personal data was updated on 07 May 2018.