Information on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR). Effective from 11/04/2023
INTRODUCTION
This notice takes into account the provisions of the GDPR and the Privacy Code (Legislative Decree No. 196 of June 30, 2003). The document has also been prepared based on the Guidelines of the Privacy Authority (especially the Guidelines to combat spam issued by the Privacy Authority on July 4, 2013).
Data Controller: SCHIRINZI MARIO OLEA COMPANY, Via Copertino 153 – 73041 Carmiano (LE), Chamber of Commerce of Lecce, VAT No. 01121640757, Email: info@schirinzi.it
Website to which this privacy policy refers: https://www.pugliaextravirginoliveoil.com/ (Website).
The Data Controller has not appointed a DPO (Data Protection Officer). Therefore, you can send any request for information directly to the Data Controller.
GENERAL INFORMATION
This document describes how the Data Controller processes your personal data provided on the Website.
Below are the main processes involving your personal data. In particular, the legal basis for processing is explained, whether provision is mandatory, and the consequences of not providing personal data. To best describe your rights, if necessary, we have specified whether and when a certain processing of personal data is not carried out.
Registration on the Website
The Website does not offer the option for registration. Therefore, the Data Controller does not process your personal data for this purpose.
Purchases on the Website
It is not possible to make purchases on the Website. Therefore, your personal data will not be processed for this purpose. The Data Controller does not process user data to send “reminder” emails for purchasing products and/or services from the Data Controller.
Responding to Your Requests
Your data will be processed to respond to your requests for information. Providing data is optional, but refusal will prevent the Data Controller from answering your questions. The legal basis for processing is the legitimate interest of the Data Controller to respond to user requests. This legitimate interest is equivalent to the user’s interest in receiving responses to communications sent to the Data Controller.
Generic Marketing
The Data Controller will not send you advertising materials and/or newsletters regarding its own or third-party products.
Profiling
The Data Controller does not engage in “profiling” with your personal data. Therefore, it will not send you advertising materials and/or newsletters related to its own or third-party products of specific interest to you.
Data Sharing
The Data Controller does not share your personal data with third parties.
Geolocation
The Website does not implement tools for geolocating the user’s IP address.
CV Submissions
It is not possible to submit CVs through the Website. Therefore, your data will not be processed for these purposes.
Appointment Booking
The Website does not have third-party appointment booking systems with the Data Controller. Therefore, your data will not be processed for this purpose. However, you can always contact the Data Controller using the contacts indicated above.
Communication of Personal Data
In the course of its ordinary activities, the Data Controller may communicate your personal data to certain categories of subjects. In Article 2, you can find the list of subjects to whom the Data Controller communicates your personal data. To facilitate the protection of your rights, Article 2 may specify in some cases when your data is not communicated to third parties.
The “communication” of personal data to third parties is different from “cession” (which is regulated in the preceding section). In fact, in communication, the third party to whom the data is transmitted may use it only for the specific purposes described in the relationship with the Data Controller. In cession, on the other hand, the third party becomes an autonomous Data Controller of the personal data. Furthermore, your consent is always required to share your personal data with third parties.
Notwithstanding the above, it is understood that the Data Controller may still use your personal data to properly comply with the obligations required by current laws.
SPECIFIC PRIVACY NOTICE
Art. 1 Processing Methods
1.1 The processing of your personal data will primarily be carried out using electronic or automated means, in accordance with methods and tools suitable for ensuring security and confidentiality in compliance with the GDPR. If the automatic chatbot service is operational, your personal data will also be processed to enable the activation of this service, through which the user can contact and be contacted by the Data Controller, upon consent. The legal basis is the legitimate interest of the Data Controller in responding to user requests via the chatbot service. This legitimate interest can be considered equivalent to the interest of the data subject in using the automatic chatbot service.
1.2 The information collected and processing methods will be relevant and not excessive with respect to the type of services provided. Your data will also be managed and protected in secure and appropriate IT environments.
1.3 No “sensitive data” is processed through the Site. Sensitive data refers to information that reveals racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership in parties, trade unions, religious, philosophical, political or union organizations, health status, and sexual life.
1.4 No judicial data is processed through the Site.
Art. 2 Communication of Personal Data
The Data Controller may communicate your personal data to specific categories of subjects. Below are the subjects to whom the Data Controller reserves the right to communicate your data:
-
- The Data Controller may communicate your personal data to all those subjects (including Public Authorities) who have access to personal data under regulatory or administrative provisions.
- Your personal data may also be communicated to all public and/or private subjects, individuals and/or legal entities (law, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Labour Offices, etc.) if the communication is necessary or functional to comply with legal obligations.
- The Data Controller employs employees and/or collaborators of any kind. For the proper functioning of the Site, the Data Controller may communicate your personal data to these employees and/or collaborators.
- In its normal management activities of the Site, the Data Controller makes use of companies, consultants, or professionals responsible for the installation, maintenance, updating, and, in general, management of the hardware and software used by the Data Controller or which the latter uses for providing its services. Therefore, only concerning these purposes, your data may also be processed by these subjects.
- The Data Controller does not employ CRM platforms (companies mainly engaged in sending automated communications to users). Therefore, your personal data are not communicated to these companies.
- The Data Controller does not engage external companies for customer care services.
- The personal data of buyers are not communicated to couriers or shippers.
The Data Controller reserves the right to modify the above-mentioned list based on its ordinary operations. Therefore, you are invited to regularly access this notice to check to whom the Data Controller communicates your personal data.
Art. 3 Data Retention
3.1 This article outlines for how long the Data Controller reserves the right to retain your personal data.
-
- Your personal data will be retained only for as long as necessary to ensure the proper provision of services offered through the Site.
- For customer care purposes, the data will be deleted once the assistance service is completed.
3.2 Without prejudice to what is stated in article 3.1, the Data Controller may retain your personal data for the time required by specific regulations, as amended from time to time.
Art. 4 Transfer of Personal Data
4.1 The Data Controller is located within the European Union. Therefore, the processing of your data is secure from a regulatory standpoint, as governed by the GDPR. If the transfer of your personal data occurs to a non-EU country for which the European Commission has expressed an adequacy decision, the transfer is considered safe from a regulatory standpoint. This article 4.1 indicates from time to time the countries to which your personal data may potentially be transferred, and where the European Commission has expressed an adequacy judgment.
-
- Users are therefore invited to regularly access this article to verify whether their personal data transfer occurs to a country with these characteristics.
4.2 Without prejudice to what is stated in article 4.1, your data may also be transferred to non-EU countries for which the European Commission has not issued an adequacy judgment. You are therefore invited to regularly review this article 4.2 to ascertain to which of these countries your data may be transferred. For the proper functionality of the Site, your personal data may be transferred to the U.S.A. In these cases, the Data Controller will adopt all suitable contractual measures to ensure an adequate level of protection of personal data, including, among others, the Standard Contractual Clauses approved by the European Commission on June 4, 2021.
4.3 In this article, the Data Controller indicates the countries to which it may specifically direct its operations. This circumstance may imply the application of the regulations of the country of reference, alongside the GDPR.
-
- At the user’s request, the Data Controller will apply the potentially more favorable regulations provided by the national legislation of the user itself to the processing of personal data.
Art. 5 Rights of the Data Subject
Under Article 13 of the Privacy Regulation, the Data Controller informs you that you have the right to:
-
- request the Data Controller access to your personal data and the rectification or deletion of such data or the limitation of the processing concerning you or to object to their processing, in addition to the right to data portability
- revoke consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
- file a complaint with a supervisory authority (e.g., the Data Protection Authority).
The aforementioned rights may be exercised by a request directed informally to the contacts indicated in the Introduction.
Art. 6 Modifications and Miscellaneous
The Data Controller reserves the right to make changes to this privacy notice at any time, adequately informing the users of the Site and ensuring in any case an appropriate and similar protection of personal data. To view possible changes, you are invited to regularly consult this privacy notice. In the event of substantial changes to this privacy notice, the Data Controller may also communicate this via email.