Information relating to the art. 13 et seq. of EU Regulation no. 679/2016 of 27 April 2016 GDPR, (General Data Protection Regulation – G.D.P.R.) “relating to the protection of natural persons about the processing of personal data, as well as the free movement of such data (General Data Protection Regulation)”.
By implementing the procedure for consulting the pages of the site and/or registering for our services, users voluntarily communicate to BAGLIO DIAR soc. coop. a.r.l., Data Controller, your personal data. The personal data sent will be processed in compliance with the personal data protection principles established by EU Regulation no. 679/2016 and other current regulations on the matter.
The data controller is BAGLIO DIAR soc. coop. a.r.l. (hereinafter also the “Data Controller”) and can be contacted by written communication to be sent to: Via Lipari, 13
91025 Marsala (TP) Sicily or to the email address firstname.lastname@example.org
Nature of the data processed
Usage and navigation data are processed to the extent that the computer systems and software procedures used to operate this website acquire information whose transmission is implicit in the use of Internet communication protocols.
The data processed by you voluntarily, during registration, registration on our site and/or contact, and/or manifestly made public by you, including your personal identification data, name, surname, address, email, telephone number, fax, the content of any messages from you, etc. as well as data of an economic nature that are strictly necessary for the performance of existing or future contractual relationships.
So-called particular, sensitive or judicial data, which may fall within those indicated by the art., do not constitute the object of processing. 4, letter d) and letter e) of the privacy code and art. 9 EU Reg. 2016/679, the processing of which, moreover, is prohibited by art. 9 paragraph 1 of the aforementioned Reg. EU 2016/679, except for specific and mandatory exceptions contemplated by the same article.
Purpose and legal basis of the processing
The personal data collected by registering or registering on our site are processed to allow access to the products, services and contents reserved for registered users.
The legal basis for being able to process the data obtained is represented, pursuant to art. 6 EU Reg. 2016/679, from the following conditions:
– the interested party has expressed consent to the processing of their personal data;
– the processing is necessary for the execution of the contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the interested party;
– the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
– the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties (see on this point also recital n. 47 GDPR), provided that the interests or fundamental rights and freedoms of the interested party which require protection do not prevail of personal data, in particular if the interested party is a minor. In this last case, it is specified that the legitimate interests of the Data Controller are the defense of its rights, the need for fraud prevention, and/or the development of promotional activities on services/products for direct marketing purposes.
If the user/interested party has expressed consent at the time of activation of the service, or expresses it subsequently and until its revocation, his/her personal data may be processed by BAGLIO DIAR soc. coop. a.r.l. For:
– allow access to products, services and contents;
– send, if users have expressed consent at the time of activation of the service, or express it subsequently, and until the same is revoked, communications of a commercial nature on their own products and services or those of third-party companies, also with automated, for direct sales purposes, as well as for sending market research and for verifying the level of user satisfaction;
– carry out, if users have expressed consent at the time of activation of the service, or express it subsequently, and until its revocation, also by means of electronic tools, analysis activities of specific behaviors and consumption habits, in to improve the services provided and direct the commercial proposals of interest to the user, also offering third parties aggregate data summarizing the openings and clicks obtained through a tracking system using “cookies”.
– communicate and transfer user data to third parties, if they have expressed consent at the time of activation of the service, or express it subsequently, and until the revocation of the same, for the sending of communications of a commercial on products and services of third-party companies, even with automated methods, for direct sales purposes, as well as for sending market research;
– BAGLIO DIAR soc. coop. a.r.l. will also use personal data for administrative and accounting purposes and for the execution of contractual obligations towards users who are part of its customers.
The personal data sent via the registration/registration form may be processed by BAGLIO DIAR soc. coop. a.r.l. with automated tools and paper supports.
The possibility remains for BAGLIO DIAR soc. coop. a.r.l. to process the aforementioned data in aggregate form, in compliance with the measures prescribed by the Guarantor Authority and by the specific exemption from consent provided by the same, for electronic analysis and processing (e.g.: classification of the entire clientele into homogeneous categories for levels of services, consumption, expenditure, etc.) aimed at periodically monitoring the development and economic performance of Baglio Diar’s activities, directing the related industrial and commercial processes, improving services, as well as designing and implementing commercial communication campaigns.
These are therefore legitimate and necessary treatments to ensure a service that increasingly meets the expectations of users/customers.
Specific security measures are observed by the Data Controller to prevent data loss, illicit or incorrect use and unauthorized access.
The processing connected to the web services of this site takes place at the aforementioned headquarters of BAGLIO DIAR soc. coop. a.r.l. and are handled only by technical personnel authorized to process and manage the site.
In any case, personal data is recorded and stored on electronic databases located in Italy and in countries belonging to the European Economic Area (EEA).
Obligation or right to provide data
The provision of data is optional. However, failure to provide the data deemed mandatory will prevent correct registration on the site and, consequently, the possibility of using the services reserved for registered users, and, in case of purchase, acceptance by BAGLIO DIAR soc. coop. a.r.l. of the order proposal and the execution of the related contract.
Scope of knowledge of your data
The following categories of subjects may become aware of your data, as external data controllers or internal data processors authorized to process them, appointed by the Data Controller:
– Internal staff responsible for administrative-accounting activities;
– Internal staff responsible for executing contracts;
– Administrators, accountants and external consultants for accounting and administrative activities.
The processing of personal data provided by users may also be carried out by companies, bodies or consortia, appointed as data controllers according to art. 28 of the aforementioned EU Regulation, which, on behalf of BAGLIO DIAR soc. coop. a.r.l., provide specific processing services or related, instrumental or support activities (such as, by way of example: software developers and website managers, IT companies, network providers, electronic communication services, IT and telematic archiving and IT management services of data, shippers, transport companies; or consultants, lawyers or collaborators of the company, tax consultants of the company, subjects who carry out tasks of a technical and organizational nature; credit agencies, banks, finance companies, insurance companies; companies or people who assist customers; companies selling our products), within the limits strictly necessary to carry out their duties at our or their organization, subject to our letter of appointment which imposes the duty of confidentiality and security.
Communication and dissemination
The personal data provided by users will not be disclosed by us, with this term meaning giving them knowledge to indeterminate subjects in any way, including by making them available or consulting them, but they may be communicated by us, i.e. giving them knowledge to one or more determined and qualified subjects, in the following terms:
– to investee or associated companies;
– to subjects whose right to access personal data is recognized by legal provisions, regulations or community legislation;
– to subjects towards whom communication is required by law or regulation, or by public subjects for the performance of their institutional functions.
Rights of the interested party
The user/interested party may exercise the rights provided for in articles 15-22 GDPR at any time by contacting the owner of this site.
Below is the extract from article 15 of EU Regulation 2016/679, relating to your right of access to us, to remind you that you can obtain the following information:
“The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations; d) when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all available information on their origin”.
Furthermore, the interested party has the right:
to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay, according to art. 16 EU Reg. 2016/679;
to obtain cancellation of personal data concerning him without justified delay where one of the reasons listed in the art. exists. 17 EU Reg. 2016/679;
to the limitation of processing when one of the hypotheses is described in the art. 18 EU Reg. 2016/679;
to object at any time to the processing of data concerning him in the cases referred to in art. 21 EU Reg. 2016/679;
to receive the personal data concerning him/her provided to a data controller in a structured, commonly used and machine-readable format and to transmit such data to another data controller without impediments on the part of the data controller to whom he/she provided them, in the cases provided for by the art. 20 EU Reg. 2016/679;
to revoke consent at any time, if the processing is exclusively based on art. 6, paragraph 1, letter a), or on art. 9, paragraph 2, letter a), in any case without prejudice to the lawfulness of the processing based on the consent given before the revocation;
to complain, according to art. 77 EU Reg. 2016/679, to the competent Supervisory Authority for Privacy, in particular in the EU Member State in which he habitually resides, works, or the place where the alleged violation occurred, in addition to the ordinary right to lodge a judicial appeal effective, according to art. 79 EU Reg. 2016/679, if you believe that the rights you enjoy according to the aforementioned EU Regulation have been violated following processing.
Data retention period
The retention period of the personal data referred to above is in line with the regulatory provisions in force: in compliance with the principles of minimization, proportionality and necessity, the data will not be retained for periods longer than those essential for the achievement of the purposes indicated above and , therefore, to the service offered or to the specific legal provisions (e.g. in our legal system there is a term of at least 10 years regarding the conservation of company administrative documents).
In any case, the company will provide without delay for the secure deletion or irreversible anonymization of the data when the retention of personal data is no longer justified.
This information may be subject to changes.
If substantial changes are made to the use of personal data by the Data Controller, or the latter intends to further process the personal data for a purpose other than that for which they were collected, the latter will be required to inform in advance and the interested parties again.