fbpx

Privacy Policy

European Regulation 2016/679 lays down rules concerning the protection of natural persons  with regard to the processing of personal data, as well as rules concerning the free movement of  such data, safeguarding the fundamental rights and freedoms of natural persons, in particular  the right to the protection of personal data. 

In compliance with this regulation, Pastificio Miglianico S.r.l. (hereinafter referred to as the  “Pastificio”), which intends to process your personal data, hereby informs you, pursuant to Articles 13  and 14 of EU Regulation 2016/679 “GDPR” and in accordance with Legislative Decree 196/2003 as  amended “Personal Data Protection Code”, that such processing will be based on the principles of  fairness, lawfulness, and transparency, and on the protection of your privacy and your rights. Therefore, we provide you with the following information regarding the processing of your personal  data that we intend to carry out: 

Purpose of the Processing 

The data collected will be processed for the following purposes: 

  1. a) Responding to requests for information made by the Data Subject through telephone contact  and/or by sending an email to the address provided, and more generally through the contact channels  indicated on the Website; 
  2. b) Allowing the Data Subject to register on the Website and properly use the specific online content  accessible to registered users; 
  3. c) Allowing the conclusion of the purchase contract through the Website and the correct execution of  the obligations arising from such contract, such as, by way of example, the receipt and management  of purchase orders, the supply of products, delivery and payment, including online payment, of the  products and/or services purchased; 
  4. d) Sending commercial communications aimed at promoting and/or directly selling products or  services similar to those already purchased or used by the Data Subject, using the email address  provided on those occasions (so-called “soft spam”), without the need for consent — unless  expressly objected to — limited to soft spam cases only, without prejudice to the Data Subject’s right  to object at any time pursuant to Articles 15 et seq. of EU Regulation 2016/679; e) Sending newsletters and/or advertising material and/or commercial communications regarding new  products and/or services offered, suggesting features or products that may be of interest to you based  on your preferences. This may be carried out both through traditional contact methods (postal mail or  telephone calls via an operator) and through automated call systems or communication systems  without the intervention of an operator and/or by electronic communications (email; SMS – Short  Message Service; MMS, etc.); 
  5. f) Sending commercial communications from third-party companies (so-called indirect marketing).  This may be carried out both through traditional contact methods (postal mail or telephone calls via  an operator) and through automated call systems or communication systems without the intervention  of an operator and/or by electronic communications (email; SMS – Short Message Service; MMS, etc.); g) Providing after-sales assistance and conducting market research, including for statistical purposes,  aimed at detecting customer satisfaction with the quality and type of services provided (customer  satisfaction). This may be carried out both through traditional contact methods (postal mail or  telephone calls via an operator) and through automated call systems or communication systems  without the intervention of an operator and/or by electronic communications (email; SMS – Short  Message Service; MMS, etc.); 
  6. h) Managing the functionality of the Website to make it suitable for online commerce, analyzing  performance, correcting errors, and improving its use and efficiency; 
  7. i) Preventing and detecting fraud and abuse in order to protect the security of the Website; j) Fulfilling legal obligations imposed on the Data Controller and/or executing orders from Authorities  entitled to do so. 

Legal Basis

  • For the purposes referred to in points a), h), i): the Data Controller’s legitimate interest (Art. 6,  para. 1, letter (f) of EU Regulation 2016/679); 
  • For the purposes referred to in points b) and c): the correct and timely execution of the contract  to which the Data Subject is a party and/or the execution of pre-contractual measures taken at  the request of the same (Art. 6, para. 1, letter (b) of EU Regulation 2016/679); 
  • For the purpose referred to in point d), generic marketing purposes: the Data Controller’s  legitimate interest (pursuant to Art. 130, paragraph 4 of Legislative Decree 196/2003 and Art. 6,  para. 1, letter (f) of EU Regulation 2016/679); 
  • For the purposes referred to in points e), f), g): the free consent expressed by the Data Subject,  optional and revocable at any time (Art. 6, para. 1, letter (a) of EU Regulation 2016/679); For the purpose referred to in point j): compliance with a legal obligation (Art. 6, para. 1, letter  (c) of EU Regulation 2016/679). 

The provision of data is not mandatory, but any refusal by the Data Subject to provide their data will  result in the objective impossibility for the Data Controller to respond to contact requests and/or  information received, as well as to properly fulfill their legal and contractual obligations. On the other hand, it is understood that the Data Subject’s refusal to provide consent for the  processing of personal data for the purposes referred to in points e), f), g) will only result in the Data  Controller’s inability to pursue the purposes indicated therein. 

The provision of personal data for the purpose referred to in point d) is necessary for the exercise of a  legitimate interest. You may at any time decide not to receive communications relating to generic  marketing activities. 

Some personal data is strictly necessary for the operation of the Website, while other data is used  solely for the purpose of obtaining anonymous statistical information on the use of the Website and to  check its correct functioning; such data is deleted immediately after processing. In processing personal data that may directly or indirectly identify the Data Subject, we respect the  principle of strict necessity. For this reason, we have configured the Website so that the use of the  Data Subject’s personal data is minimized and the processing of personal data that allows the  identification of the Data Subject is limited to cases of necessity or upon request of the Authorities  and law enforcement forces (for example, for data relating to traffic and permanence on the Website  or the IP address) or for the ascertainment of liability in the event of hypothetical computer crimes  against the Website. 

Processing Description 

In order to use the Services offered on the Website and to receive purchase assistance from the Data  Controller, it is necessary to provide the following data: first name, last name, and email address. With  your consent, the aforementioned data will allow Pastificio to send you its newsletters (containing  commercial and promotional information). 

If you refuse to provide the requested personal data (first name, last name, and email address), you  will not be able to access the services offered on the Website. 

The provision of your personal details (first name, last name, email address, and complete postal  address) is necessary: 

  • to allow Pastificio to fulfill its contractual delivery obligations in the event of a purchase order; for after-sales assistance and customer service activities; 
  • for the issuance of invoices; 
  • for managing job applications. 

Other requested personal data — such as landline and mobile phone numbers — are optional but, if  provided, will allow the Data Controller to contact you regarding communications related to the  purchase order, to verify satisfaction with the services provided or, with your prior consent, to receive  commercial offers, including based on your preferences and through marketing activities, either by  regular mail or via email or SMS.

Processing Methods 

The processing of personal data will be carried out using both paper and electronic means, adopting  all necessary precautions to ensure security and confidentiality. The data will also be stored,  managed, and protected in environments with controlled access. 

Data Retention Period 

In compliance with the principle of data minimization, we inform you that your personal data will be  retained for the duration of the limitation period of the rights arising from the contractual relationship. The criterion used to determine such retention periods is based on common sense principles and on  the guidelines provided by the Supervisory Authority, which states that data may generally be retained  “as long as a legitimate interest exists”, meaning for as long as their retention is necessary for the  purposes for which they were collected and processed. 

More generally, the data will be retained in accordance with Article 2220 of the Italian Civil Code and  the relevant European and tax regulations. 

Data Controller 

The Data Controller is Pastificio Miglianico S.r.l., with registered office in Contrada Cerreto, no. 52 – 66010 Miglianico (CH), Italy. 

Communication and Disclosure of Data 

The personal data voluntarily provided to our offices will not be disclosed or sold and/or otherwise  transferred to third parties by Pastificio. Your data may only be accessed by specifically authorized  personnel working within the Pastificio Offices responsible for managing your position. As provided by EU Regulation 2016/679 “GDPR”, the personal data of the Data Subjects may, if  necessary, be communicated: 

  • to all internal staff limited to the information necessary to perform their work duties; to all parties entitled by regulatory provisions to access such data; 
  • to our collaborators, employees within the scope of their respective duties and/or any existing  contractual obligations related to the employment relationship with the Data Subject; to postal offices, shipping companies, and couriers for sending documentation and/or  materials; 
  • to all natural and/or legal persons, public and/or private (such as legal, administrative, and tax  consultancy firms, labor consultancy firms, Judicial Offices, Chambers of Commerce, Labor  Chambers and Offices, etc.), when communication is necessary or functional for carrying out  our activities in the ways and for the purposes outlined above; 
  • to banking institutions for the management of payments and collections resulting from the  execution of contracts. In such cases, only the essential data, strictly necessary for the  purposes for which they are communicated, will be disclosed; 
  • to companies appointed to perform accounting audits in accordance with national and EU  regulations; 
  • to bodies responsible for supervisory and control functions; 
  • through publication on institutional websites with regard to companies operating in joint  controllership of data processing concerning activities connected to your commercial contract  with one of the aforementioned entities. 

You may exercise your rights, as provided for by Articles 15 et seq. of EU Regulation 2016/679 “GDPR”,  by contacting the Data Controller. 

EU Regulation 2016/679 “GDPR” – Article 15 – Right of Access by the Data Subject 1. The data subject shall have the right to obtain from the controller confirmation as to whether or  not personal data concerning him or her are being processed, and, where that is the case,  access to the personal data and the following information:

(a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or  categories of recipients to whom the personal data have been or will be disclosed, in particular  recipients in third countries or international organizations; (d) where possible, the envisaged period  for which the personal data will be stored, or, if not possible, the criteria used to determine that  period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such  processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data  are not collected from the data subject, any available information as to their source; (h) the existence  of automated decision-making, including profiling, referred to in Article 22(1) and (4), and, at least in  those cases, meaningful information about the logic involved, as well as the significance and the  envisaged consequences of such processing for the data subject. 

  1. Where personal data are transferred to a third country or to an international organization, the  data subject shall have the right to be informed of the appropriate safeguards pursuant to  Article 46 relating to the transfer. 
  2. The controller shall provide a copy of the personal data undergoing processing. For any further  copies requested by the data subject, the controller may charge a reasonable fee based on  administrative costs. Where the data subject makes the request by electronic means, and  

unless otherwise requested by the data subject, the information shall be provided in a  commonly used electronic form. 

  1. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and  freedoms of others. 

Transfer of Personal Data Outside the EU 

Personal data are stored on servers located within the European Union. In any case, it is understood  that the Data Controller, if necessary, may also use servers located outside the EU. In such a case, the  Data Controller ensures from now that any transfer of data outside the EU will be carried out in  accordance with the applicable legal provisions, adopting all necessary measures to ensure the  complete protection of personal data, basing such transfer on: 

  1. a) adequacy decisions of third-country recipients expressed by the European Commission; b) appropriate safeguards provided by the third-party recipient pursuant to Article 46 of the  Regulation; 
  2. c) the adoption of binding corporate rules. 

Minors 

Minors under the age of 18 cannot provide information or Personal Data without the consent of those  exercising parental responsibility over them. In the absence of such consent, it will not be possible to  respond to the minor’s requests. We invite all those exercising parental responsibility over minors to  inform them about the safe and responsible use of the Internet and the Web.