Information on the processing of personal data of website users

Articles 13 and 14 of Regulation 2016/679/EU (hereinafter also ‘GDPR’)

Why this notice

DOLCIARIA LA FENICE (hereinafter also “Company” or “Owner”) is committed to the respect and protection of your privacy and wants you to feel safe both during the simple navigation of the site and in case you decide to register by providing us with your personal data to take advantage of the services made available to its Users and/or Customers. On this page, the Company intends to provide some information on the processing of personal data relating to users who visit or consult the website accessible electronically from the address www.dolciarialafenice.it (the “Site”). This information is provided only for the Company’s website and not for any other websites that the user may consult via links (for which please refer to their respective privacy policies). The reproduction or use of pages, materials and information contained within the Site, by any means and in any medium, is not permitted without the prior written consent of Azienda. Copying and/or printing for personal and non- commercial use only is permitted (for enquiries and clarifications please contact Azienda at the contact details below). Other uses of the content, services and information on this site are not permitted.

With regard to the contents offered and the information provided, the Company will endeavour to keep the contents of the Site reasonably up to date and revised, without offering any guarantee as to the adequacy, accuracy or completeness of the information provided and expressly disclaims any liability for any errors of omission in the information provided on the Site.

Origin – Navigation data

The Company informs you that the personal data provided by you and acquired at the time of your request for information and/or contact, registration on the site and use of services via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including navigation data and data used for the possible purchase of products and services offered by the Company, but also only the so-called “navigation” data of the site by Users, will be processed in compliance with applicable regulations. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This is information that is not collected in order to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify the navigating users. This category of data includes the “IP addresses” or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the Company’s website. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the Azienda website or other sites connected or linked to it: except in this case, data on web contacts do not currently persist for more than a few days.

Origin – Data provided by the user

The Company collects, stores and processes your personal data for the purpose of providing the products and services offered on the Site, or for legal obligations. In relation to some specific Services, Products, Promotions, etc. Company may also p r o c e s s your data for commercial purposes. In such cases, a specific, separate, optional and always revocable consent will be requested in the manner and at the addresses indicated below.

The optional, explicit and voluntary sending of e-mails to the addresses indicated in the appropriate section of the Website, as well as the filling in of questionnaires (e.g. forms), communication via chat, push notification via APP, social networks, call centres, etc., entails the subsequent acquisition of some of your personal data, including those collected through the use of Apps and related services, necessary to respond to your requests. Please also note that when you use your mobile connection to access content and digital services offered directly by the Company or by our Partners, it may be necessary to transfer your personal data to such third parties. Please note that you may access the Site or connect to areas where you may be able to post information

Privacy Policy website

using blogs or noticeboards, communicating with others, e.g. from your Company page on Facebook®, LinkedIn®, YouTube®, and other social networking sites, reviewing products and offers, and posting comments or content. Before interacting with these areas, please read the General Terms and Conditions of Use carefully, bearing in mind that, under certain circumstances, the information you publish may be viewed by anyone with access to the Internet and any information you include in your publications may be read, collected and used by third parties.

Purpose of processing and legal basis

The data are processed for the purposes:

1. 1)  Strictly connected to and necessary for registering with the www.dolciarialafenice.it website, the services and/or Apps developed or made available by the Company, to use the relevant information services, to handle contact or information requests, to make purchases of products and services offered through the Company website;
2. 2)  for ancillary activities related to the management of User/Customer requests and the sending of feedback, which may include the transmission of promotional material; for the finalisation of the purchase order of the products and services offered, including aspects relating to payment by credit card, the management of shipments, the possible exercise of the right of withdrawal provided for distance purchases, and the updating on the availability of products and services temporarily unavailable;
3. 3)  related to the fulfilment of obligations under EU and national law, the protection of public order, and the detection and prosecution of crimes;
4. 4)  direct marketing, i.e. sending advertising material, direct sales, carrying out market research or commercial communication of products and/or services offered by the Company; this activity may also concern products and services of Companies of the Company Group and be carried out by sending advertising/information/promotional material and/or invitations to participate in initiatives, events and offers aimed at rewarding users/customers, carried out by ‘traditional’ means (e.g. paper mail and/or operator calls), or by ‘automated’ contact systems (e.g. SMS and/or MMS, telephone calls without operator intervention, e-mail, fax, interactive applications), pursuant to art. 130 c. 1 and 2 of Legislative Decree 196/03 as amended;

The provision of data for the purposes referred to in points 1), 2) and 3), connected to a pre-contractual and/or contractual phase or functional to a user’s request or envisaged by a specific regulatory provision, is compulsory and, failing this, it will not be possible to receive the information and access any services requested; with regard to point 4) of this Information Notice, consent to the processing of data by the user/customer is, on the other hand, free and optional and can always be revoked without any consequences on the usability of the products and services, except for the impossibility for the Company to keep users/customers updated on new initiatives or special promotions or advantages that may be available.

Company may send you commercial communications relating to products and/or services similar to those already provided, in accordance with Directive 2002/58/EU, using the e-mail or paper addresses you provide on these occasions, to which you may object in the manner and at the contact details set out below.

Processing methods, processing logic, storage times and security measures

The processing is also carried out with the aid of electronic or automated means and is performed by the Company and/or by third parties that the Company may use to store, manage and transmit the data. The data processing will be carried out with the logic of organisation and elaboration of your personal data, also related to the logs originated from the access and use of the services made available via web, of the products and services used related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data. The personal data processed will be retained for the period of time prescribed by the legislation applicable at the time.

Also with regard to data security, in those sections of the website set up for particular services, where personal data is requested from the user navigator, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated to SSL. SSL technology encrypts information before it is exchanged via the Internet between the user’s computer and the Company’s central systems, making it unintelligible to unauthorised parties and thus guaranteeing the confidentiality of the information transmitted; in addition, transactions made using electronic payment instruments are carried out directly using the platform of the

Privacy Policy sitoweb

payment services (PSP) and Azienda retains only the minimum set of information necessary to handle any disputes. Precisely with regard to the aspects of personal data protection, the user/customer is invited, pursuant to Article 33 of the GDPR, to notify Azienda of any circumstances or events from which a potential “personal data breach” may arise in order to allow for an immediate assessment and the adoption of any actions aimed at countering such an event by sending a communication to privacy@Azienda.it or contacting Customer Service. The measures adopted by the Company do not exempt the Customer from paying the necessary attention to the use, where required, of passwords/PINs of adequate complexity, which he/she must update periodically, especially in the event that he/she has been hacked/known by third parties, as well as carefully guarding them and making them inaccessible to third parties, in order to avoid improper and unauthorised use.

Cookies

A cookie is a short string of text that is sent to your browser and possibly saved on your computer (alternatively on your smartphone/tablet or any other device you use to access the Internet); this generally occurs every time you visit a website. The Company uses cookies for various purposes in order to provide you with a fast and secure digital experience, for example, by allowing you to maintain a connection to the secure area while browsing through the pages of the site.

Cookies stored on your terminal device cannot be used to retrieve any data from your hard drive, transmit computer viruses or identify and use your email address. Each cookie is unique to the browser and device you use to access the Website or use the Company App. Generally, the purpose of cookies is to improve the operation of the Website and your experience when using it, although cookies may be used to send you advertising messages (as set out below). For more information on what cookies are and how they work, you can consult the “All about cookies” website http:// www.allaboutcookies.org .

For detailed information on Cookies, please read the dedicated page (https://www.dolciarialafenice.it/en/cookie-policy)

Scope of communication and transfer of data.

In pursuit of the purposes set out above, Azienda may communicate and have your personal data processed, in Italy and abroad, to third parties with whom we have dealings, where these third parties provide services at our request. We will only provide these third parties with the information necessary to perform the requested services taking all measures to protect your personal data. Data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship. In this case, recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Controller. In the case of the use of services offered directly by Partners, we will only provide the data strictly necessary for their performance. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed and the guarantees applicable to data transfers to third countries will be applied where required. We may also disclose personal data to our commercial service providers, for marketing purposes, who are appointed as external data processors for this purpose. In addition, personal data may be disclosed to the competent public bodies and authorities for the purposes of fulfilling legal obligations or to ascertain responsibility in the event of computer crimes to the detriment of the website, as well as disclosed to, or allocated to, third parties (in their capacity as data processors or, in the case of providers of electronic communication services, as independent data controllers), who provide IT and telematic services (e.g. hosting services, website management and development services) and which the Company uses to perform tasks and activities of a technical and organisational nature that are also instrumental to the operation of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Managers appointed for this purpose by Azienda.

Personal data may also be known by employees/consultants of the Company who are specially instructed and appointed as Data Processors.

The categories of recipients to whom the data may be disclosed are available by contacting the company at the addresses below.

Rights of data subjects

You may at any time exercise the rights granted to you by law, including:

a) access to your personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes;

Privacy Policy sitoweb

2. b)  to obtain without delay the rectification of inaccurate personal data concerning you;
3. c)  to obtain, in the cases provided for, the deletion of your data;
4. d)  to obtain the restriction of processing or to object to processing when possible;
5. e)  to request the portability of the data that you have provided to Azienda, i.e. to receive them in a structured, commonly used and machine-readable format, also for the purpose of transmitting such data to another data controller, within the limits and constraints set out in Article 20 of the GDPR;

Furthermore, you may lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR.

For the processing referred to in point 4) of the purposes, the Customer may always revoke consent and exercise the right to object to direct marketing (in ‘traditional’ and ‘automated’ form). The opposition, in the absence of any indication to the contrary, will refer to both traditional and automated communications.

Data Controller

DOLCIARIA LA FENICE SRL

C.DA TORRE MORAFÒ, 98070 REITANO (ME)

VAT: 02553310836 

The aforementioned rights may be exercised upon request by the Data Subject in the manner made known by the Customer Service or on the Company’s website or by using the following references: “DOLCIARIA LA FENICE” (pasticcerialafenice@pec.it).

The use of the Website, including those intended for tablets and/or smartphones, by the Client and/or the User implies full knowledge and acceptance of the content and any indications included in this version of the policy published by Azienda at the time the site is accessed. The Company informs you that this policy may be modified without prior notice and therefore we recommend that you read it periodically.