Privacy

Nonna Rina S.r.l. with registered office in Via Meucci 4, 36030, Costabissara (VI), VAT no. 01972930240 (hereafter the “Controller”), owner of the internet website www.nonnonanni.it (hereafter the “Website”), as Controller of the personal data of users navigating and/or registered on the Website (hereafter “Users”) hereby issues the data privacy notice required by article 13 of EU Regulation 2016/679 of 27 April 2016 (hereafter the “Regulation”) and by national legislation governing the protection of personal data (hereafter “Applicable Legislation”).

The Data Protection Officer (DPO), designated by the Controller in accordance with the Regulation can be contacted at the e-mail address info@nonnarina.it.

The Controller considers the privacy and protection of Users’ personal data to be of the greatest importance. Users requiring further information concerning this Privacy Notice may contact the Controller at any time using the following modalities:

• By sending recorded delivery mail to the Controller’s registered office
• By sending an e-mail to the address info@nonnarina.it.

1. Purposes of processing

The Controller processes Users’ personal data lawfully and in conformity to article 6 of the Regulation for the following purposes:

1. Navigation of the website: Navigation by users visiting the pages of the website is managed using session cookies, and IP connection addresses are traced. The systems used for this purpose do not compromise the privacy of Users since navigation data are recorded in an anonymous form and cannot be used to identify Users. Collected navigation data may be used for the statistical analysis of website navigation, to identify the most frequently visited pages and/or to obtain other information of this kind. No kind of profiling of Users is carried out.
2. Responding to requests for information received by means of the contact form. Requests from Users may contain “sensitive” or “special” data even if not specifically asked for by the Controller, as such information may serve to identify general or specific health conditions (e.g. food intolerances, allergies, etc.). For this reason the Controller has included this type of data in the request for Users to consent to the processing of their data.
3. Sending newsletters following a specific request from Users.
4. Receiving curricula vitae for personnel selection through the application form. A specific privacy notice is displayed if Users access this page.
5. Legal obligations or conformity to laws, demands of authorities, regulations or European legislation.

Submission of personal data for the purposes described above is optional but necessary, as failure to submit such data may make it partly or completely impossible for Users to navigate the Website and/or benefit from the services that the Controller offers on the Website. Data fields that must be compiled in a form are marked with an asterisk *.

The legal basis of processing for the purposes described above is mainly the execution of services offered on the Website and requested by Users (according to article 6, comma 1, letter b of the Regulation) and Users’ consent to process (according to article 9, comma 2, letter a of the Regulation), with particular reference to the processing of “special” categories of data (e.g. data revealing health status).

With sole reference to the purposes described in point 1/e, the legal basis of processing is the fulfilment of a legal obligation to which the Controller is subject (according to article 6, comma 1, letter c of the Regulation).

2. Processing methods and data storage periods

The Controller processes Users’ personal data using manual and electronic systems, according to purpose-specific logic and always in a way that ensures the security and privacy of the data concerned.

Personal data belonging to Users of the Website are stored only for the time strictly necessary to fulfil the purposes described in section 1 above, or for as long as is necessary to safeguard the interests of Users and of the Controller in law. With reference to the purposes described in point 1/c, data are stored until Users unsubscribe from the newsletter using the link provided in the newsletter itself or using the modalities established in section 4 for exercising their rights.

3. Context of disclosure or transfer of data

Employees and/or contractors of the Controller assigned to the management of the Website or the services offered through it may obtain access to the personal data of Users. Such recipients are formally designated as “processors” by the Controller and process Users’ data exclusively for the purposes stated in this Privacy Notice and in conformity to Applicable Legislation.

Third parties processing data on behalf of the Controller as “External Processors” may also obtain access to the personal data of Users. Such parties include, for example, suppliers of the computer and logistic services necessary for the functioning of the Website, suppliers of outsourced services or cloud computing, professionals and consultants.

Data may also be disclosed to judicial and/or other public authorities if so required by law or against a specific request.

Users have the right to obtain a list of the Controller’s designated processors by submitting a request to the Controller using the modalities given in section 4 below.

4. Rights of data subjects

In compliance with Applicable Legislation and articles 15 and following of the Regulation, the Controller informs Users that they have the following rights:

1. the right to receive, in an intelligible form, information on processed personal data (including the purposes of processing, the categories and source of personal data, the recipients and categories of recipients to whom data has been or may be disclosed, the period for which data are stored, where possible, and exercisable rights) and the right of access to their data (in the form of a copy);
2. the right to update or rectify personal data or add to it if incomplete;
3. the right to erase, render anonymous or object to the unlawful processing of personal data, including data no longer needed for the purpose for which they were collected or subsequently processed;
4. the right to receive confirmation that the operations listed in the previous points, and the extent of the said operations, have been made known to all those to whom data has been transferred or disclosed, unless this proves impossible or involves effort disproportionate to the protected right.
5. the right to restrict the processing of personal data where the accuracy of the personal data is contested, processing is unlawful or the User objects to processing, for the period necessary to verify the accuracy of the data concerned, and furthermore the right to withdraw consent to process;
6. the right to data portability i.e. to receive personal data in a structured, commonly used and machine-readable format and to transmit or, where technically feasible, to obtain the transmission of those data to another controller;
7. the right to object:
   i. in whole or in part, and for any legitimate reason, to the processing of personal data, even if relevant to the purpose for which they were collected;
   ii. in whole or in part to the processing of personal data for purposes related to sending advertising material, direct sales, market surveys or sales communications;
   iii. at any time, where personal data are used for direct marketing purposes, to their processing for such purposes, including profiling for direct marketing purposes.

   Finally, if Users believe that the processing of their personal data violates Applicable Legislation, they have the right to lodge a complaint with the supervisory authority (in the member state where they normally reside or work or where they believe the violation occurred), or to ask the said authority for information on exercising the rights granted them by law. The Italian supervisory authority is the Guarantor for personal data protection (www.garanteprivacy.it).

   To exercise the rights granted them by Applicable Legislation, Users should contact the Controller in one of the following modalities:

   • By sending recorded delivery mail to the Controller’s registered office
   • By sending an e-mail to the address info@nonnarina.it.

   The Controller reserves the right to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested (article 12, comma 5, letter a of the Regulation). This applies in particular to requests that prove groundless, excessive and/or disproportionate.

   5. Non-proprietary plug-ins

   Social Plug-ins
   Our web pages may contain social network plug-ins. When accessing one of our web pages where there are plug-ins, the internet browser establishes a direct connection to the servers of the social network and the plug-in is displayed on the page directly by the browser. The plug-in communicates information on the pages visited by the user to the server of the social network, also the date and time of each visit, and other information relating to the browser. If at the moment of making a connection you are logged in to the social network, the items of information are sent to this same network and associated with its account. Likewise when interacting with published plug-ins (using the “Like” or “Share” buttons, for example), information is transmitted to the social network and associated with the account. To avoid the storage of this information being associated with any personal profile, the user must quit the social network before visiting the site; the navigation data will be collected by the social network by way of the plug-in just the same, but in this case anonymously. For information on the purposes and extent of data collection and/or the further use of the data by the social network, and on your rights and the possibilities of selecting parameters in this regard to protect your privacy, refer to the statement on data protection provided by the social network in question.

   The complete text of EU Regulation 2016/679 can be consulted on the website of the Italian Guarantor for personal data protection (www.garanteprivacy.it).