Pastificio Rana S.p.A., as Data Controller, intend to provide you the following specific information about the management of the website www.parizu.com with reference to the process of personal data of users who consult it. It is also an information notice, according to article 13 of European Regulation 2016/679 (“GDPR” or “Regulation”).

 

LEGAL FRAMEWORK

• Directive 2002/58/EC on “personal data processing and protection of private life in the field of electronic communications”.
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation “GDPR”).
• Legislative Decree 30 June 2003 n. 196 “Code regarding the protection of personal data", as amended by Legislative Decree 10 August 2018 n. 101.

 

THE DATA CONTROLLER

The Data Controller is Pastificio Rana S.p.A., Via Antonio Pacinotti n. 25 – 37057 San Giovanni Lupatoto (VR), e-mail address privacy@rana.it.

 

THE DATA PROTECTION OFFICER

The Data Controller has appointed a Data Protection Officer (“DPO”), who can be contacted at the following address privacy@rana.it.

 

DATA PROCESSING LOCATION

The personal data are processed at the Data Controller’s head office and at the head offices of other third parties, appointed as Data Processors according to art. 28 of the GDPR, who perform outsourcing services.

 

PERSONAL DATA PROCESSED

 

Browsing data

The information technology systems and the software procedures needed for the running of this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of the Internet communication protocols.

Such data is not collected to be associated with identified Data Subjects, but due to its nature, it could allow to identify the users, through processing and association with data held by third parties.

To this category of data belong the IP addresses or the domain names of the PC used by the users who connects to the website, the URI notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the size of the file obtained in response, the numeric code specifying the status of the response given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment.

Such data is used only in order to obtain anonymous statistical information on the use of the website and to control the correct operation and is delated immediately after processing. The data could be used to ascertain the liability in case of possible cybercrimes damaging the website.

 

Personal data voluntary provided by the user

The optional, explicit and voluntary sending of personal data by the user by filling the registration form on the website or by calling the telephone numbers published on the website, entails the subsequent collection of the personal data provided by the user, necessary to provide the service or the information requested.

Anonymous or aggregated data

Anonymisation is a process aimed at preventing the Data Subject’s identification. The data made anonymous are not regulated by the data protection legislation. The aggregated data can derive from personal data supplied by the user but is not considered personal data since, as specified, it doesn’t allow to directly or indirectly identify the Data Subject.

 

COOKIES

Please refer to the Cookie Policy available at  https://www.parizu.com/en/cookie-policy for more information on the cookies we use or if you wish to revoke or modify any consent previously expressed to the installation of cookies.

 

PURPOSES AND LEGAL BASES OF THE PROCESS

Personal data will be processd for the following purposes:

 

• (i) Purposes aimed at allowing navigation and consultation within the website.

The legal base of the process is the consent that is explicitly given by consulting the website (art. 6, paragraph 1, let. a), GDPR).

 

• (ii) Purposes related to the provision of the requested services (replies to requests for information).

The legal base of the process is the consent that is explicitly given by filing the form (art. 6, paragraph 1, let. a), GDPR).

 

• (iii) Purposes related to the registration to the newsletter.

The legal base of the process is the consent explicitly given when filling out the form (art. 6, paragraph 1, let. a), GDPR).

 

• (iv) Purposes related to the purchase of the products.

The legal base of the process is the performance of the contract (art. 6, first paragraph 1, let. b), GDPR).

 

• (v) Purposes related to direct marketing (commercial communications to customers who have purchased a product, through the use of the email address provided in the context of the sale, in relation to products similar to those being sold).

The legal basis of the processing is the legitimate interest pursued by the controller (art. 6, first paragraph, let. f), GDPR and Article 130, fourth paragraph, D. Lgs. 196/2003).

 

• (vi) Purposes related to participation in the personnel selection process via the “work with us” page.

The legal base of the process is to take steps at the request of the data subject prior to entering into a contract (art. 6, paragrafo 1, let. b) del GDPR and art. 111-bis del D.Lgs. 196/2003).

 

• (vii) Defensive purposes in case of abuse in the use of the site or attempted fraud.

The legal basis of the processing is the legitimate interest (art. 6, first paragraph, let. f), GDPR).

 

LINKS TO OTHER WEBSITES

This website could contain links or references for the access to other websites. We inform you that the Data Controller does not control the cookies or other monitoring technologies of such websites to which this policy does not apply. We therefore recommend that you consult the individual privacy policies relating to these websites.

 

 

DISCRETIONARY NATURE OF THE DATA PROVIDING

Apart from what has been specified concerning the surfing data (necessary for the functioning of the website), users are free to provide their personal data or not by filling the form on the site. However, the non-providing can enable obtaining what was requested.

 

CHECK ON YOUR PERSONAL DATA

Previa raccolta del consenso da parte degli interessati, i dati personali potranno tuttavia essere utilizzati per inviare comunicazioni commerciali.

 

CHECK ON YOUR PERSONAL DATA

We inform you that at any time you can choose to limit the collection or use of your personal data. For example, at any time you can revoke the consent, previously expressed, for marketing purposes by sending us an email to the following adderess privacy@rana.it or to the address dpo@rana.it. The company will not sell or distribute the personal data collected to third parties unless it has obtained explicit consent from the data subject or unless this is explicitly required by law. In case of expressed content, personal data may be used to send commercial communication.

 

PROCESSING METHODS AND STORAGE TIME

Personal data are processed, even with the aid of automated devices, for the time strictly necessary to achieve the purposes for which it was collected. In particular, with reference to personal data processed in the context of the execution of the sales contract, the Data Controller will storage the personal data for ten years from the conclusion of the contract, that is until the time when the limitation period relating to contractual actions that may arise with reference to the contract in execution of which data are processed have expired. The data can be retained for a longer period, if necessary, in order to comply with regulatory provisions or if the data are necessary for the Data Controller to defend its rights in Court. Personal data processed for marketing purposes based on express consent will be retained by the Data Controller until the data subject withdraw their consent. C.v. will be stored for twenty-four months from the receipt. Specific security measures are taken in order to prevent the loss of data, its unlawful or wrongful use and unauthorised access. The Data Controller, inspired by internationals standards, has adopted additional security measures to minimize the risks related to the confidentiality, availability and integrity of the personal data collected and processed.

 

1. b) vi sia la necessità di condividere con terzi le informazioni al fine di prestare il servizio richiesto; c) ciò sia necessario per adempiere a richieste dell’Autorità Giudiziaria o di Pubblica Sicurezza. Nessun dato derivante dal servizio web viene diffuso

 

 

SHARING, COMMUNICATION AND DIFFUSION OF PERSONAL DATA

The personal data collected may be shared, transferred or communicated to other companies, appointed as Data Processor, for activities strictly connected to the purposes indicated above and necessary to the functioning of the service, such as the management of the information system or the execution of marketing activities. Apart from these cases, personal data won’t be communicated unless there’s a contractual provision or upon specific consent by the Data Subject. In this sense, personal data may be transmitted to third parties, but only and exclusively if: a) there is explicit consent to share the data with third parties; b) there is a need to share information with third parties in order to provide the service required by the Data Subject; c) it is necessary in order to meet a request by the Court or Public Security Authorities. No data deriving from the web service is diffused.

 

TRANSFER OF PERSONAL DATA

Personal data will not be transferred to third countries, namely countries not belonging to the European Union or to the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the provisions of articles 44 et seq. of the GDPR

 

RIGHTS OF DATA SUBJECT

The regulation for the protection of personal data provides some rights for the subject to whom the data refer (data subject). In particular, according to art. 15 and subsequent of the EU Regulation 2016/679, each data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, to obtain rectification, erasure or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. To exercise the aforementioned rights, the user can contact the Data Controller by sending a registered letter with return receipt to the address indicated above or an email to privacy@rana.it or The Data Protection Officer at the following address dpo@rana.it.

 

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Every data subject who believes that the processing of personal data relating to him or her, through the web site, infringes the Regulation, shall have the right to lodge a complaint with a supervisory authority, according to article 77 of GDPR

 

CHANGES TO THIS DATA PROTECTION POLICY

The Data Controller periodically checks its data protection and security policy and – if needed – reviews it in connection with modifications deriving from regulations or organisations, or as dictated by technological evolution. Should the policy be modified, the new version will be published on this web page.