(IN ACCORDANCE WITH EU REGULATION 679/2016)
This policy is provided pursuant to art. 13 and 14 of Regulation 679/2016 (EU) ("GDPR") to those who access and browse the website www.vascocaffe.it
This policy describes the methods for managing the Website and for processing personal data referring to users accessing it; any third party website to which you can be redirected from the Website is therefore considered excluded.
The site offers the possibility of performing business-to-business (B2B) and / or Business to Consumer (B2C) electronic business transactions.
By using this website, by providing Vasco Caffè with its Personal Identification Data (as defined below) or otherwise indicating its consent to receive marketing or other information, the User consents to all transactions made by Vasco Caffè in relation to its Personal Identification Data as established in this Policy.
If the User disagrees with the terms and conditions of this Policy, he shall not use the Site or provide Identifying Personal Data via the Site or otherwise.
1. Purpose and legal basis of the processing.
The personal identification data of the user are collected directly in order to satisfy the requests formulated by the user. In this regard, on the Website there are different forms, which are required to be filled in by the user, in order to be able to manage and process the requests made by the same. In particular, it is possible:
register and access the c.d. reserved areas, purchase the marketed products request information about the products or services covered by the stipulated contract.
Furthermore, the data may be acquired, by the Data Controller, even indirectly, considering that, while browsing the Website, the IP addresses or domain names of the computers used by the users connecting to the site are tracked, the addresses in notation URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the response status given by the server (successful, error , etc.) and other parameters relating to the operating system and the user's IT environment.
Furthermore, data collection can also take place through third party sources such as:
Associated companies; Affiliated organizations Other third parties
Vasco Caffè may also combine Personal Identification Data collected with others in the public domain and received from third parties or which refer to Personal Identification Data received from third parties. The collection and use of Personal Identification Data in a separate or combined manner is carried out in accordance with this Policy for the purposes described therein.
The Data provided will be processed for:
a) purposes related to the correct and complete execution of the signed order (for this purpose, consent is not necessary as the processing of data is related to the execution of the order);
b) for purposes related to the exercise of the rights of the Holder (eg defense in court);
c) for purposes related to the fulfillment of the obligations provided for by law or regulation as well as for the fulfillment of the obligations enshrined in the anti-money laundering legislation (for this purpose consent is not necessary as the processing of data is related to compliance with these obligations / provisions of law and / or regulation);
d) ordinary marketing activities (sending e-mails, mail, text messages, newsletters, commercial or advertising communications, etc.).
The data provided will be processed lawfully, correctly and transparently and exclusively for the purposes indicated above. The relative processing will not exceed these purposes.
2. Type of processed data.
The types of data processed are substantiated in "Personal Data", that is information suitable to identify, directly or indirectly, a natural person. While browsing the Website, the following data may be processed:
First and last name Date and place of birth Tax code / VAT number address of residence or office Contact data (ie, telephone and e-mail address); Bank coordinates the IP, the domain name, the URL used; navigation data; Browser version The data voluntarily provided in this context to use the services and purchase our products
3. Redirect to external sites
The Website uses the c.d. social plug-in, that is special tools that allow you to incorporate the social network features directly into a website.
Each of the social plug-ins on the Website is identified by the logo belonging to the social platform, in this case the logo. _ _ _.
4 Transfer of personal data
The server farm where the website is located is located in Italy.
The Data are not transferred to third party companies located outside the European Economic Area, should such transfer become necessary, we will make sure that the recipients of the Data have adopted suitable security measures to guarantee their protection.
5. Processing methods.
The processing of Personal Data provided will be based on principles of correctness, lawfulness and transparency; it will be performed in an automated and / or manual manner, in compliance with the security measures pursuant to art. 32 of the GDPR.
It is specified that the processing of Personal Data will be carried out in accordance with the operations indicated in art. 4 number 2) of the GDPR; therefore the processing method may consist of collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction .
6. Method of use of the personal identification data collected
Vasco Caffè collects Personal Identification Data relating to (private customers) Site visitors and others in order to be able to offer an experience that meets their specific needs. Vasco Caffè may collect, use and disclose Personal Identification Data for one or more of the following purposes:
Fulfillment of estimates and / or orders. Response to requests to send marketing materials, information or other sending of administrative and other communications; To send the User important information relating to the Site, to any changes to the terms, conditions and policies implemented or other information of an administrative nature; Surveys. To conduct or facilitate surveys and ask the User to answer questionnaires in order to provide better products and services to customers and visitors to the Site. Completion of any surveys or questionnaires is totally voluntary. Customer care. To track, process and respond to customer service questions and optimize and improve the customer experience, Vasco Caffè may also transmit the User's Personal Identification Data to third party service providers, affiliated Organizations in order to allow those third parties to tracking, processing and answering customer service questions. Internal business purposes. For internal commercial purposes, such as data analysis, audit, new product development, site improvements, service improvement, identification of usage trends and visit patterns, determination of promotions effectiveness and compliance with contractual obligations;
7. Third-party sites
The Site may contain links to third party websites. These linked sites are not controlled by Vasco Caffè which is not responsible for the privacy policies or the contents of such linked sites (or any links present in a linked site).
8. Communication of data to third parties.
The Data will be processed by the Data Controller, by the Data Processor and by the appointed persons pursuant to art. 30 of the Privacy Code and art. 29 of the GDPR.
The Data may also be communicated to professional companies / firms that provide assistance, consulting, collaboration with the data controller in accounting, administrative, fiscal, legal, tax and financial matters, to public administrations within the limits established by law or regulation and third party service providers whose communication is necessary for the performance of the services subject to the order and / or contract
In any case, recourse to these subjects will be subject to a commitment on their part to comply with the legislation on privacy.
The data are not subject to disclosure.
9. Intention of the data controller personal data.
The Data Controller does not intend to transfer the Data transferred to a third country or an international organization.
10. Data retention period.
The Data provided will be kept for a period of time not exceeding the achievement of the purposes referred to in point 1 letter a), b) and c) of this information or upon termination of the contractual relationship. The Data provided for the purposes referred to in point 1 letter d) (marketing purposes) will be kept for a period of time not exceeding 2 (two) years from the termination of the contractual relationship.
Once the above terms have expired, the Data will be destroyed.
Finally, we reserve the right to keep the data c.d. log-in and log-out for a longer period, in order to be able to manage any crimes committed against the Website (hacking activity).
11. Compulsory or optional nature of providing data and consequences of a refusal to respond.
The provision of data for the purposes indicated in point 1 letters a) and b) is necessary for the correct and complete execution of the order and any refusal to do so will make it impossible to perform the services covered by the order. The provision of Data for the purposes indicated in point 1 letter c) is mandatory as it is necessary for the fulfillment of regulatory obligations. The provision of data for the purposes indicated in point 1 letter d) is optional.
12.- Existence of an automated decision-making process.
There is no automated decision making process.
13.- Rights of the interested party and methods of exercise.
The interested party enjoys the rights set forth in art. 15-22 EU Regulation 2016/679 (access to personal data, the correction or deletion ("right to be forgotten") of the same or the limitation of the processing of data concerning them, the right to object to their treatment, the right to Data portability: the right to withdraw consent at any time without jeopardizing the lawfulness of the processing based on the consent given before the revocation and has the right to lodge a complaint with a supervisory authority). The rights may be exercised at any time by sending a registered letter a.r. to the company in the person of its Director and legal representative pro-tempore, or an e-mail to the address firstname.lastname@example.org
14.- Data Controller and Data Processor.
The Data Controller and Data Processor is Vasco Caffè in the person of his pro-tempore Administrator and legal representative, with headquarters in Via Pansini Legnami, 9 - Z. I. ASI 70056 Molfetta (BA), VAT number 04335550721
15 - Changes to the policy
The use of the Site after the publication of these changes implies acceptance by the User of the new version of the Policy in force.