Privacy Policy

Privacy Policy ex Legislative Decree 30th June 2003, n°. 196 (Privacy Code) and EU Regulation 2016/679 

(document updated on May 25th, 2018)

Dear Customers, Suppliers, Potential Customers and Web Site Users,

  1. Premise/Introduction

Here below you will find information about our privacy policy, which describes how we collect and process your personal data. 

Furthermore, we would like to inform you that the privacy policy of the Company may be subject to modifications following the issuance of new regulations and/or the introduction of new services. We therefore invite you to periodically check for any privacy policy modifications/updates on our website.

  1. Who is the Controller

The Controller of your personal data is MONICO MASSIMO, located in VIA CARLO ROSSELLI 10 26841 CASALPUSTERLENGO (LO), E-mail: info@panificiomonico.it

  1. How your personal data are collected by the Company and why

The Company collects the Personal Data which is provided directly by the Data Subject (i.e. the owner of the personal data):

  • When it is necessary for the execution and/or the performance of a contract to which the data subject is party;
  • When it is necessary to take steps at the request of the data subject prior to entering into a contract regarding the Company’s products and services, or regarding the organization of the same company;
  • When it is necessary to reply the requests voluntarily sent by the sender for instance to the e-mail address indicated on the Web Site. In said circumstances, it will result in the acquisition of the address of the sender, as well as in the acquisition of any other personal data included in the communication.
  1. How your personal data are processed

Your Personal data shall be processed by the Company according to the principles stated at Art. 5 of the New Regulation, i.e.: lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.

The Company processes Data in both printed and electronic form. In such context, the Company will guarantee the logistic and physical security of the Data and, in general, the confidentiality of the Data processed, by taking all necessary technical and organisational measures, so as to reduce the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed in according to Art. 6 and Art. 32 of the New Regulation.

  1. Why do we process Your Data

The Company collects and processes your Personal Data, without a specific consent, for the following purposes:

  1. To complete necessary pre-contractual activities (e.g. sending of quotations, verification of credit rating and solvency);
  2. To carry out contractual and taxation obligations towards yourself;
  3. To protect our assets and/or defend our rights on the basis of our legitimate interests;
  4. To fulfil legal requirements and comply with requests of authorities, as well as to comply with fraud and money laundering prevention provisions, etc.;
  5. To reply to requests sent via email or via the Website form;

Please note that you can revoke, at any time, any possible consent already given, by contacting the Controller by e-mail.

The table below describes the lawfulness of processing stated by the New Regulation, according to which your data are processed.

Processing

Lawfulness of processing

Sending of quotation

Execution of Pre-contractual activities

Supply of services, purchase of products and services

Performance of contractual obligation

Assets protection – defence of rights

Legitimate interest pursued by the Controller

Sending of information to public authority 

Legal obligation to which the Controller is subject

Reply to requests sent via email or via the Website form

Execution of Pre-contractual activity

  1. Is it necessary to provide my personal data or consent

The provision of data for the purposes set out in previous clause letters a) – d) is obligatory. Should it not be provided then contract execution cannot be guaranteed. 

The provision of data for the purposes set out in previous clause letter e) is instead optional. Therefore, you may decide not to provide data or to successively deny the possibility to process previously-supplied data: in such case, failure to provide data may mean that it is not possible to fulfil your requests or evaluate potential job applications.

In relation to the purposes for which explicit consent is requested from yourself, failure to provide consent does not constitute a valid reason for the Controller to withdraw from a contract or to not fulfil your requests in relation to other purposes. 

  1. Who is your Data communicated to

Without having to obtain your express consent,  the Company may communicate your Data, for the above referred to purposes, to prefectures, insurance supervision institutes (such as IVASS), judicial authorities, insurance companies (for the provision of insurance-related services), as well as to parties to which such communication is required by law for the fulfilment of the afore-mentioned purposes. Said parties will process the Data as autonomous controllers. 

  1. Who can access your Data

Your Data may be made accessible for the above – mentioned purposes:

  • To employees and collaborators of the Controller, in their role as persons responsible for processing and/or internal processors and/or system administrators; 
  • To third parties or other parties (such as, for example, credit institutes, professional offices, consultants, insurance companies for the provision of insurance services, etc.) that carry out activities which have been outsourced by the Company, in their role as external processors or co-controllers should they process Data for their own purposes.
  1. Where is your Data stored and where is it transferred to

The Data is processed at the operative premises of the Company, in VIA CARLO ROSSELLI 10 26841 CASALPUSTERLENGO (LO),  as well as in any other place where the parties involved in the processing are located.

The Data is held in electronic form on servers located within the European Union or in the United States. In such case, the Company guarantees from here on in that the transfer of Data outside of the EU will take place in accordance with applicable legal provisions following on from the stipulation of standard contractual clauses provided for by the European Commission or in conformity with the Privacy Shield, in relation to those countries that do not, according to the European Commission, offer adequate provisions.

  1. How long do we hold your Data for

Your Data will be held in accordance with the principles of proportionality and necessity, and until the purposes for which it was collected have been fulfilled. 

In any case, the storing time differ according to the purpose of the processing, as described in the table below.

Processing

Duration

Sending of quotations

Six months

Supply of services, purchase of products and services

11 years after the business relationship conclusion

Assets protection – defence of rights

11 years after the business relationship conclusion

Sending of information to public authority 

11 years after the business relationship conclusion

Reply to requests sent via email or via the Website form

Six moths

Once the above terms have been expired, your Data will be cancelled automatically.

  1. What are your rights

As the Data Subject, you have the right to:

  1. Know if the Controller holds and/or processes your Data, obtaining information relative to the: origin, category, purposes and method of processing, the recipients to whom such data can be communicated, the logic applied in the case of processing carried out by electronic means, the period for which data is held; as well as the right to access the same in its entirety and obtain a copy (art. 15 Right of access);
  2. Have rectified Data that relates to yourself and to complete Data which is incomplete (Art. 16 Right to rectification);
  3. Obtain the cancellation of Data in possession of the Controller where such cancellation is provided for by the New Regulation (art. 17 Right to erasure – Right “to be forgotten”) 
  4. Request the Controller to limit the processing to only certain Data, where this is provided for by the New Regulation (Art. 18 Right to restrict processing);
  5. Be informed as to who the recipients to whom any rectifications, cancellations or processing restrictions have been communicated are (art. 19 Obligation of notification);
  6. Request and receive all your Data, in a format that is structured, commonly used and readable on an automatic device or to request its transmission to another controller without impediment (Art. 20 Right to portability);
  7. Oppose entirely or in part, the processing of Data for the purposes of marketing (sending of advertising material, direct sales, market research and commercial communications) and for the purposes of profiling connected to such marketing (art. 21 Right of opposition). 

Finally, you have the right to present a claim/petition directly to the Personal Data Protection Authority, located at Piazza di Montecitorio n°. 121 – 00186 ROME, Italy tel. (+39) 06.696771 and Fax: (+39) 06.69677.3785. 

The exercise of the rights set forth in this paragraph is completely free of charge. 

  1. How can you exercise your rights

At any time, you may exercise your rights by sending:

  • A registered letter with return receipt addressed to the Company, VIA CARLO ROSSELLI 10 26841 CASALPUSTERLENGO (LO)
  • or an e-mail to info@panificiomonico.it