The purpose of this document is to inform Users about the Personal Data collected by the CIBILIA | Authentic Food Makers website (hereinafter "Application").
The Data Controller, as subsequently identified, may modify or simply update, in whole or in part, this Information by informing the Users. Changes and updates will be binding as soon as they are published in the Application. The User is therefore invited to read the Privacy Statement every time they access the Application.
1 Personal Data collected by the Application
The Data Controller collects the following types of Personal Data:
1 Contents and information voluntarily provided by the User
- Contact details and contents: these are the Personal Data that the User voluntarily provides to the Application during its use, such as personal details, contact details, credentials for accessing the services and/or products supplied, personal interests and preferences and other personal content, etc.
Failure by the User to provide Personal Data, for which there is a legal, contractual obligation or if it constitutes a necessary requirement for the use of the service or for the conclusion of the contract, will make it impossible for the Data Controller to provide its services in full or in part.
The User who communicates to the third-party Data Controllers is directly and exclusively responsible for the origin, collection, processing, communication or dissemination of their data.
2 Data and content acquired automatically while using the Application
- Technical data: the computer systems and software procedures used to operate this Application may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified Users, but by its very nature could lead to the identification of Users through processing and through association with Data held by third parties. This category of data includes IP addresses or domain names used by users connecting to the Application, URI addresses (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained, etc.
- Usage Data: Data relating to the use of the Application by the User may also be collected, such as, for example, the pages visited, the actions performed, the functions and services used.
- Geolocation Data: The Application may collect location data, which may be precise or inaccurate. The precise location data can be GNSS Data (Global Navigation Satellite System, for example similar to GPS), in addition to the Data that identify the nearest repeater, the Wi-Fi and Bluetooth hotspots, communicated when enabling location-based products or functions.
3 Personal data collected through cookies or similar technologies
The Personal Data collected may be used for the execution of contractual and pre-contractual obligations and for legal obligations as well as for the following purposes:
1 User registration and authentication
2 support and contact with the User by communicating the Data to Zendesk, Inc. https://www.zendesk.it/company/customers-partners/privacy-policy-2018-11-01/
3 interaction with live chat communicating the Data to Zendesk, Inc. https://www.zendesk.it/company/customers-partners/privacy-policy-2018-11-01/
4 comment and feedback by notifying Data to Trustpilot, Inc. https://it.legal.trustpilot.com/end-user-privacy-terms
5 personification of the User experience by communicating the Data to Google Inc., www.google.com/privacy
6 access to third-party services accounts by communicating the Data to Facebook, Inc. https://it-it.facebook.com/policy.php
7 access to third-party services accounts by communicating the Data to LinkedIn Corporation, https://www.linkedin.com/legal/privacy-policy?_l=it_IT
8 external management of payments by credit card, bank transfer or other instruments. The Data used for the payment are acquired directly by the provider of the payment service requested without being in any way processed by this Application. Payments are provided by communicating the Data to PayPal Inc., https://www.paypal.com/it/webapps/mpp/ua/privacy-full
9 external management of payments by credit card, bank transfer or other instruments. The Data used for the payment are acquired directly by the provider of the payment service requested without being in any way processed by this Application. Payments are provided by communicating the Data to MANGOPAY SA, mangopay.com/privacy/
10 back-end infrastructure storage, hosting and management communicating the Data to Amazon Digital Services LLC, https://d1.awsstatic.com/legal/privacypolicy/AWS%20Privacy%20Notice%20(update%20for%202018-12-10)%20-%20ITALIAN).pdf
11 management of user databases by communicating the Data to Zendesk, Inc. https://www.zendesk.it/company/customers-partners/privacy-policy-2018-11-01/
12 monitoring, analysis and tracking of the User's behaviour by communicating the Data to Google Inc. (Google Analytics), www.google.com/privacy
13 sending emails or newsletters and managing mailing lists by communicating the Data to SendGrid, Inc. https://sendgrid.com/policies/privacy/services-privacy-policy/
3 Processing methods
The processing of the Personal Data is carried out using IT and/or electronic telecommunication tools, within organisational procedures and on the basis of principles strictly related and limited to the purposes stated.
In some cases, individuals involved in the Data Controller's organisation may also have access to Personal Data (such as, for example, personnel management, commercial area employees, system administrators, etc.) or external parties (such as IT companies, suppliers of services, mail carriers, hosting providers, etc.). Such individuals, if necessary, may be appointed as Data Processors by the Data Controller, can access to Users' Personal Data whenever necessary and will be contractually obliged to keep Personal Data confidential.
The updated list of Data Processors can be requested via email at [email protected]
4 Lawful basis for data processing
The Data Controller shall process Personal Data relating to the User in the event that one of the following conditions is met:
1 the User has given consent for one or more specific purposes
2 the processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
3 the processing is necessary to fulfil a legal obligation to which the Controller is subject
4 the processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.
5 processing is necessary for the pursuit of a vital interest of the Data Controller or third parties
However, it is always possible to ask the Data Controller to clarify the specific legal basis of the processing.
Personal Data is processed at the Data Controller's operational headquarters and in any other location where those involved in the processing are located. For more information, contact the Data Controller at the following email address [email protected] or at the following postal address Via Luigi Galasso 16A Apricena 71011 Italy.
6 Security Measures
The processing is carried out in a manner and with appropriate tools to guarantee the security and confidentiality of the Data, with the Data Controller having adopted adequate technical and organisational measures that guarantee, and allow to demonstrate, that the processing is carried out in compliance with the relevant legislation.
7 Data retention period
The Data Controller will process the Personal Data for the time necessary to fulfil the purposes connected with the execution of the contract between the Data Controller and the User no later than 5 years from the termination of the relationship with the User and in any case in any case until the expiry of the prescribed time limit set by the laws in force.
When the processing of Personal Data is necessary for the pursuit of a legitimate interest of the Data Controller, the Personal Data will be kept until such interest is fulfilled.
If the processing of Personal Data is based on the User's consent, the Data Controller may keep the Personal Data until revoked by the same.
Personal Data may be kept for a longer period if necessary, for compliance with a legal obligation or by order of an authority.
All Personal Data will be deleted upon expiration of the retention period. Upon expiry of this term, the right of access, cancellation, rectification and the right to portability of the Data may no longer be exercised.
8 Automated decision-making processes
All the Data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects for the person or which may affect the Data significantly.
9 User's Rights
Users may exercise certain rights with regard to the Data processed by the Data Controller. In particular, the User has the right to:
1 withdraw consent at any time;
2 object to the processing of their Data;
3 access their Data.
4 check and ask for rectification;
5 request processing restriction;
6 obtain the cancellation of their Personal Data;
7 receive their Data or have it transferred to another data controller;
8 lodge a complaint with the Data Protection Supervisory Authority and/or take legal action.
In order to exercise their rights, Users may address a request to the Data Controller contact details indicated in this document. Requests will be made free of charge and processed by the Data Controller as soon as possible and in any case within 30 days.
10 Data Controller
The Data Controller is CIBILIA CAPUT CIBI SRL, with registered office at Via Luigi Galasso 16a, 71011 Apricena, Tax Code/VAT No. 04187800711, FG - 307990, e-mail address [email protected], Certified email address (PEC) [email protected]