Privacy Policy – Information Concerning the Processing of Personal Data
Art. 13 EU Regulation No. 2016/679
BISCOTTIFICIO BELLI S.R.L.
Based in VIA DELL’ALBERETO 26/30
50041 Calenzano (FI)
Summary
Information Concerning the Processing of Personal Data
• Subject
• Purposes
• Processing Modes
• Access to data
• Data diffusion without express consent – art. 6 lett. b) and c) GDPR)
• Data Diffusion – Personal Data are stored on servers in Italy/in the European Union
• Nature of data diffusion and effects of refusal to answer
• Rights of the Data Holder in Compliance with art. 15 GDPR:
• Methods of exercising rights
• Holder of personal data, person entrusted with data processing and others
According to art. 13 of EU Regulation no. 2016/679 (herein named “GDPR”) Biscottificio Belli S.r.l. , based in Calenzano (FI) – Via dell’Albereto 26/30 -, Tax Code and VAT no. 04209050485, in its capacity of controller of personal data, informs you that your data will be processed according to the below-cited modes/for the below-cited purposes:
• Subject
The holder of personal data uses his personal data – name, family name, business name, address, telephone number, e-mail, bank and payment reference, tax code, VAT number and other data – herein called “personal data” (or simply “data”) to sign agreements, contracts, provide services and perform any other needed service.
• Purposes
Your personal data will be processed:
A) WITHOUT YOUR EXPRESS CONSENT according to art. 6 lett. b), and c) GDPR), for the following purposes:
1. to sign agreements for the Holder’s services, to comply with pre-contract, contract and tax obligations arising from existing relations between you and other persons or companies;
2. to comply with law, regulations, community law or other orders by Authorities;
3. to exercise the Holder’s rights, for example during court procedures;
4. for crime-fighting, without using any recording and/or making videos in virtual or real premises owned by the Data holder, which have a real-time security system.
B) ONLY SUBJECT TO YOUR EXPRESS SEPARATE CONSENT art. 7 of the GDPR), for the following purposes:
1. to access Production, subject to express declaration of good health, in order to guarantee production safety;
2. to send you, via e-mail, regular written communications, sms or telephone, newsletters, business information and/or promotional material regarding products or services offered by the Data Holder, as well as to express a personal opinion on service quality;
3. to send you, via e-mail, regular written communications, sms or telephone, newsletters, business information and/or promotional material regarding third parties (such as business partners, insurance companies and other companies);
4. please note that, if you are already our Customer, we will send business information regarding similar products and services, unless you refuse consent in compliance with art. 7 sub-section 3 of the GDPR.
• Processing Modes
Your personal data will be processed in compliance with art. 4 sub-section no. 2) of the GDPR, namely: collection, recording, organisation, structuring, storing, adjustment or modification, retrieval, consultation, use, transfer or any other available mode, comparison or connection, restriction, cancellation or removal of personal data. Your personal data are subject to written and/or electronic processing.
The Holder of personal data will only process his data during the period necessary to comply with the above-cited obligations and in particular during the following time periods:
– No longer than 10 years after the end of any relations: this provision applies to tax-related documentation;
– No longer than 3 years after collection of data mentioned in point 1, 2 and 3 of letter B Section “Purposes”;
– No longer than 7 days, according to point 4, letter B of the Section “Purposes”;
– For a period ranging from 2 years to the duration of the company, according to points 2, 3 and 4, letter A of the Section “Purposes”
• Access to Data
Your data will be processed according to the modes mentioned in the section “Purposes”. Access to personal data is granted to the following persons:
1. employees and partners of the Data Holder in Italy or abroad, as persons in charge of/responsible for the processing of personal data;
2. third companies or other persons (for example: credit institutions, offices, advisors, certification authorities, insurance companies and others), who perform their outsourcing activity on behalf of the Holder of personal data and as entrusted persons.
• Data Diffusion without express consent in compliance with art. 6 lett. b) and c) of the GDPR)
The Holder of Personal Data will diffuse his data for the purposes mentioned in section “Purposes” to the following persons or entities: Supervisory boards, judicial authorities, insurance companies, certification bodies and any other subject, in compliance with current law. The above-cited subjects or entities will process personal data as independent organisations.
Your data will not be diffused.
• Data Diffusion. Personal data are stored on servers in Italy/in the European Union
It is hereby understood that, whenever necessary, the Holder of Personal Data can also transfer servers out of the EU. In this specific case, the Holder of Personal Data guarantees transfer of personal data out of the EU in compliance with current law and subject to stipulation of standard contracts in compliance with regulations of the EU.
• Nature of data diffusion and effects of refusal to answer
Data diffusion for the purposes mentioned in Section “Purposes” let. B – point 1 – is mandatory. In the case of non-compliance with the above-cited provision, we cannot guarantee the above-mentioned Services. On the contrary, providing data in compliance with the Section “Purposes” is not mandatory. For this reason, you are free to provide no data or also deny consent to processing data which has already been provided: however, in this case, you will not receive any newsletters, business information or promotional material regarding Services offered by the Holder of Personal Data. Apart from the above-cited considerations, you will still be entitled to Services mentioned in the Section “Purposes”, lett. A.
• Rights of the Data Holder in Compliance with art. 15 GDPR
As a Holder of Personal Data you are entitled to be informed regarding the current processing of your Personal Data as well as accessing Personal Data and analysing the following information:
1. purposes of processing Personal Data;
2. categories of the Personal Data being processed;
3. recipients or categories of recipients of Personal Data, with particular reference to: determining whether recipients come from third countries or international organisations (thus specifying existing related warranties);
4. storage period of Personal Data;
5. the origin of Personal data (unless personally collected by the legitimate Holder);
6. the approach being adopted in the event of automated processing;
7. the Holder of Personal Data is entitled to:
a. correct wrong personal data and required integration of missing data;
b. cancel Personal Data (“Right to forget”);
c. restrict the use of Personal Data;
d. receive a statement of diffusion of Personal Data in compliance with letter a) and b) to: persons already informed about their content, unless performance with the above-cited obligation is impossible or implies excessive use of the means to exercise the protected right;
8. the Holder of Personal Data is entitled to portability of the Personal Data, that is the right to receive his Personal Data and/or transfer it to another person in charge of processing.
9. the Holder of Personal Data is entitled to refuse Data Processing entirely or in part;
a. to processing of Personal Data or related purposes, for justified reasons;
b. to processing of Personal Data for direct marketing, including data profiling.
10. The Holder of Personal Data is also entitled to make a claim to the Control Authority.
• Methods of Exercising Rights
You are always entitled to exercise your rights according to the following modes:
o via registered letter with acknowledgment of receipt to Biscottificio Belli S.r.l. – Via dell’Albereto 26/30 – 50041 Calenzano (FI);
o via e-mail to the address of certified mail: biscottificiobelli@pec.it
• Holder of Personal Data, Person entrusted with Processing Personal Data and others
Barbara Belli – Biscottificio Belli S.r.l. – is the person in charge of processing Personal Data.
The updated list of persons in charge of processing Personal Data and other persons concerned is kept at the registered office of the Holder of Personal Data/person in charge of Data Processing.