The company Savino Del Bene S.p.A., registered address at 24/26 Via del Botteghino, Scandicci (FI) (50018), owner of the website www.savinodelbene.com, hereby gives notice of the method of management of this site with respect to the processing and protection of personal data of persons (users) who navigate within it, with direct access to the home page or internal pages. Through navigation of the site, personal data relating to identified or identifiable natural persons may be collected.
This document applies solely and exclusively to the website www.savinodelbene.com, of which the company is the Controller and not to other sites consulted by the user through any link that may be activated via the pages of the aforesaid website.The principles outlined below constitute the main pillars of the approach adopted by Savino Del Bene S.p.A with respect to the subject of privacy.
Your personal data will be:
a) processed in a lawful, fair and transparent manner;
b) collected for the specific, explicit and legitimate purposes indicated below and subsequently processed by methods compatible with those purposes;
c) appropriate, relevant and limited to what is necessary for the purposes for which it is processed;
d) accurate and updated as necessary. For this purpose, Savino Del Bene S.p.A. undertakes to adopt all appropriate measures to ensure prompt rectification and/or erasure of inaccurate data with respect to the purpose for which it is processed;
e) stored in a way which allows identification of the person concerned over a timeframe not greater than necessary for the purpose for which it is processed;
f) processed in a way that guarantees adequate security of personal data, including, by means of appropriate technical and organisational measures, protection from unauthorised or unlawful processing and loss, destruction or accidental damage.
CONTROLLER AND PROCESSORS
The Controller is Savino Del Bene S.p.A., registered address at 24/26 Via del Botteghino, Scandicci (FI) (50018). An updated list of processors, designated by the Owner in accordance with art.28 GDPR is available at the registered office of the Controller.
DATA PROCESSED AND PURPOSE OF PROCESSING
Navigation data: the computer systems and software processes provided to support the functioning of the website, in the course of their normal operation, capture some personal data the transmission of which is implicit in the use of the Internet communication protocols. It consists of information that it is not collected to be associated with identified persons, but which by its nature could, through the elaboration of and association with data held by third parties, allow identification of users. This category of data includes IP addresses or domain names of computers used by users which are connected to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system. Data collected in this way could be used to determine responsibility in the event of any computer crime involving site data.
Data provided directly by the user: Data requested by the various sections of the abovementioned website such as name, surname, email, are used to process users’ requests (for example, indicatively but not exhaustively, when they request information or clarifications writing to the email addresses shown on the website homepage or internal pages or when they spontaneously sent a curriculum vitae to apply as a candidate, or when they make direct phone calls or send a fax to numbers shown in the “Contact Us” section.
NATURE AND LEGAL BASIS OF DATA PROCESSING
Navigation data are processed as necessary to execute computer and telematic protocols. The provision of personal data by users is voluntary and optional, since failure to provide it could make it impossible to access the services provided by the portal. The legal basis of the processing is consent.
PROCESSING METHODS AND PERIOD OF CONSERVATION
The data collected through the abovementioned website is processed by means of computer and telematic procedures. Data of a technical type is stored on the company’s server. The personal data acquired through the web services provided by Savino Del Bene S.p.A., is stored by the subsidiary company SDB Information Technology S.r.l., located at 5/2 Via Benozzo Gozzoli 5/2, 50018 Scandicci and is processed only by authorised processing technical personnel or personnel authorised for occasional maintenance work. This data is stored by the Controller in full compliance with the principle of need, minimizing and limiting conservation, by adopting technical and organisational measures appropriate to the level of processing risk, for a timeframe no greater than is necessary to achieve the purpose for which the data is processed and in any case for the period allowed by law.
The Controller uses some cookies as indicated in detail in the relevant cookie information note displayed on the company’s website.
RIGHTS OF THE DATA SUBJECT
The persons concerned may assert specific rights under arts. 15 et seq. of the GDPR, including:
1) right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed;
2) access to the personal data and the following information (the purposes of the processing; the categories of personal data concerned; the recipients of the data, the envisaged period for which the personal data will be stored etc.);
3) right to request rectification or restriction of the processing of the data;
4) right to obtain erasure of the personal data on valid grounds;
5) right to lodge a complaint with a supervisory authority.
Lastly, the person concerned has the right at any time to withdraw his/her consent to the processing of the data. The withdrawal of consent is without prejudice to the lawfulness of the processing based on consent prior to the withdrawal.For the purpose of the exercise of rights under Privacy Legislation, the Controller provides the following email address: firstname.lastname@example.org.
COMUNICATION AND DISSEMINATION
The data collected will not be disseminated, sold or shared with third parties without the express consent of the person concerned, except eventual communication to authorised third parties, subject to a non disclosure obligation or, if applicable, processors appointed under art. 28 GDPR (such as computer support companies and hosting centres) where necessary for the abovementioned purposes. The data may be communicated to the competent authorities in accordance with the law.
For the fulfilment of the abovementioned purposes, the possibility of transfer of personal data to group companies located abroad is envisaged. It should be noted that some countries do not offer the same legal protection for the processing of personal data. In such cases, Savino Del Bene S.p.A. undertakes to ensure the existence of adequate guarantees of the protection of personal data respecting the applicable law and to promptly inform the person concerned of the abovementioned guarantees, how to obtain a copy of that data and the place where it is available.