With this document, the company Savino Del Bene S.p.A., with registered office in Scandicci (FI) (50018), Via del Botteghino 24/26, owner of the website www.savinodelbene.com, intends to give notice of the site management methods for processing and protecting the personal data of individuals (users) who browse within it, with direct access from the home page or from internal pages. Personal data referring to identified or identifiable natural persons may be collected when they browse the site.
The principles outlined below are the cornerstones of Savino Del Bene S.p.A.’s approach to privacy.
Your personal data will be:
- processed in a lawful, fair and transparent manner;
- collected for the determined, explicit and legitimate purposes specified below and subsequently processed in a manner compatible with these purposes;
- adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- accurate and updated if necessary. In this regard, Savino Del Bene S.p.A. undertakes to take all appropriate measures to ensure the prompt correction and/or erasure of inaccurate data for the purposes for which it is processed;
- stored in a form that allows the data subject to be identified for no longer than necessary to achieve the purposes for which it is processed;
- processed in such a way as to ensure adequate security of personal data, including protection, by means of appropriate technical and organisational measures, against unauthorised or unlawful processing and against accidental loss, destruction or damage.
DATA CONTROLLER AND DATA PROCESSORS
The Data Controller is Savino Del Bene S.p.A., with registered office in Scandicci (FI) (50018), Via del Botteghino 24/26.
An updated list of data processors, appointed by the Data Controller pursuant to Article 28 of the GDPR, is available at the Data Controller’s registered office.
DATA PROCESSED AND PURPOSES OF THE PROCESSING
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. The data collected in this way could be used to ascertain responsibility in the event of any computer crimes against the site.
Data provided directly by the user
The data requested by the various sections of the website indicated above, such as first name, surname and email address, are used to respond to user requests (for example, merely indicatively and not exhaustively: when requesting information or clarifications by emailing the addresses on the site’s home page or internal pages, or when sending a CV spontaneously to apply as a candidate, or when making direct calls or sending faxes to the numbers in the “Contacts” section).
NATURE AND LEGAL BASIS OF THE PROCESSING
Browsing data is processed as necessary to implement IT and telematic protocols.
Personal data is provided by users freely and optionally, but if not provided may make it impossible to access the services offered by the portal.
The legal basis for the processing is consent.
PROCESSING METHOD AND RETENTION PERIOD
The data collected through the website indicated above is processed through IT and telematic procedures. The technical data is stored on the company’s servers.
The personal data acquired through the web services offered by the company Savino Del Bene S.p.A. is kept at the subsidiary Savino Del Bene IT s.r.l., located at Via Benozzo Gozzoli 5/2, 50018 Scandicci. It is only processed by technical personnel authorised for processing or by personnel authorised for occasional maintenance operations.
The Data Controller stores the aforementioned data in full compliance with the principles of necessity, minimisation and limitation of storage, adopting technical and organisational measures appropriate to the processing risk level, for no longer than necessary to achieve the purposes for which it was processed and in any case for the period required by law.
The Data Controller uses certain cookies as detailed in the specific cookie notice on the company’s website.
RIGHTS OF THE DATA SUBJECT
Pursuant to Articles 15 and following of the GDPR, the data subject may assert specific rights including:
- the right to obtain confirmation as to whether or not personal data is being processed;
- the right of access to personal data and to the following information (the purposes of the processing for which the personal data is intended, the categories of data, the recipients of the data, the retention period, etc.);
- the right to request rectification or restriction of data processing;
- the right to have personal data erased if the reasons exist;
- the right to lodge a complaint with a supervisory authority.
Finally, the data subject has the right to withdraw their consent to the processing of data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.
COMMUNICATION AND DISSEMINATION
The data collected will not be disseminated, sold or exchanged with third parties without the data subject’s express consent, except for any communications to authorised third parties – committed to confidentiality or when appointed as data processors pursuant to Article 28 of the GDPR – such as IT support companies and hosting companies, where necessary for the aforementioned purposes. The data may be communicated to the competent authorities, according to the terms of the law.
The possibility of transferring personal data to group companies located abroad is envisaged to pursue the aforementioned purposes. It should be noted that some countries do not offer the same legal protection for the processing of personal data. In such cases, Savino Del Bene S.p.A. undertakes to ensure the presence of adequate guarantees for the protection of personal data in compliance with current legislation and to promptly notify the data subject of the aforementioned guarantees, the means to obtain a copy of such data and the place where it was made available.