Dear user,
welcome to our website (hereinafter also referred to as the “Website”).
Data Controller is Società Italiana Prodotti Alimentari S.I.P.A. S.p.A. (hereinafter also referred to as “S.I.P.A.” or the “Controller”), headquartered in Via della Liberazione 1 - San Giuliano Milanese - Milan; e-mail: privacy.bindi@sammontanaitalia.com, certified e-mail: sipabindi@postecert.it.
Società Italiana Prodotti Alimentari S.I.P.A. S.p.A. (hereinafter also referred to as “S.I.P.A.” or the “Controller”) has always been committed to protecting the personal data it processes. S.I.P.A. invites you to carefully read this Privacy Policy, drawn up in accordance with Article 13 of EU Regulation 2016/679 (hereinafter also referred to as the “Regulation” or “GDPR”), which outlines S.I.P.A.'s policy with regard to the processing of personal data collected while you navigate the website and/or following the use of the services offered.
We inform you in advance that your personal data will be processed in accordance with the national and European data protection legislation currently in force and in accordance with the principles of fairness, lawfulness, transparency and protection of your privacy and rights.
Table of contents
1. Data Controller
2. Types of personal data processed
3. Purposes and methods of data processing
4. Legal basis for processing personal data
5. Recipients/categories of recipients of personal data
6. Data collection and consequences of withholding data
7. Withdrawal of consent
8. Data retention period
9. Rights of Data Subjects
10. Filing a complaint with the Italian Data Protection Authority
11. Personal Data of Minors
12. Updates and amendments
13. Links to other websites
14. Interacting with social networks
15. Co-processing of statistical data with Meta
1. Data Controller
SOCIETA’ ITALIANA PRODOTTI ALIMENTARO S.I.P.A. S.p.A. (hereinafter also "S.I.P.A." or the "Company"), headquartered in Via della Liberazione 1 at San Giuliano Milanese - Milano; e-mail privacy.bindi@sammontanaitalia.com, certified e-mail: sipabindi@postecert.it.
2. Types of personal data processed
S.I.P.A. collects and processes personal data (hereinafter collectively referred to as “Personal Data” or simply “Data”) regarding the User and more specifically:
Navigation data: the computer systems and software procedures used to operate the Website collect some personal data as part of their standard operation, the transmission of which is implicit in the use of the Internet communication protocols.
Such information is not collected in order to be associated with identified data subjects; however, because of its very nature, it might allow the identification of users after being processed and matched to data held by third parties. This category of data includes, among other things, the IP addresses and computer domain names used by users who connect to the website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the server response (successfully performed, error, etc.) and other parameters associated with the user's operating system and computer environment. These data are not intended to be disclosed and are only used to obtain anonymous statistical information on Website usage and to check its proper functioning. They are retained for the time required in accordance with applicable legislation. These data might be used to establish liability in case of alleged computer crimes committed against the Website.
Data provided voluntarily by the User when filling out online forms: personal identification data and contact details, such as first name, last name, address, telephone number, email address, birth date.
Data (e.g., username, password, e-mail address) used for authentication and access to the reserved area, as well as any logs to access and download materials.
Cookies: the Website uses automatic data collection systems that acquire data, such as cookies, which are not directly provided by the User. A cookie is actually a reminder of the Internet page visited: it contains small bits of information that can be recorded on the User's computer when the browser calls up a particular website. In this way, the website can automatically adapt to the user, for example by sending content in a format compatible with the browser used or with specific display settings (style, colour, etc.).
Depending on their characteristics and functions, different types of cookies can be stored on a computer for varying periods of time. The Website uses the following types of cookies:
necessary technical cookies - they are used for the sole purpose of carrying out the transmission on an electronic communication network, to ensure the proper display of the website and to facilitate navigation within it, or to provide services explicitly requested by the user;
analytical cookies - they are used to collect anonymous statistical data on the use of the website in order to make a statistical analysis of traffic and visits to the site and optimize its functioning;
Cookies can also be classified according to their origin:
first-party cookies, i.e. cookies directly generated and managed by the administrator of the website that the user is browsing;
third-party cookies, i.e. cookies generated and managed by entities other than the administrator of the website that the user is browsing.
For further details, please refer to the “Cookie policy”.
3. Purposes and methods of data processing
The Personal Data voluntarily provided by the User by filling out the online forms are collected and processed for the following purposes:
to be contacted by the Data Controller and/or to receive a reply to the message sent to S.I.P.A. (via the “Contact Us” button on the Website);
to fulfil obligations provided for by law (including accounting, administrative, tax, legal requirements, etc.) and handle disputes and possible litigation;
to enable access to the reserved area and the use of the available information material (e.g. catalogues, technical documentation).
Personal Data will be processed by Data Controller, Data Processors and persons in charge of processing (“Authorized Persons” or “Persons in Charge”); they shall adopt all appropriate measures to ensure their security and confidentiality, by means of paper-based or computer-based tools, (among which the management and use of a database marketing programme), in accordance with the principles of the law, protecting the confidentiality of the data subjects and their rights by adopting appropriate technical and organizational measures to ensure a level of security commensurate with the risk.
4. Legal basis for processing personal data
The legal basis for processing personal data for the purposes set out in section 3, letter A) is your consent freely given pursuant to Article 6, paragraph 1, letter a) of the Regulation.
The legal basis for processing personal data for the purposes set out in section 3, letter B) is to comply with a mandatory requirement which the Data Controller is subject to and/or to pursue the legitimate interests of the Data Controller, pursuant to article 6, paragraph 1, letters c) and f) of the Regulation.
The legal basis for processing personal data for the purposes set out in section 3, letter C) is the performance of contractual or pre-contractual obligations and/or the pursuit of the Data Controller's legitimate interest in ensuring the security, availability and proper management of the information materials, pursuant to Article 6, paragraph 1, letter b) and f) of the Regulation.
5. Recipients/Categories of Recipients of Personal Data
Your Personal Data may be disclosed, exclusively for the above-mentioned purposes, to the following categories of recipients:
individuals, companies, associations or professional firms which provide assistance and consulting services to our Company, typically, but not exclusively, in the areas of accounting, administration, legal, tax and financial matters; Internet service providers, providers of cloud or IT services, Website administrators, who need to access your Data for purposes related to your request to be contacted by S.I.P.A., and all attendant activities, to the extent strictly necessary for the performance of their duties;
subsidiary companies, companies within the same Corporate Group;
individuals whose right to access your Personal Data is recognized under applicable laws and secondary regulations; public or private entities that manage ordinary and commercial mail delivery services;
other individuals who may become aware of your Personal Data, such as members of our staff involved in the operations performed to fulfil your contact requests.
These individuals/entities shall act as Authorized Persons, autonomous Data Controllers or Data Processors within the meaning of Article 28 of the EU Regulation. These individuals or entities, which S.I.P.A. relies upon to carry out its activities, provide suitable guarantees of compliance with the personal data processing regulations in force.
Your Personal Data will not be transferred to Countries outside the EU.
Your Personal Data will in no case be disclosed.
6. Data collection and consequences of withholding data
The input of your Personal Data marked with an asterisk (*) on the online forms available on the Website is not mandatory but necessary to fulfil the purposes stated in section 3, letter A).
Withholding of any of these data will solely result in the Data Controller being unable to contact you and/or respond to your message.
The input of Personal Data not marked with an asterisk (*) (i.e. Personal Data provided for the purposes stated in section 3, and the Personal Data requested on the online forms available on the Website) is optional.
If you choose not to provide such Data, there will be no consequences with regard to the implementation of the services offered by the Data Controller.
Finally, with regard to the provision of personal data collected for the purpose of enabling access to the reserved area and the use of the information materials available therein, such provision is optional but necessary for the achievement of the purposes referred to in section 3, letter C). Failure to provide such data will simply prevent access to the reserved area and the information materials contained therein.
7. Withdrawal of consent
You may at any time withdraw your consent previously provided to us for the purposes stated in section 3, letter A). Such withdrawal will not affect the lawfulness of processing carried out prior to your consent being withdrawn. In order to revoke your consent to data processing, please submit your request for withdrawal to the Data Controller via registered letter or via email to the addresses and contact information reported in section 1 of this privacy policy.
8. Data retention period
The Data referred to herein shall be retained for the period strictly necessary to achieve the purposes stated in section 3 and, in any case: (i) for the purposes stated in section 3, letter A, until completion of the activities related to your contact request); (ii) for the purposes stated in section 3, letter B), for the time strictly necessary to complete the relevant activities; (iii) for the purposes stated in section 3, letter C), for the time required to ensure the proper management and security of the reserved area and, in any event, no longer than the duration of the contractual relationship between the Data Controller and the user with reserved access, unless a longer retention period is required by law.
9. Rights of Data Subjects
You are entitled at any time to exercise your rights against the Data Controller pursuant to articles 15 and following of the Regulation, which are reported below for your convenience:
Right of access and rectification (articles 15 and 16 of the Regulation): you are entitled to obtain confirmation of whether or not your Personal Data is being processed and, if so, to access your data. You also have the right to request the rectification of incorrect data and the integration of incomplete data. If you wish, we may provide you with a copy of your Data in our possession.
Right to erasure (article 17 of the Regulation): in the cases provided for by applicable legislation (for ex. personal data is no longer necessary for the purposes for which it was collected or processed, withdrawal of consensus, unlawful processing, etc.) you may request the erasure of your Personal Data, which S.I.P.A. will do without delay.
Right to restriction of processing (article 18 of the Regulation): in the cases provided for by applicable legislation (inaccurate personal data, unlawful processing of data, etc.), you are entitled to obtain a restriction of your Personal Data processing.
Right to data portability (article 20 of the Regulation): you are entitled to receive your Data in a structured, commonly used and machine-readable format in order to transmit it to another data controller. Alternatively, if requested, we will directly transmit your Data to another data controller.
Right to object (article 21 of the Regulation): you have the right, at any time, to object to the processing of your Personal Data on grounds relating to your particular situation pursuant to Article 6, paragraph 1, letters e) or f) of the Regulation, including profiling based on those provisions (legitimate interest of the Data Controller).
You may exercise these rights by contacting the Data Controller via registered letter, fax or email to the addresses and contact information reported in section 1, possibly using the forms made available on the website of the Italian Data Protection Authority (www.garanteprivacy.it).
Upon receipt of your request, S.I.P.A. shall have one month time to take all necessary actions. Within this period, notwithstanding the exercise of your rights, you may receive further automated messages, the transmission of which had been planned prior to your request.
The one-month deadline may be extended by two months in case of a complex request or a large number of requests.
10. Filing a complaint with the Italian Data Protection Authority
If you believe that there has been a violation of your rights to personal data protection, you can file a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) in the manner and within the terms specified on the website of the Italian Data Protection Autority (www.garanteprivacy.it).
11. Personal data of minors
The services of this Website are intended for a general audience and are not targeted to individuals under the age of 18. We will not knowingly collect personal information from users below this age limit. In the event that personal data relating to an individual under the age of 18 are provided, the Data Controller shall promptly delete such data.
12. Updates and amendments
The Data Controller may modify, supplement, or simply update, in whole or in part, this Privacy Policy, also to reflect changes in regulations or following the introduction of new sector-specific standards.
Any such updates or amendments will be notified through publication on the Website.
We recommend, therefore, that you regularly access this section to check the publication of the most recent and updated Privacy Policy.
13. Links to other websites
This Privacy Policy is provided for this Website and for the other Websites of the Data Controller and is not applicable to other external websites that may be accessible through links.
14. Interacting with social networks
The Website allows you to interact with social networks directly from its pages through so-called social buttons, i.e. special links available on the Website displaying the icons of Facebook, Twitter, Instagram and YouTube. These buttons allow users browsing the website to easily connect to and engage with social platforms with a single click, enabling these platforms to acquire data related to your visit.
For additional information, please consult the privacy policies of the respective social networks.
15. Co-processing of statistical data with Meta
This Privacy Policy also applies to the webpage https://www.facebook.com/bindidessertitalia for which S.I.P.A. is a joint data controller for statistical data, together with Meta Platforms Ireland Limited.
The personal data processed are statistical data obtained through the Insight feature of the Facebook page, which provides aggregate data that help understand how people interact with the pages of the social network.
Through this link you can access the Facebook page section entitled “Data controller addendum for Facebook page Insights”, which outlines the allocation of responsibilities between Meta Platforms Ireland and the user (in this case S.I.P.A.) as the administrator of the page https://www.facebook.com/bindidessertitalia.
Use this link https://www.facebook.com/bindidessertitalia for information on Facebook data policies, including the following:
— Type of information collected by Meta
— How Facebook uses this information
— How this information is shared
— How Meta companies collaborate
— Legal bases for data processing
— How to exercise rights under GDPR
— Data retention period, account deactivation and deletion
— How to comply with legal requirements
— Data management and transfer within global services
— Updates and amendments to the policy
— Contact information for Meta Platforms Ireland for issues regarding personal data protection.
Use this link https://www.facebook.com/bindidessertitalia to access information about Meta Platforms Ireland cookie polity.