The company S.I.P.A. S.p.A., having its registered office at Via della Liberazione 1, San Giuliano Milanese 20098 (MI), Tax Code and VAT Code no. 06488870152 (“Company”) hereby undertakes to protect the personal data of the users (“Users”) of the website bindidessert.it (“Website”) and, in its capacity as data controller, shall, pursuant to article 13 of EU Regulation No. 679/2016 (General Data Protection Regulation, “GDPR”), provide the Users with information regarding the processing of their personal data.
A) Browsing data and cookies
The IT systems and software procedures that make the Website work automatically acquire some personal data during usage, whose transmission is part of the Internet communication protocols. This information is not collected to be directly associated with identified data subjects, but could, by its very nature, allow the identification of the Users, through processing and association with other data held by third parties. This information includes IP addresses of the computers used to visit the Website, addresses in URI format (Uniform Resource Identifier) of the requested resources, time of request, method used to submit the request to the server, size of the file obtained as a reply, numerical code indicating the state of the reply by the server (completed, error, etc.) and other parameters regarding the operating system used. This information is collected for the sole purpose of obtaining anonymous statistical data on the use of the Website and monitoring its correct functioning and it is immediately removed from the system after processing. This information might be used to establish liability in the event that computer crimes are committed against the Website.
B) Personal data provided on a voluntary basis
The Company processes personal data that may be provided by you on a voluntary basis when completing forms available on the Website:
A) Performance of a contract or implementation of pre-contractual measures with respect to your requests.
The Company may process your personal data to perform a contract or implement pre-contractual measures: (ii) to provide information; (iii) to reply to requests for information received through the “Contacts” section; (iv) to create an account.
Legal basis for the processing of personal data: fulfilment of a contractual obligation or implementation of pre-contractual measures. Provision of personal data is mandatory since, in the absence of this data, the Company will not be able to provide information, reply to your requests, or allow the creation of an account on the Website.
B) Compliance with obligations provided for by law, regulations or EU legislation, instructions/requests from authorities duly authorised by law and/or supervisory and regulatory authorities.
The Company may process your personal data to comply with the obligations to which it is subject.
Legal basis for the processing of personal data: fulfilment of a legal obligation. In this case, provision of personal data is mandatory since, in the absence of this data, the Company will not be able to fulfil specific legal obligations.
C) Protection of rights in legal, administrative, or out-of-court proceedings and in disputes regarding services/activities offered.
The Company may process your personal data to protect its rights or to act or make claims against you or any third parties.
Legal basis for the processing of personal data: legitimate interest of the Company to protect its rights. In this case, no further data needs to be provided, since the Company will pursue this additional purpose, if necessary, by processing the data collected for the purposes referred to above, which are considered compatible with this purpose (also by reason of the context in which the data was collected, the nature of the data and of the guarantees regarding their processing, and the connection between the purposes referred to above and this additional purpose).
The Company implements appropriate security measures to ensure the protection, safety, integrity, and accessibility of your personal data. Such security measures are aimed at preventing the unauthorised access, disclosure, alteration, or destruction of personal data.
All personal data is stored on protected computer devices owned by the Company (or on paper-based filing systems) or by our providers and can be accessed and used in compliance with our standards and security policies (or with equivalent standards for our providers).
We will only hold your personal data for as long as strictly necessary to fulfil the purpose for which it was collected or any other connected legitimate purpose. Accordingly, if your personal data is being processed for two different purposes, we will hold it until both purposes have been satisfied. In any event, your personal data will no longer be processed for those purposes whose retention period has expired.
Personal data will be irreversibly anonymised (so that it can be retained) or disposed of in a safe manner as soon as it is no longer needed or there is no longer a legal basis for holding it.
Browsing data is not retained by the Website, except when required by judicial authorities to detect criminal activities.
Personal data processed for marketing purposes may be held for 24 months from the date of your last consent to this processing.
If personal data needs to be processed for judicial reasons, it will be retained for as long as legal claims can be brought and defended under the law.
Your personal data can be accessed by the Company’s authorised personnel and by external providers that may be designated as data processors, if necessary.
If you wish to see the list of the data processors and other parties to whom your data is disclosed, you can contact the Company using the contact details provided in the “Contacts” section.
You have the right to obtain from the Company, providing that your request has a legitimate legal basis:
Right to object to processing: you have the right to object, in whole or in part, to the processing of your personal data by the Company in such circumstances as specified by the GDPR, for example if your personal data are used for marketing purposes or if the legal basis for processing is the Company’s legitimate interest.
Should you exercise any of the above rights, the Company will verify that you are actually entitled to exercise those rights and will generally respond within a month.
Should you feel that your personal data is being processed in breach of the applicable data protection regulation, you can either lodge a complaint with the Italian Data Protection Authority, using the contact details available on the website https://www.garanteprivacy.it/ https://www.garanteprivacy.it/, or take appropriate legal action.
The contact details of the Company, in its capacity as data controller, are the following: S.I.P.A. S.p.A., having its registered office at Via della Liberazione 1, San Giuliano Milanese 20098 (MI), Tax Code and VAT Code no. 06488870152, e-mail firstname.lastname@example.org.
To exercise your rights, you can contact the Company at the following e-mail address email@example.com, or send a registered letter, return receipt requested, to the Company’s address specified above.
Last update: May 2022