Information required by Regulation EU 2016/679 (GDPR)
Dear User. This page provides you with information about how your personal data is processed while browsing the website managed by “AMIGOS CAFFÈ S.N.C. di Mingardi Severino e Arianna & C.”, and corresponds to a data protection policy as required by Article 13 of Regulation EU 2016/679 (GDPR). This policy is for anyone interacting with the web services of AMIGOS CAFFE S.N.C.
This policy only applies to this website, and not to any other sites linked from this one.
ABOUT US: DATA CONTROLLER
The data controller is AMIGOS CAFFÈ S.N.C. di Mingardi Severino e Arianna & C., headquartered at 34015 – MUGGIA (Trieste), Strada delle Saline no. 3 – Zona Industriale delle Noghere.
Our contact details are: Tel. +39 040 9235052; Email: firstname.lastname@example.org
DATA PROCESSED AND PURPOSE OF THE DATA PROCESSING
The computer systems and software procedures that operate this website acquire various types of personal data during normal use, which is transmitted using Internet TCP/IP communication protocols.
This data category includes IP addresses or the domain names of the computers and terminals used by any user connecting with this website, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the requests, the method used for submitting a request to the server, the return file size, a numerical code indicating the server response status (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.
This data, which is necessary to use web services, is also processed to:
-obtain statistical information about service usage (most-visited pages, the number of visitors per hour or day, geographical area of origin);
-check that the services are functioning correctly.
The browsing data will not be kept for more than seven days and will be deleted immediately after aggregation (except where law enforcement bodies may need to investigate a crime).
Data provided by the user
The optional, express, voluntary transmission of messages to the contact details published on this website, or the completion and submission of the forms on this website, requires the acquisition of the sender’s contact details to which replies are to be sent, and of all the personal data included in the message.
Specific information is published on the pages of the website provided for certain services, with a request for consent to the data processing where necessary.
Please note that, in general, the data controller will process users’ personal data for the following purposes:
1. to fulfil orders and activities in relation to e-commerce services (including all sales-related and aftersales services such as administration, accounting, customer relationship management etc.);
2. To manage payments, including anti-fraud checks for credit card payments;
3. To manage users’ requests: technical or commercial requests, order fulfilment, requests for information, queries, feedback or other communications, also via the telephone customer service line;
4. To send periodic newsletters containing information, promotions and/or advertising in relation to our services, with consent;
5. To participate in promotions and other initiatives organised through this website;
6. To fulfil legal, regulatory and EC obligations (including laws on anti-money laundering) and to exercise rights in legal proceedings.
Your personal data may also be processed in order to send advertising and direct marketing or other business communications, also by email: if the advertising relates to products identical to those already purchased, you may receive it at your email address even without having given express consent (soft spam), unless you refused such use when giving your email address or subsequently; your consent is however required for the legitimate receipt of marketing emails for products and services other than those you have already purchased.
Data obtained through social networks
If you access a page of our website through a social login (one of your social media accounts), our company may acquire the data published on that social network, depending on the privacy settings you have chosen (this information may include the contents of posts or messages replying to requests for information or assistance, images, or information from your profile). Specific information about the processing of your data through social networks can be found on the social media platform in question (e.g. https://www.facebook.com/privacy/explanation).
This website may use social plugins. Social plugins are tools that incorporate the functionality of a social network into a website (e.g. “Likes” on Facebook).
All the social plugins on this site are indicated with the relevant logos (e.g. Facebook, Google, Twitter and LinkedIn).
Facebook: Data protection policy: https://www.facebook.com/policies/cookies/
Twitter: Data protection policy: https://support.twitter.com/articles/20170514
LinkedIn: Data protection policy: https://www.linkedin.com/legal/cookie-policy
Please refer to the cookies policy.
LEGAL BASIS OF THE DATA PROCESSING
The company may process your data even without your specific consent, except for the details required on specific forms. This is because the legal basis for the data processing derives from pre-contractual measures taken at the request of the interested party (e.g. email requests for information), and from the pursuit of the company’s legitimate interest in promoting and furthering its corporate object.
Apart from the information given in relation to browsing data, users are free to provide their personal details but please note that failure to provide them may result in the company being unable to follow up or fulfil their requests.
METHOD OF PROCESSING
The data will be kept in a digital database and/or in printed archives.
The data will not be subjected to an automated decision-making process nor will any profiling be carried out.
RECIPIENTS OF THE DATA
Your personal data may be disclosed to the company’s staff and contractors, provided they are authorised persons and have been suitably trained.
Your data may be disclosed to external parties (web managers, affiliated companies, external consultants, subcontractors) for the above purposes, if their involvement is required. These parties will operate as independent data controllers, or alternatively will be designated as data processors.
DATA CONSERVATION PERIOD
The company will keep your data for the time strictly necessary to fulfil the above purposes, and also if the data needs to be accessed or recovered. Data processed in fulfilment of any contractual obligation may be kept throughout the duration of the contract and for the subsequent 10 years, in order to investigate any pending investigations or to fulfil a legal requirement (e.g. accounting documentation). After 24 months from the date of acquisition (7 days, for browsing data), if there is no further requirement for contact or conservation, any data collected for other purposes will be deleted.
RIGHTS OF THE DATA SUBJECT
The recognised rights of the data subject include:
- the right to request access to your personal data and related information; rectification of any inaccurate data or integration of incomplete data; erasure of personal data (if one of the conditions in Article 17 para. 1 GDPR should arise, and in accordance with the exceptions mentioned in para. 3 of the same article); limitation of the processing of the data (in any of the cases indicated in Article 18 para. 1 GDPR);
- the right to request and obtain your personal data – in cases where the legal basis for the data processing is a contract or consent, and this has been done using automated means – in a structured, machine-readable format suitable for transmission to another data controller (right to portability of your data);
- to object at any time to the processing of personal data in particular situations;
- to revoke consent at any time, but only in cases where the data processing is based on consent for one or more specific purposes and relates to ordinary personal data (for example, date and place of birth or residence), or specific categories of data (for example, data revealing state of health or sexual preference). Consent-based data processing that takes place prior to revocation will remain lawful in any case;
With reference to the above purposes, the data subject may at any time request termination of the data processing, and may ask the company to send an email confirmation in this regard. Such requests should be sent to the contact details indicated above.
RIGHT OF COMPLAINT
If the data subject considers there has been a breach of the privacy of his or her personal data, a complaint may be lodged with the regulatory authority in the data subject’s place of residence, place of work, or the place where the data breach is alleged to have taken place. In Italy, complaints can be lodged with the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati).