PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 (“GDPR”)
Introduction
Your personal data will be processed through the website www.unioneitalianafood.it (the “Website”) in compliance with applicable legislation and the obligations of confidentiality and security that govern the activities of its owner.
Data Controller
The data controller for the processing of your personal data is Unione Italiana Food, with registered offices at Viale del Poggio Fiorito 61, Rome (hereinafter, “Data Controller”).
You may contact the Data Controller, for questions, requests or clarifications regarding this Policy or in general regarding the processing of your personal data, via the following addresses:
- e-mail: privacy@unionfood.it
- telephone number: +39 06 8091071
Categories of data processed and purposes of data processing
The personal identification data of individuals accessing the Site (e.g. IP address, type and identifiers of devices and browsers used, first name and surname, contact details) will be used to:
- carry out any technical operations needed to allow the user to browse the Website and use its functionalities
- enable the Data Controller to communicate with the User, in the event of a request via the Website or e-mail and/or other communication tools
- perform assessments, usage statistics and data analysis, both in aggregate and on a per-session basis, in relation to the operation of the Website and interaction with the User
- allow the User to interact with third-party websites and/or platforms (e.g. social networks) through the functionalities implemented on the Site and provided through tools developed either in-house or by third parties
- perform activities prescribed by regulatory obligations
- file the information as required by current legislation
Legal basis for processing and data retention time
Aims | Legal basis | Retention time |
1-2 | Processing required to perform activities related to the contractual relationship, or to the Data Controller's legitimate interest | Up to a maximum of 10 years after the execution of the corresponding activity. |
3-4 | Processing based on the Data Controller's legitimate interest | For a maximum of 2 years from the collection of the data, except for shorter periods provided by the technical configuration of the Website or third-party plug-ins |
5-6 | Processing necessary to fulfil legal obligations | 10 years from the end of the relationship and/or interaction with the User. |
The initiation or possibility of a dispute, even if only hypothetical or future, with one or more Users or third parties may justify, for each of the purposes envisaged, the extension of the data retention period until such time as the relevant needs have been fulfilled.
Data processing methods
The processing of personal data will be based on principles of correctness, lawfulness and transparency, protecting the confidentiality and rights of the User and will take place by means (mainly technological tools, without excluding physical supports) designed to ensure their security and confidentiality, in accordance with the best practices available.
Provision of data and consequences
The provision of the above-mentioned personal data is required in order to properly deliver the functionalities on the Website, or else to comply with regulatory obligations: failure to provide such data will make it impossible to use all or part of the Website and its corresponding functions.
Categories of persons with access to the data and purpose of disclosure
Within the limits of the aforementioned obligations, purposes and duties, the data:
- will be processed by the Controller, its collaborators and employees, as well as by third parties who may act as data managers, or as joint or autonomous data controllers
- may be communicated, inter alia, to public and private entities, pursuant to legal obligations, and/or as a result of inspections or audits (e.g. judicial authorities, tax police, social security institutions, etc.)
- will not be disclosed in any way, except with the consent of the person concerned and solely for the purpose of using the Website services, as provided and indicated to the User from time to time
The Data Controller may communicate and/or disseminate the data for the sole purpose of fulfilling obligations arising from the contract or the law.
Data transfer
The data may be transferred to Italy and/or abroad, even outside the European Union, by virtue of third-country adequacy decisions or standard data protection clauses adopted by the European Commission, in order to ensure effective protection of data subjects’ rights.
The Data Controller undertakes to limit such transfer of data to third countries to the extent necessary as a result of the technological solutions adopted.
Rights of the data subject
The interested party may, at any time, exercise the rights provided for by the GDPR and locally applicable legislation, namely Italian Legislative Decree 196/2003.
Specifically, the data subject has the right:
- to access their personal data
- to have the data concerning them rectified or deleted or to limit their processing
- to object to the processing
- to data portability
- to withdraw consent, where applicable: withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal
- to register a complaint with the supervisory authority For Italy, the supervisory authority is the Italian Data Protection Authority.
The aforementioned rights may be exercised by sending a request to the contacts specified by the Data Controller in this privacy statement.