bg_image

INFORMATION AND REQUEST FOR CONSENT FOR THE PROCESSING OF PERSONAL DATA

Dear User/interested party,

This Information is provided pursuant to Article 13 of Legislative Decree No. 196 of 30 June 2003 as amended (the "Privacy Code"), as well as pursuant to Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

We inform you that the personal data you provide when consulting the site https://www.tortifrutta.it, as well as any other domain referable to Tortifrutta S.r.l., even if otherwise named, shall be processed by Tortifrutta S.r.l. as Data Controller (hereinafter also the Data Controller) in compliance with the protection principles established by the Personal Data Protection Code and subsequent amendments, as well as with all European and national legislative interventions and/or provisions of the Control Authorities.

The following information is provided only for the Tortifrutta S.r.l. website and not for other websites that the User may consult through links.

We inform you that the optional, explicit and voluntary sending of e-mail messages to the addresses indicated on this site, as well as the filling in of form of registration and contact involves the acquisition of the sender's address, which is necessary to reply to requests, as well as any other personal data included in the message.

Lastly, we inform you that Tortifrutta S.r.l. may offer you, by e-mail - if you have provided us with your address and given your consent - the purchase of products or services similar to those you have already requested. In this case, we will always remind you that you can tell us that you do not wish to receive further similar communications and that during your navigation on the pages of the Tortifrutta S.r.l. websites, technical cookies may be installed on your browser in order to improve your user experience.

We also inform you that the Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page.

  1. PURPOSE OF THE TREATMENT

A1. The processing of data voluntarily provided by the User in the course of browsing, electronically by filling in the form "Leave your data here", is carried out by Tortifrutta S.r.l. for the following purposes:

  • respond to any questions or requests made by Users;
  • Site visit statistics
  • Traffic optimisation and distribution
  • Interaction with social networks and external platforms
  • TYPE OF DATA COLLECTED AND PROCESSED

Users are informed that the Personal Data collected and processed qualify as personal identification data.

In order to contact Tortifrutta S.r.l. directly, the following personal data are requested from each user:

  • name;
  • personal e-mail address;

Failure to provide such data will result in the user not being able to be contacted.

The fields are all mandatory except for those where (optional) is indicated.

Without prejudice to the personal autonomy of the interested party and without prejudice to the provision of browsing data, the provision of the data referred to in sub-section A1 is compulsory and failure to provide even a part of the data expressly indicated as necessary will make it impossible for Tortifrutta S.r.l. to provide the service itself (supplying information material and/or allowing the user to send his/her application for open job positions).

  • OWNERS, MANAGERS AND APPOINTEES

The data controller is Tortifrutta S.r.l., in the person of its legal representative pro-temporewith registered office in Molino dei Torti (AL) Via Marconi no. 54 (VAT no.: 01620360063), pec address: corrispondenza@pec.tortifrutta.it

The data controller can be reached at the following e-mail address: amministrazione@tortifrutta.it

Please note that the Data provided will be processed by: Tortifrutta S.r.l.'s internal Administrative Office and Sales Office; After-sales service provided by internal staff or by third parties; Third party companies that provide technological services, also by means of the web, all in their capacity as persons in charge of processing and/or external data processors.

  • METHOD OF TREATMENT

Personal data provided will be processed at the registered office and operational headquarters of Torifrutta S.r.l. using automated procedures in the manner and to the extent necessary to pursue the aforementioned purposes.

We also inform you that the personal data provided will be processed using computerised procedures in the manner and to the extent necessary to pursue the aforementioned purposes.

The Data Controller avails itself of the services rendered by leading companies in the sector entrusted with the development and maintenance of management software, the technical maintenance of the site, and the storage of web chat data, availing itself, where necessary, of the hosting and technological services of third-party companies all located in countries of the European Union.

All of the above are compliant with the requirements of the GDPR on the protection of personal data.

  • TRANSFER OF DATA TO THIRD COUNTRIES

The Data Controller declares that it does not transfer the Personal Data provided and collected to third countries outside the European Union.

  •  RETENTION PERIOD

Please note that the Data provided for the purposes set out in point A1 will be processed and stored by the Data Controller for the purposes strictly related to the purposes set out in that point and stored by the Data Controller for the period necessary to process the requests made by the User and for a maximum period of two years, justified by commercial and marketing needs (therefore only in the case of consent to Marketing). Consent to the Marketing treatment can be revoked, in any case, at any time, by means of the appropriate link present in each commercial communication that will be sent to the User.

At the end of the retention period, the data will be deleted/destroyed.

At the end of the retention period, the data will be deleted/destroyed.

  • RIGHTS OF THE DATA SUBJECT

The Data Subject may at any time exercise his/her rights vis-à-vis the Data Controller pursuant to Legislative Decree 193/2006 and Regulation (EU) 2016/679, as referred to in the following articles:

  1. RIGHT OF ACCESS TO DATA SUBJECT - Art. 15 Reg. (EU) 2016/679
  2. RIGHT OF WITHDRAWAL - Art. 15 Reg. (EU) 2016/679
  3. RIGHT TO DELETE ("RIGHT TO OBLIGATE") - Art. 17 Reg. (EU) 2016/679
  4. RIGHT TO LIMIT PROCESSING - Art. 18 Reg. (EU) 2016/679
  5. RIGHT TO DATA PORTABILITY - Art. 20 Reg. (EU) 2016/679
  6. RIGHT OF OPPOSITION - Art. 21Reg. (EU) 2016/679

GENERAL RULES FOR THE EXERCISE OF RIGHTS

We inform you that the rights referred to in the preceding paragraphs may be exercised at any time by sending an e-mail to the following address:

info@tortifrutta.it

together with a digital copy of his valid identity document.

We would like to remind you that if you ask us to stop all processing of your personal data and not just that for promotional purposes, we will not be able to continue to provide you with the services you have requested and that, unless you request us to stop only sending you promotional communications through automated systems, we will stop all processing of your personal data even through traditional means.

In any event, our company may retain certain of your personal data should it prove necessary for you to defend or assert a right.

If you wish, the updated list containing the names of the persons responsible for the processing of your data is available to you at the Data Controller's head office, from which you may also request it by e-mail by writing to info@tortifrutta.it

Definitions

ART. 5 GDPR

For the purposes of this information notice, the following definitions apply:
Personal data shall mean any information relating to an identified or identifiable natural person, also referred to as 'data subject'; an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural or social identity;
Processing shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Limitation of processing: the marking of personal data stored with the aim of limiting their processing in the future;
Profiling: any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that person's professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Pseudonymisation: the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organisational measures to ensure that such personal data is not attributed to an identified or identifiable natural person;
Archive: any structured set of personal data accessible according to specified criteria, regardless of whether this set is centralised, decentralised or functionally or geographically distributed;
Data controller: the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria applicable to its designation may be established by Union or Member State law;
Data controller: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller;

Recipient: the natural or legal person, public authority, service or other body receiving communication of personal data, whether a third party or not. However, public authorities that may receive communication of personal data in the context of a specific investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by those public authorities is in accordance with the applicable data protection rules according to the purposes of the processing;

Third party: the natural or legal person, public authority, service or other body other than the data subject, the controller, the processor and the persons authorised to process personal data under the direct authority of the controller or processor;
Consent of the data subject: any manifestation of the data subject's free, specific, informed and unambiguous will, whereby the data subject indicates his/her assent, by way of a statement or unambiguous affirmative action, that personal data relating to him/her be processed;

Personal data breach: a breach of security leading accidentally or unlawfully to the destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed;
Genetic data: personal data relating to hereditary or acquired genetic characteristics of a natural person that provide unambiguous information on the physiology or health of that natural person, and which result in particular from the analysis of a biological sample of that natural person;

Biometric data: personal data obtained by specific technical processing relating to physical, physiological or behavioural characteristics of a natural person that enable or confirm their unambiguous identification, such as facial image or dactyloscopic data;
Data relating to health: personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information relating to his or her state of health;

Main establishment:
(a) in the case of a data controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of the processing of personal data are taken in another establishment of the data controller in the Union and the latter establishment has the power to order the implementation of those decisions, in which case the establishment which has taken such decisions shall be considered to be the main establishment
(b) in relation to a controller with establishments in more than one Member State, the place where its central administration in the Union is located or, where the controller does not have a central administration in the Union, the establishment of the controller in the Union where the main processing activities are carried out in the context of the activities of an establishment of the controller in so far as that controller is subject to specific obligations under this Regulation;

Representative: the natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents them in relation to their respective obligations under this Regulation;
Enterprise: any natural or legal person, regardless of its legal form, engaged in an economic activity, including partnerships or associations regularly engaged in an economic activity;

Enterprise group: a group consisting of a parent company and the companies controlled by it;
Binding Corporate Rules: the personal data protection policies applied by a controller or processor established on the territory of a Member State to the transfer or set of transfers of personal data to a controller or processor in one or more third countries, in the context of a group of undertakings or a group of undertakings carrying on a common economic activity;

Supervisory authority: the independent public authority established by a Member State in accordance with Article 51;
Supervisory authority concerned: a supervisory authority affected by the processing of personal data because:

(a) the controller or processor is established on the territory of the Member State of that supervisory authority;
(b) data subjects residing in the Member State of the supervisory authority are or are likely to be substantially affected by the processing; or
(c) a complaint has been lodged with that supervisory authority;
Cross-border treatment:
(a) processing of personal data which takes place in the course of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or

(b) processing of personal data which takes place in the course of the activities of a single establishment of a controller or processor in the Union, but which affects or is likely to affect substantially data subjects in more than one Member State;
Relevant and reasoned objection: an objection to the draft decision as to whether or not there is an infringement of this Regulation, or whether or not the action envisaged in relation to the controller or processor complies with this Regulation, which objection clearly demonstrates the relevance of the risks posed by the draft decision with regard to the fundamental rights and freedoms of data subjects and, where applicable, the free movement of personal data within the Union;
Information society service: the service defined in Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19);
International organisation: an organisation and its subordinate bodies of public international law or any other body established by or on the basis of an agreement between two or more States.