- the salumipasini.com website
- Facebook page https://www.facebook.com/salumipasini/
- Twitter page https://twitter.com/SalumiPasini
- Instagram page https://www.instagram.com/salumipasini
- Pinterest page https://www.pinterest.it/salumipasini
- LinkedIn page https://www.linkedin.com/company/salumi-pasini
The Data Controller, being the legal person that determines the purposes and means of processing personal data, is SMAPP Spa, with registered office in Trezzano S/N (MI), Via Circonvallazione 7, 20090 in the person of its legal representative Luigi Pasini. For the Facebook page, SMAPP Spa is the Co-Data statistical Controller jointly with Facebook Ireland Limited (“Facebook Ireland”).
Data collection methods
This website has two methods of collecting users’ data.
Data provided voluntarily
The website can collect other data in case of voluntary use of services by users, such as communication services (contacts and Work with Us forms), and will be used exclusively to provide the requested service:
- name, surname, address, telephone number, date of birth, profession, tax identification number, VAT number
- invoicing data
- credit card or other means of payment data (e.g. IBAN in case of bank transfer)
- e-mail address
- e-mail of the addressee of a gift card
Automated data collection
The following information can be collected when users are browsing, which is stored in the server log files (hosting) of the site:
- internet protocol address (IP);
- type of browser;
- parameters of the device used to connect to the site;
- name of the internet service provider (ISP);
- date and time of visit;
- visitor’s web page (referral) and exit page;
- the number of clicks where relevant.
This data is used for statistical and analysis purposes, in an exclusively aggregated and anonymous manner and to check the correct operation of the site, to identify anomalies and/or misuse and is deleted immediately after processing. The data may be used to ascertain the liability in the event of hypothetical computer crimes to damage the site or third parties.
Processing purposes, type of data collected, legal basis of the processing, data retainment period
|#||PROCESSING PURPOSES||TYPE OF DATA COLLECTED||LEGAL BASIS OF THE PROCESSING||DATA RETAINMENT PERIOD|
||Article 6.1., letter b of European Regulation: processing is necessary for the execution of a contract of which the data subject is a part||Contract duration and, after termination, for the ordinary limitation period of 10 years. In the case of litigation, for the entire duration of it, until the terms of enforceability of the appeal actions are exhausted. The payment data may only be kept for the time necessary to complete the payment transaction|
|2||Fulfill obligations under applicable regulations and national and supranational legislation||Personal data, contact details, administrative-accounting data||Article 6.1., letter c of European Regulation: processing is necessary to fulfil a legal obligation to which the Data Controller is subject del processing||10 years|
|3||If necessary, to ascertain, exercise or defend the rights of joint Controllers in court||Personal data, contact details, administrative-accounting data||Article 6.1., letter f of European Regulation: Legitimate interests of the Controller||10 years|
|4||Submit newsletter||Contact details: e-mail, name||Article 6.1., letter b of European Regulation: processing is necessary for the execution of a contract of which you are a part||10 years|
|5||Profiling: analysis of your preferences, processing of your personal data, as well as consumption habits, interests, behavior, market studies and statistical analysis in fully or partially automated manners, in order to offer you the best offers conforming to your personal needs and carrying out targeted promotion actions. These profiling activities can be entrusted to external companies named External Data Processors.||Personal data, contact details, data relating to orders placed, administrative-accounting data, data collected from the cookies installed by the Sites||Article 6.1., letter a of European Regulation: Consent||Until the withdrawal of the consent and/or the request to obtain the cessation of the processing. In any case, profiling activities will take into consideration only the data recorded in the last 12 months.|
|6||Direct marketing: sending, with automated contact methods (such as SMS and e-mail) and traditional (such as telephone calls with operator, paper mail), promotional and commercial communications relating to products offered by SMAPP SpA also through the use of results of the analysis and segmentation activities if you have also given consent to the profiling activity.||Personal data, contact details, data relating to orders placed, administrative-accounting data, data collected from the cookies installed by the Sites and on social networks||Article 6.1., letter a of European Regulation: Consent||Until the withdrawal of the consent and/or the request to obtain the cessation of the processing. If you have consented to the profiling of this Information, the marketing activities, based on profiling, will take into consideration only the data recorded in the last 24 months.|
|7||Analysis of website usage using Google Analytics with anonymized IP||Date of usage, cookies||Article 6.1. letter f of European Regulation: Legitimate interest of the Controller||session|
|8||Remarketing and Behavioural Targeting||Date of usage, cookies||Article 6.1., letter a of European Regulation: Consent||session|
|9||Use of the Gift Cards||Gift card’s addressee email||Article 6.1. letter f of European Regulation: Legitimate interest of the Controller||For the period that the gift card is valid (12 months)|
Statistics, Remarketing and Behavioral Targeting
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files stored on the user’s computer allowing analysis on the use that the user has made of the website. The information produced by cookies on the use of this website will be transmitted to and stored on a Google server in the United States. This website uses Google Analytics with the extension “_anonymizeIp ()”. Consequently, IP addresses are processed only in abbreviated form to prevent direct connection to an individual. In case of IP anonymization activated on this website, your IP address will however be abbreviated in advance in the member states of the European Union or in other states acceded to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States where it will be abbreviated. Google will use this information on behalf of the operator of this website to analyze the use of the website, compile reports on website activity and perform additional services relating to the use of the website and the Internet for the website operator.
These services allow our website to communicate, optimize and serve advertisements based on the past use of the site by the User. This activity is carried out through the tracking of the Usage data and Cookies – this information is transferred to the partners to whom the remarketing and behavioral targeting activity is connected.
AdWords Remarketing (Google Inc.)
Facebook Remarketing (Facebook, Inc.)
Tidio Chat Widgets
Payment management services allow this Website to process payments by credit card, bank transfer or other means. The data used for payment is acquired directly by the operator of the requested payment service without it being processed in any way by this Website. Some of these services may also allow the scheduled sending of messages to the User, such as e-mails containing invoices or payment notifications.
Stripe (Stripe Inc)
Interaction with social networks and external platforms
So-called social plug-ins are used on our website, which are special tools that allow the features of social networks to be incorporated directly into the website. Plug-ins of the following social networks are on our website:
The presence of these plug-ins involves the transmission of cookies to and from sites managed by third parties. The interactions and information acquired from this site are in any case subject to the user’s privacy settings relating to each social network. So, when the Salumi Pasini page is visited on social networks, they collect data through cookies even if the user has not logged in or is not registered on social media. SMAPP Spa is not aware of the data collected by social networks; it does not obtain full access to such collected data or to any user profile but can only access the information of its “public” profile. The information shared by the user as “public” can be modified by them through their personal Social settings. The only implemented cookies are those of Facebook and Google. SMAPP Spa receives anonymous statistics from Social networks based on the legitimate interest in using its page. The following anonymous information may be provided: followers, advertising performance, range (number of people who view specific content), demography. These statistics are used to constantly improve our online content on social media and to better respond to the interests of our users. We cannot link statistical data with the profiles of our fans or individual users.
LinkedIn information: http://it.linkedin.com/legal/cookie-policy
Disabling Third-party Cookies
Nature of the data collection and possible consequences of not providing it
The provision of personal data is optional, but necessary so that the user can register on the site and place orders. Therefore, failure to provide data such as name and surname, business name, address, e-mail, telephone number, will not allow us to complete the online purchase and process orders, from taking charge until shipment to the Customer. Furthermore, if you choose a credit card as a payment method, you will be asked for data relating to the credit card you intend to use. This data will in no way be processed by us, but only by the payment service provider. A part of this data, such as the e-mail and telephone number can be used, prior to consent, for further activities as specified in the “Processing purposes” paragraph. Therefore, if consent is not provided, the User will not be able to use additional services (e.g. newsletter sending) and the data will not be used for such purposes.
Data retainment period
Data retainment is carried out in compliance with the times indicated in the table above. The personal data will be deleted at the end of the retainment period. Therefore, when this term has expired, the right to access, deletion, rectification and the right to the portability of the data, can no longer be exercised.
Personal data processing will be mainly carried out with the aid of electronic or automated means, in the manners and with the appropriate tools to ensure data security and confidentiality. Specifically, all technical, IT, organizational, logistical and procedural security measures will be adopted, so the minimum level of data protection required by law is guaranteed, allowing access only to people in charge of processing by the Controller or the Processors appointed by the Controller. The information acquired and the processing methods will be relevant and not excessive regarding the type of services provided.
Data Communication and Dissemination
The data provided will not be disseminated in any way but may be communicated to subjects operating under the direct authorization of the Controller. Data is specifically communicated:
- to company staff to carry out administrative/accounting/commercial activities
- to third parties carefully selected for reliability and competence that act on the basis of contractual agreements and specific instructions (e.g.: web masters, companies that manage marketing activities, newsletter sending, companies that are entrusted with profiling, companies that provide support in carrying out market studies, companies that manage payment services, hosting providers, etc.). These subjects are appointed as External Processors, if needed. The updated list of the subjects can always be requested to the Data Controller.
Your data may be processed by third parties to whom the data is communicated if you give explicit consent. In any other case, except for what is provided by applicable law, personal data will not be disseminated.
Processing location and data transfer to third countries
Data is processed at the headquarters of the Data Controller and at Netsons Web Hosting data centre. The web hosting is the Data Processor that processes data on behalf of the Controller. Netsons has cloud servers located in the European Economic Area and acts in compliance with European standards. With regard to the processing purposes relating to the newsletter sending, data may be transmitted abroad and processed by third parties, also established in the area of the countries outside the European Economic Area, such as the United States of America. Please note that data protection laws and their laws of other countries outside the European Economic Area to which data may be transferred, may provide a lower level of protection than that of the country of residence of the data subject. The Data Controller will use appropriate precautions in these cases, in accordance with applicable law, to ensure that the data subject’s personal data remains protected. These measures also include the use of the standard contractual clauses to protect the transfer of data outside the European Economic Area.
This Website and the Services of the Controller are not intended for minors under 18 years of age and the Controller does not intentionally collect personal information related to minors. Should any information on minors be unintentionally recorded, the Controller will delete it in a timely manner, upon request of the users.
Rights of the data subject
Pursuant to Articles 15-22 of the GDPR no. 2016/679, you may exercise at any time the right to:
- access the data;
- request confirmation of the existence or not of your data;
- obtain the rectification and deletion of data;
- oppose processing;
- obtain processing limitation;
- obtain data portability;
- lodge a complaint to the supervisory authority (Data Protection Authority).
To enforce the rights of the data subject and/or to request further information, you may contact the Data Controller, sending a registered letter with notification of receipt to SMAPP Spa, Trezzano S/N (MI), Via Circonvallazione 7, 20090 or by sending a communication to the following contacts: Fax. +39 02 48400502 e-mail: [email protected].
Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which it was collected and in compliance with the principle of necessity and proportionality, avoiding to process personal data if the operations can be performed using anonymous data or by other means. We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access, but please do not forget that it is essential for the security of your data that your device is equipped with tools such as a constantly updated antivirus and that the provider of the Internet connection guarantees the secure transmission of data through firewalls, anti-spam filters and similar devices.
Changes to the document
* * *
Last update 17.04.21