Information pursuant to EU Regulation 2016/679 (‘GDPR’)
Last update [24-05-2018]
1.WHO PROCESSES YOUR DATA?
The company TOSCANA FOOD LOVER s.r.l., (VAT NO. 07191690481), with registered office in Cerreto Guidi (FI) – 50050 – Via di Strognano 24, in its capacity as Data Controller of personal data processing pursuant to EU Regulation 2016/679 of 27 April 2016 (known as GDPR) and the applicable Italian pro tempore data protection legislation Lgs. Decree no. 196 of 30 June 2003, et seq., recognises the importance of protecting personal data and intends to inform customers, visitors, website users, and those who contact us with requests for information, about the purposes and methods in which the Data Controller uses such data to provide an excellent service. Specifically, the owner is in charge of managing the website www.toscanafoodlover.com relating to the trade of Tuscan food and wine products of excellence. The Data Controller wishes to make it known that the processing of personal data will be informed by the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality. Customers’ personal data will be processed in accordance with applicable legal obligations.
Your personal data may be brought to the attention of our employees or collaborators, belonging to the categories of administrative, commercial, legal, accounting or computer system administrators, depending on the processing, who, operating under our direct authority, are appointed as data processors and receive appropriate operating instructions in this regard. Recipients of your data also include third-party service providers for payment, shipping and marketing services, and hosting providers and providers of information systems engineering services, IT companies or companies specialising in market research and data processing, with whom we enter into agreements requiring them to take appropriate technical and organisational measures to protect your personal data. Your data may also be passed on to the police and judicial and administrative authorities in accordance with the law.
We may also transfer your personal data in the event of a sale or transfer of all or part of our business or assets (including in the event of reorganisation, spin-off, dissolution or liquidation).
Under no circumstances do we freely transfer or sell your personal data.
Your personal data may be transferred outside the European Union for processing by some of our service providers. In this case, we ensure that this transfer takes place in compliance with applicable legislation and that an adequate level of protection of personal data is guaranteed in accordance with this Privacy
Policy, based on an adequacy decision, on standard clauses defined by the European Commission or on Binding Corporate Rules. In the event that your personal data are transferred to third-party providers based in the United States, the data may be transferred to them if they have submitted self-certification under the Privacy Shield scheme in relation to the type of data to be transferred, which requires them to provide similar protection for personal data shared between the EU and the US.
2.WHAT TYPES OF DATA DO WE COLLECT?
The term Personal data means all information relating to you that enables us to identify you, such as your name, contact details, payment details and information about your access to the website. When you register on our website, create an account, use our services or contact our support service, we collect some of your personal data. Some of the aforementioned data are provided to us voluntarily by the user, while others we collect automatically.
Data provided voluntarily by the user
The website offers users the opportunity to voluntarily provide personal information by, for example, creating an account, buying/selling products through our website, entering a review or comment, filling in the return service, filling in the contact forum or using the messaging and chat service with our customer service or contacting us to leave your comments or opinions. Should you contact us by telephone, we record the call for training purposes and to improve our services and take notes in connection with your call. Please note that you can also register on the website and create an account using a social network account, such as a Facebook account. In the event that you register through this method, also providing the required authorisations during registration, we will receive your social network account information, such as first name and surname, location, basic personal data.
When you use the website as a Seller, the contents and images posted in your online shop window will also be visible to other users; similarly, when you leave comments and reviews in the appropriate sections of the website, the contents of your reviews, your name and your photo (if uploaded) will be visible to those who access the website.
We do not process sensitive data, i.e. details of physical or mental health, alleged commission of crimes or criminal convictions, however, should you voluntarily share any such information with us, we will only process such data with your explicit consent.
If you decide to provide data from third parties, please ensure that these parties have been informed in advance and adequately about the processing methods and purposes stated here. In relation to this hypothesis, you would be acting as an autonomous data controller, assuming all obligations and responsibilities under the law.
Data of children under 16 years of age
In this regard, we would like to remind you that if you are under 16 years of age, you may not provide us with any personal data, and in any case we will not be liable for any false statements you provide. Should we become aware of the existence of untrue statements, we will proceed with the immediate deletion of any personal data acquired.
We collect the following data through the services you use:
- technical data: This category of data includes the IP addresses or domain names of the computers that you use when you connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to your operating system and computer. These data are only used for statistical information (i.e. they are anonymous), to check the proper functioning of the website and are deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cyber crimes against the website: without prejudice to this possibility, the data on web contacts do not persist for more than 7 days.
- data collected using cookies or similar technologies: for more information, please visit the section “Cookies” section .
3.FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
a) To guarantee your access to our website and the use of our services
When you use our website and related services, we will use your personal data to allow you to register on the website and create a personal account, to verify your identity as a user of the website, to allow you to buy/sell products and, where applicable, return products, to provide customer service and to resolve any issues you may have reported, to send you necessary communications (such as confirming your purchase order or confirming successful payment or reminding you of products in your shopping cart) and to provide you with all other services described in the General Terms and Conditions.
b) To inform you about products, services, events and for other promotional purposes
If you have expressly provided us with your consent or if we have a legitimate interest (in accordance with applicable law), we will use your data to update you about products and services offered by us as well as to inform you about promotional, commercial and advertising activities of the Company or of third party business partners by e-mail, SMS or whatsapp; if you are a professional we may inform you about such promotions and events by telephone call through an operator or customer care service consisting in the offer of dedicated services during sale and after sale. In addition, with your consent or if we have a legitimate interest (in accordance with applicable law), we may use your data in the context of conducting market research and surveys to measure your satisfaction, by e-mail, text message or whatsapp, in order to improve our services and the relationship with our users
c) To offer you a personalised service
If you have expressly given us your consent, we use your data to analyse your consumption habits and choices in order to offer you a personalised service in line with your interests and to improve our commercial offer.
d) To improve the services we offer through the website
We will use the data you provide to improve the services we offer through the website and your experience when buying/selling products. In particular, we may analyse the use and measure the effectiveness of our website and services in order to better understand how it is used in order to improve it and to engage and retain users.
e) To guarantee our rights, property or data security
We may also use personal data in connection with your use of our website to prevent or detect fraud, abuse, unlawful use, violations of our Terms and Conditions, and to comply with court orders, governmental requests, or applicable legal requirements.
4.WHAT IS THE LEGAL BASIS FOR DATA PROCESSING?
We will only process your personal data in cases where we have a legal basis for doing so.
In most cases we will process your data in order to grant you access to the website and the services offered therein. In addition, we may process your data for one or more of the following reasons:
- With your explicit consent (e.g. to inform you about our products, services, events and for other promotional purposes, as well as to offer you a personalised service)
- To ensure compliance with legal obligations, regulations and community standards (e.g. to comply with court orders, government requests or to fulfil applicable legal requirements)
- For our legitimate interest (e.g. to improve the services we offer through the website or to ensure the ownership and security of the data we process).
5.IS THE PROVISION OF DATA COMPULSORY?
The provision of personal data is compulsory solely for the processing required to grant you access to our website and the services we offer through it. Any refusal to provide the personal data requested for this purpose will make it impossible to register on the website and use the related services. All other provisions of your information are optional, but providing them enables us to offer you a better experience.
6.HOW DO WE PROCESS YOUR DATA AND FOR HOW LONG?
Personal data will be stored on paper and/or electronically for as long as is strictly necessary to pursue the purpose set out in point 3 above (“For what purposes do we process your data?”).
In particular, when you register on the website and create an account, we process and retain most of your information in our possession for as long as you actively use the services we offer through the website. Following the closure of your account, we will retain your personal information for a maximum period of 24 months from the date of deletion of your account for the purpose of defending and/or enforcing our rights in and/or out of court in the event of a legal dispute over the performance of our services; your further personal information relating to transactions made through the website is retained for 10 years in accordance with the law (including tax obligations).
For the purposes of direct marketing and profiling, we retain your data for a maximum period equal to the one provided for by the applicable legislation, respectively 24 and 12 months after your last interaction of any kind with the website.
For analysis purposes aimed at improving the service, the user’s personal data will be subject to a maximum retention period of 24 months from the date of their registration.
After the expiry of the maximum period of storage of personal data in accordance with this section, we will automatically delete your data or anonymise them permanently and irreversibly.
Please note that in the event that you do not take any active action (such as using the services offered by the website, browsing, searching and/or any other way of using the website) for a continuous period of 36 months, you will be classified as an inactive user and, subject to written notice of deactivation of your account, we will proceed to retain your personal data for the maximum retention period provided therein.
7.HOW CAN YOU EXERCISE YOUR RIGHTS?
In accordance with the GDPR, you have the right to ask us, at any time, for access to your personal data, to rectify or erase them, to object to their processing or to exercise your right to portability. The applicable data protection legislation also allows you to exercise your right to request the restriction of processing in the cases provided for in Art. 18 of the GDPR, and to obtain the data concerning you in a structured, commonly used and machine-readable format, in the cases provided for in Art. 20 of the GDPR.
Enquiries can be addressed to the e-mail address email@example.com
In particular, should you wish to authorise the activities referred to under b) (Marketing purposes) in point 3 above (“For what purposes do we process your data?”) and you subsequently do not wish to receive further communications from us or wish to limit the ways in which you can be contacted, you may at any time stop these communications by simply clicking on the “unsubscribe” link at the bottom of each communication.
Finally, we would like to remind you that you always have the right to lodge a complaint with the competent supervisory authority (Data Protection Authority), pursuant to Art. 77 of the GDPR, if you believe that the processing of your data is contrary to the legislation in force.
8.HOW DO WE ENSURE THE PROTECTION OF YOUR DATA?
Your personal data are processed by the entities indicated in point 1 above (“Who processes your data?”), in accordance with the provisions of current legislation. In particular, in order to ensure the security of your data, taking into account the state of the art and the cost of implementation, as well as the nature, object, context and purpose of the processing, and the risk of varying likelihood and severity to the rights and freedoms of natural persons, we have taken appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
9.WHEN WAS THIS INFORMATION UPDATED?
This information was published on the date stated in the heading and may be subject to change over time, also in connection with the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. In that case, the joint data controllers will notify you of such updates.
If the ‘Work with us’ page is active on our website, you will be able to consult our job vacancies, if any are available, or send your spontaneous application.
Following communication via the website of our vacant professional positions or should you autonomously decide to send us your CV, said CVs received will be retained for a maximum period of 6 months from the date of receipt for the sole purpose of assessing your candidature or for re-evaluation for subsequent searches for professional positions compatible with your profile provided that they are activated during the maximum period of retention of your data. You may object to the processing of your personal data at any time by writing to firstname.lastname@example.org.
If you apply, remember to include in your CV a declaration that you consent to the processing of your personal data for selection purposes and avoid entering sensitive personal data (such as health status, religious, philosophical or political convictions) not relevant to the job offer.
(b) Third-party links
11.DO YOU HAVE FURTHER QUESTIONS?
If you wish to provide feedback or if you have questions or concerns, please send an e-mail to email@example.com.