PERSONAL DATA PROCESSING INFORMATION

Premise
The EU Regulation 2016/679 on “protection of individuals with regard to personal data processing, as well as the free circulation of such data” (hereinafter “EU Reg. 2016/679” or “GDPR”) contains a series of direct rules to ensure that the personal data processing is carried out in compliance with the fundamental rights and freedoms of individuals.
Following the consultation of this website (hereinafter the “Site”), related data to identified or identifiable persons may be processed.

D&C S.p.a. and Eurofood S.p.a. are passionately committed to providing to all their Websites customers and visitors an excellent service, which is also respectful of their privacy. This information has been prepared to introduce the principles of confidentiality governing our use of the data provided by the interested parties and customers, including data collected through this Website, as well as through the Eurofood Group sites.
This page describes how to manage the site with reference to the processing of personal data of users who consult it.
This is an information notice pursuant to art. 13 and 14 of Regulation 2016/679 (GDPR) as well as the Italian national legislation on the protection of personal data constituted, among other things, by Legislative Decree 101/2018 and Legislative Decree 196/2003 for those who interact with accessible Web services electronically starting from the address: www.dec.it.
In addition to the information contained in this privacy policy, the interested part can find in the appropriate sections the respective privacy information / policies regarding specific services and the collection and personal data processing.

Data Controllers and Data Protection Officer (DPO)
D&C S.p.A., (VAT number 00612491209), registered office in Via Privata Tacito n. 10 bis, 20094 – Corsico (MI), (hereinafter “D&C” or even just the “Co-owner”)

AND

Eurofood S.P.A. (VAT number 09362510159) registered office in Corsico (MI) Via Prvata Tacito n. 12, (hereinafter “Eurofood” or even just “Joint Controller”),
are joint owners of the personal data of the collected users when using the Site Services and, in particular, accessing and / or registering on the Site and / or making a purchase on the Site and / or requesting assistance and customer care services of the Site and indicated in the appropriate Sections.

Contact details are as follows: D&C S.p.A.
Via Privata Tacito 10 bis – 20094 – Corsico (MI)
Phone. +39 02.44.87.61
Email:  info@dec.it

Eurofood S.p.A.
Via Privata Tacito, 12 – 20094 – Corsico (Mi) Phone. +39 02.44.87.61 / fax.800.223.256
e-mail: info@eurofood.it

The Joint Owners have appointed the Personal Data Protection Officer (also called “Data Protection Officer or” DPO “) who can be contacted at the following email address: dpo@eurofood.it.
The interested part may contact the data protection officer for all matters relating to the processing of their personal data and the exercise of their rights deriving from the Regulations.

The Joint Data Controllers have entered into a joint ownership agreement, pursuant to Article 26 of the Regulation, with which they have undertaken to:

  • determine jointly some purposes and methods of processing your Personal Data;
  • jointly determine, in a clear and transparent way, the procedures to provide you with a timely response if you wish to exercise your rights, as provided for in articles 15, 16, 17, 18 and 21 of the Regulation as well as in cases of portability of Personal Data provided for ‘Article 20 of the Regulations as better described in Section I of this Information;
  • define jointly this Information in the parts of common interest indicating all the information required by the Regulation

Categories of personal data and data source
Personal data may be freely provided by the Data Subject via e-mail and / or telephone and / or forms on the Site and made available by the Joint Owners or, in the case of navigation data, collected automatically during browsing the Site.

Navigation data provided by the User’s computer
During the site connection phase , the computer systems and software procedures used for their operation automatically and indirectly administer and / or acquire some information (such as, merely by way of example, the so-called “cookies” as specified in the “Cookies Policy”). The processing of this data is necessary to guarantee the User the best possible browsing experience and to provide him with all the functions and services made available within the Site. It is possible, however, to limit the processing of such personal data by resorting to certain functions made available by the Site (with reference, in particular, to the cookies transmission or similar tools, please refer to the “Cookie Policy “of the Site) or from the device or browser / navigation application. In this case, navigation on the Site may be limited and some of its functions / services may be inaccessible.

Data provided voluntarily by the interested part
The contact requests and / or information sent by the interested parties through the e-mail and / or telephone channels and / or forms present on the Site and made available by the Joint Controllers, will involve the collection and subsequent processing of personal data of the requesting subjects (by way of example, the e-mail address and other personal data contained in the e-mail message or freely provided by telephone).
Furthermore, the Joint Controllers will process the identification and contact data of the Data Subjects who have requested the creation of their own personal account for access to the reserved area (“LOG IN”) allowed only to registered subjects (by way of example, company name, e-mail address, telephone number, etc.).
The personal data processed by the Joint Controllers are usually collected directly from the Data Subject and freely provided by them.
The processing of personal data will take place according to the purposes indicated below and will be based on principles of correctness, lawfulness, transparency and protection of the privacy and rights of the interested part.

Purpose of the processing and legal basis
The collected data will be processed for the following purposes:
a) find requests for information from the interested part by telephone contact and / or by sending e-mails and more generally to the contact channels indicated on the Site;
b) allow the interested part to register himself in the reserved area of ​​the Site (“LOG IN”) and the correct use of the specific online contents accessible only to registered subjects, including the possibility of purchasing online, through the creation and subsequent management technical and administrative of the personal account of the interested part;
c) allow the conclusion of the purchase contract through the Site and the correct execution of the obligations arising from this contract, such as, for example, the receipt and management of purchase orders, the products supply, delivery and payment, including online, of the products and / or services purchased;
d) send commercial communications in order to promote and / or to sale directly products or services similar to those already purchased or used by the interested part, using the e-mail coordinates indicated on such occasions (so-called “soft spam”), without consent – unless express dissent – for the only cases of soft spam, without prejudice to the right of the interested part to object at any time with the methods indicated at the bottom of the communication or at the addresses indicated in the following par. 11, for the exercise of the rights referred to Articles 15 and ss. of the 2016/679 EU Regulation;
e) send newsletters and / or advertising material and / or communications of a commercial nature about new products and / or services offered by the Joint Controllers, to suggest features, products that may be of interest based on your preferences. This may takes place both by traditional contact systems (paper, mail or calls via telephone operator), with automated call or call communication system without the intervention of an operator and / or by electronic communications (e-mail; SMS – Short Message Service; MMS etc.);
f) send commercial communications from third party companies (so-called indirect marketing). This may takes place both by traditional contact systems (paper, mail or calls via telephone operator) and with automated call or call communication system without the intervention of an operator and / or by electronic communications (e-mail; SMS – Short Message Service; MMS etc.);
g) carry out after-sales assistance and market research, including statistical purposes; in order to detect the degree of customer satisfaction regarding the quality and the type of services rendered (customer satisfaction). This may takes place both by traditional contact systems (paper, mail or calls via telephone operator) and with automated call or call communication systems without the intervention of an operator and / or by electronic communications (e-mail; SMS – Short Message Service; MMS etc.);
h) manage the Site functionality to make it suitable for online commerce, analyze performance, correct errors and improve its use and efficiency;
i) prevent and detect fraud and abuse in order to protect the security of the site;
j) fulfill the obligations established by laws and regulations to which the Joint Controllers are subject and / or execute orders from Authorities legitimated to do this.
k) participate in competitions or tenders held within the scope of the Joint Controllers’ commercial activity;

The legal basis of the processing consists of:
– for the purposes referred to sub a), sub h), sub i) by the legitimate interest of the Data Controller (art. 6, par. 1, lett. (f) EU Reg. 2016/679);
– for the purposes sub b) and sub c) from the correct and timely execution of the contract of which the interested part is part and / or the execution of pre-contractual measures adopted at request of the same (Article 6, paragraph 1, lett. (b) EU Reg. 2016/679);
– for the purpose referred to sub d), general marketing purposes of the Joint Controllers: legitimate interest of the Joint Controllers (pursuant to Article 130, paragraph 4, of Legislative Decree 196/2003 and Article 6, paragraph 1, lett. (f) EU Reg. 2016/679);
– for the purposes referred to sub e), f), g), k) by the free consent expressed by the interested part, optional and revocable at any time, (art. 6, par. 1, lett. (a) EU Reg. 2016/679);
– for the purpose sub j), from the fulfillment of a legal obligation (Article 6, paragraph 1, letter (c) EU Reg. 2016/679).

The data provision, as well as their communication to the categories of the indicated subjects in paragraph 6, are not binding; but any refusal by the interested part to provide their data will make it impossible for the Joint Controllers to find requests for contact and / or received information, as well as being able to correctly fulfill their legal and contractual obligations. On the contrary, it is understood that the refusal of the interested part to provide his consent to the processing of personal data for the purposes referred to  sub e), f), g) will only make it impossible, for the Joint Controllers, to pursue the purposes indicated therein.

The personal data provision for the purposes referred to point sub d) is required for the exercise of a legitimate interest. You may, at any time, decide to no longer receive communications relating to the general marketing activities of the Joint Controllers by clicking on the unsubscribe button (“Click here”) at the bottom of each e-mail received. Alternatively, you can contact the Joint Controllers at any time by writing to info@dec.it.

Some personal data are strictly necessary for the sites operation, other data are used for the only purpose of obtain anonymous statistical information about the use of the Sites and to check their correct functioning. After processing, they are deleted immediately. In the processing of personal data that may identify, directly or indirectly, the interested part, we respect the principle of strict necessity. For this reason, we have configured the Sites in such a way that the use of the personal data of the interested part is reduced to a minimum, and in such a way as to limit the processing of personal data that allow the interested part to be identified only in case of need or on request of the authorities and police forces (such as, for example, for data relating to traffic and permanence on the Sites or to the IP address) or to ascertain responsibility in the event of hypothetical computer crimes against the Sites.

Processing methods
The processing of personal data takes place using manual, IT and telematics tools with logic methods strictly related to the purposes stated in this document and, in any case, in order to guarantee the security and confidentiality of the data in compliance with current regulations.

In case of processing carried out with electronic and non-electronic processing methods, as well as through management and storage systems even with cutting-edge hardware and software, the Joint Controllers may use third-party service companies who will be made aware of their responsibilities with communication of appointment as Manager of the treatment pursuant to art. 28 of the GDPR. The personal data of the interested part will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in compliance with the principle of necessity and proportionality, avoiding the processing of personal data if the operations can be carried out using anonymous data or by other means.

We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access, but please do not forget that it is essential, for data security, that your device is equipped with tools such as antivirus constantly updated and that the provider, which supplies you the Internet connection, guarantees the secure transmission of data through firewalls, antispam filters and similar safeguards.

Data retention period
The collected data will be kept for a period of time not exceeding the achievement of the purposes for which they are processed (“conservation limitation principle”, art. 5 GDPR), without prejudice to cases of compliance with a legal or order obligation of an authority. The obsolescence verification of the data stored in relation to the purposes for which they were collected is carried out periodically. At the end of the retention period, personal data will be deleted, destroyed or made anonymous, without prejudice to any retention terms established by law. Therefore, at the end of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Categories of subjects to whom the data may be communicated
In some cases, the execution of all the activities connected and / or instrumental to the management of the requests involves the communication of the personal data of the interested parties, by the Joint Controllers:
– to employees and / or collaborators of the Joint Controllers as persons authorized to process data and / or system administrators;
– to subjects whose rights to access are recognized by law;
– to companies or third parties who carry out activities, for the Joint Controllers, strictly connected or instrumental to the operation of the Site, such as the company that deals with the management of users’ personal data and the management of the computer systems on which they are stored companies that offer e-mail delivery services. The personal data provided by users, who submit requests, are used for the only purpose of performing the service or provision requested and they are disclosed to third parties only if this is necessary for that purpose. Apart from these cases, personal data will not be disclosed except for contractual or legal provisions or unless specific consent is requested from the interested party. In this sense, personal data could be transmitted to third parties but only and exclusively in the event that a) there is explicit consent of the interested part to share data with third parties; b) there is a need to share information with third parties in order to provide the requested service; c) this is necessary to fulfill requests from the judicial or public security authorities.

The subjects belonging to the categories, to which the data may be communicated, will process the data and will use them as appropriate as Data Processors expressly appointed by the Joint Controllers pursuant to the law or, rather, as autonomous controllers .
The Joint Controllers designate people authorized to process all employees, including pro tempore ones, and collaborators, even occasional ones, who carry out tasks that involve the processing of personal data.
The updated list of Data Processors is kept at the Joint Controllers registered office.
Furthermore, if the interested part decides to share some contents through one or more social networks (Facebook, Twitter, LinkedIn, WhatsApp, YouTube), the Sites could access to some information of his account if he has activated the sharing of data of his account with applications of third parties. You can disable the sharing of your account data with third-party applications by accessing your account settings. For more information, please consult the website of the social networks to which you are registered (www.facebook.com, www.twitter.com, www.linkedin.com, www.whatsapp.com).

Transfer of personal data extra- EU
The Joint Controllers may transfer the personal data of the involved people to extra-EU countries, for technical and / or operational reasons, for example in the case of cloud storage with servers located outside the European Union.

In this case, the Joint Controllers assure, starting from now, that the transfer of extra-EU data will be regulated in accordance with what expected of Chapter V of the Regulation and authorized based on specific decisions of the European Union. So all the necessary precautions will be taken in order to guarantee the total protection of personal data by basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees provided by the third part recipient pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules.

Place of processing
The Joint Data Controllers, at their registered office and operational headquarters, will process the data.

Rights of interested parties
The interested part has the right to ask to the Joint Data Controllers, to cancel and to correct inaccurate data, to integrate incomplete data and the limit processing in the cases provided by art. 18 GDPR.

Furthermore, in the event that the processing is based on consent or on the contract and is carried out with automated tools, the interested part may request the portability of his data and receive them in a structured format, commonly used and readable by an automatic device, as well as, if technically feasible, to transmit them to another holder without impediments.

The interested part has the right to revoke the given consent, at any time, for marketing and / or profiling purposes, as well as to propose the opposition to the processing, for reasons connected to his particular situation, of the data in the hypothesis of exercising a public interest or legitimate interest of the Joint Controllers as well as for marketing purposes, including profiling connected to direct marketing. The possibility remains firm for the interested part, if he prefers to be contacted for the aforementioned purpose exclusively through traditional methods, to express his opposition only to the receipt of communications through automated methods. The Joint Controllers refrain from processing, except for legitimate reasons that prevail over the interests, rights and freedoms of the data subject, or for the assessment, exercise or a right defense at in court.

You have the right to lodge a complaint to the competent Supervisory Authority (Privacy Guarantor) in the Member State in which you usually live or work or in the State where the alleged violation has occurred.

It should be noted that the interested part may exercise the right to object the processing for the purposes referred to letter e) f) g) k) of this information through automated (e.g. profiling) and traditional methods, either in full or only in part. Therefore, the interested part can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.

Procedures for exercising rights
The interested part may at any time exercise the rights attributed to him by sending a registered letter with return receipt to Eurofood, at its registered office in Corsico (MI), via Privata Tacito 12, or an email to the address: info@eurofood.it

or

by sending a registered letter a.r. to D&C, at its registered office in Corsico (MI), via Privata Tacito, 10-BIS, (20094) or an email to the address: info@dec.it

Alternatively, the interested part may contact the Data Protection Officer, who can be contacted at the e-mail address: dpo@eurofood.it

Minors
Minors under 18 age must not provide information or Personal Data to the Joint Controllers without the consent of the exercisers of parental responsibility. In the absence of such consent, it will not be possible to respond to the requests of the minor.

The Joint Controllers invite all those who exercise parental responsibility on minors to inform them about the safe and responsible use of the Internet and the Web.

Changes
The Joint Data Controllers reserve the right to make changes to this information at any time by informing the interested parties on the Site. We therefore ask you to consult periodically this “Section”, taking as reference the date of the last modification indicated. In the event of non-acceptance of the changes made to this Notice, the interested part must notify it to the Joint Data Controllers and could require removing his Personal Data. Unless otherwise specified, the previous Notice will continue to be applied to the Personal Data collected up to that time.

Last modification date

December 2020

Menu