The data controller is Ilem Bakery Srl, Viale del Lavoro, 30 – 37030 Colognola ai Colli (VR).

Tel. +39 045 6512139 – email info@ilembakery.com, hereafter also “Holder”.

PURPOSE, LEGAL BASIS FOR PROCESSING, OBLIGATION TO PROVIDE DATA, AND RETENTION PERIOD.

Personal data are collected for the following purposes:

a) Execution of a contract and/or fulfillment of contractual obligations. The processing of data is aimed at the management of requests made through the forms on the site or via email by the interested parties, the negotiation management of the Service Contract and/or consulting to formulate a quote, to manage requests and transmit information aimed at the request/contract. For this purpose, the provision of data is mandatory and failure to provide it determines the impossibility of proceeding with the provision referred to in the contractual obligation. Data will be retained for the duration of the processing and then thereafter for 5 years unless requested in writing by the data subject as set out in the right to data processing (EU Reg. 679/2016 and L.D. 101/2018).

b) Fulfillment of legal obligations imposed by national and international laws and regulations of a fiscal, tax, accounting and administrative nature. The processing is aimed at compliance with state regulations. The provision of data is related to a legal obligation. Data will be retained for the duration of processing and then thereafter for 10 years.

c) Sending promotional information about the Controller’s activities if consent is given. The legal basis corresponds to the consent of the data subject, which is free and freely revocable. In case of revocation, the processing carried out until such a request will remain legitimate. The provision of data is optional and failure to provide it does not affect the provision of further services made available through the site. The data will be retained for the term of 24 months after conferral should it not be interacted between the parties.

BROWSING DATA AND COOKIES

The computer systems and software procedures responsible for the ordinary operation of this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. Except as indicated in this site’s cookie policy, browsing data is used to ensure the proper functioning of the site and to prevent (and where appropriate prosecute) fraudulent or harmful activities on the site.

RECIPIENTS OF PERSONAL DATA.

Personal data are processed by collaborators and consultants to whom appropriate instructions are given regarding measures, expedients, modus operandi, all aimed at the concrete protection of personal data processed. To the extent that it is necessary or appropriate for the achievement of the purposes already described, or as part of any legal obligations in tax and accounting matters, the data may be shared with external parties, such as specially appointed external managers, for the provision of services including IT services, external consultants or collaborators, within the following contexts:

Services inherent in the maintenance of the Site; Consulting and filing services, including for tax purposes. Other parties may have access to the data solely by virtue of legal provisions, regulations, and standards.

TRANSFER OF PERSONAL DATA OUTSIDE THE EU

If, in accordance with the above and for the purposes set out therein, it becomes necessary to transfer personal data abroad (outside the EU), this will be done on the condition that the country of destination has been deemed by the European Commission as suitable for transfer in accordance with Article 45 of Regulation 2016/679 (adequacy decision) or, in the absence of such a decision, if one of the conditions set out in Articles 46 and 47 of the Regulation is met (in particular, standard contractual clauses or binding corporate rules).

RIGHTS OF THE DATA SUBJECT.

Regulation (EU) 2016/679 recognizes you, as a Data Subject, several rights, which you can exercise by contacting the Data Controller at the contact details in this notice. Among the rights that can be exercised, provided the prerequisites from time to time provided for in the legislation (in particular, Articles 15 et seq. of the Regulation) are:

– the right to know whether the Data Controller is processing personal data concerning you and, if so, to have access to the data being processed and to all information relating thereto;

– the right to rectification of inaccurate personal data concerning you and/or to supplement incomplete personal data;

– the right to the deletion of personal data concerning you;

– the right to limitation of processing;

– the right to object to the processing;

– the right to the portability of personal data concerning you;

– the right to withdraw consent at any time, without affecting the lawfulness of processing, based on consent, carried out prior to the withdrawal. In any case, you also have the right to file a formal Complaint with the Authority

– the right to revoke consent at any time, without affecting the lawfulness of the processing, based on consent, carried out before the revocation. In any case, you also have the right to file a formal Complaint with the Data Protection Authority, in the manner available at the site of the Guarantor itself.