Customer Care

DISCLOSURE REGARDING THE PROCESSING OF PERSONAL DATA

 PURSUANT TO ARTICLE 13 OF EU REG. 2016/679

Dear user,

Protecting your personal data is very important to us, and we want you to feel comfortable with how we protect your privacy on an ongoing basis. That is why we wish to share information with you that will help you to understand how we process your personal data, above all those we collect from you for the purposes indicated hereunder.

We want you to know that your personal data will be processed in compliance with the provisions of the European Regulation on the protection of personal data (Reg. EU 2016/679, hereinafter "GDPR") as well as current and applicable privacy laws (Italian Legislative Decree 196/2003 as amended, hereinafter "Privacy Code") and in any case in compliance with the principles of lawfulness, fairness and transparency.

The website and its services are intended for a general audience aged over 18. We do not collect personal data relating to persons under the age of 18. At the request of the users, we shall promptly delete all personal data involuntarily collected and relating to persons under the age of 18.

This disclosure is provided pursuant to article 13 of the GDPR. Please read it before you provide your personal data or use our services.

Data Controller and contact details

Your personal data will be processed by F.lli De Cecco di Filippo Fara San Martino S.p.A. (hereinafter "De Cecco") with registered office in Via F. De Cecco, Zona Industriale, 66015, Fara San Martino (CH), Italy, tel. 08729861, as Data Controller.

Purposes of processing and legal basis

The personal data requested (i.e name, surname, city, country, email address) or any further data freely provided by you to our Customer Service may be processed for the following purposes:

  1. Request for information and/or customer support. In addition to the personal data requested or freely provided by you at the time of sending the request for information and/or support, additional data may be processed during your conversation with the operator (i.e. purchase order number or associated data, any allergies to substances potentially contained in De Cecco products). These data will be processed to the extent strictly necessary in order to process your request and follow up on all relevant operational and/or verification activities. Providing your data for this purpose is mandatory. Should you fail to provide these data, you will be unable to submit the request for information and/or support or receive the relevant feedback. The processing of such data will take place to follow up on your pre-contractual requests or for performing the contract, and therefore your consent will not be required.

  2. Compliance with legal obligations. Your personal data may also be processed in order to comply with legal obligations or specific sector regulations.


Providing your data for this purpose is mandatory. Should you fail to provide these data, you will be unable to submit the request for information and/or support or receive the relevant feedback. The processing of such data will take place in order to comply with legal obligations or specific sector regulations, and therefore your consent will not be required.

  1. Exercise of rights in court. Your personal data may be processed by the Data Controller in order to initiate or manage any disputes (in or out of court) or complaints arising due to or in connection with the request for information and/or support or the product purchase agreement.


Providing your data for this purpose is mandatory. Should you fail to provide these data, you will be unable to submit the request for information and/or support or receive the relevant feedback.   Data processing for this purpose will take place on the basis of the Data Controller's legitimate interest, which lies in the protection of its rights, and therefore your consent will not be required.

 

Personal data processing method

Your personal data will be processed with or without the support of any IT and telematic means, and may include any of the operations set out in article 4, point 2 of the GDPR, including collection, registration, organisation, retention, consultation, analysis, matching, processing, modification, selection, extraction, alignment, use, combination, cross referencing, blocking, disclosure, erasure and destruction, within the scope of attaining the intended purposes.

In any case, data will be processed using technical and organisational security measures appropriate to the processing risk in question, in accordance with the provisions of article 32 of the GDPR.

 

Personal data retention period

Your personal data will be retained for the time strictly necessary to attain the above purposes in connection with the fulfilment of legal obligations and the protection of rights in court. In any event, the data will not be retained for more than 10 years from the termination of the contract with the customer.

Furthermore, we would like to inform you that, for information and customer support purposes, your personal data will be retained solely for a maximum of 5 years from their collection.

 

 

Disclosure and dissemination of personal data

 

Your personal data will not be disseminated, but may be accessible to employees and/or collaborators of De Cecco or the companies of the De Cecco Group, as well as to employees and/or collaborators working under the direct authority of duly authorised Processors, and/or system administrators.

To achieve the purposes described above, your personal data may be disclosed to service or product providers and suppliers that carry out, on behalf of De Cecco, related, instrumental or support activities, for the management and maintenance of the contents of websites and electronic platforms, customer support, Information Technology system management, editorial services, the management of electronic platforms, legal advice services, sales agents.

The aforesaid parties may act as Data Processors pursuant to Article 28 of the GDPR. The updated list of Data Processors is available from the Data Controller.

 

Furthermore, in order to allow the processing of your request for information and/or support, the protection of the Data Controller's rights in court, your data could become known to the other De Cecco Group companies and be disclosed to public authorities in order to fulfil legal or regulatory obligations, as well as to judicial authorities upon their request.

 

Transfer of data to non-EU countries

Your personal data may be processed in the Republic of San Marino and in Albania, as non-European countries. Your data will in any case be transferred with all the necessary guarantees, in compliance with the provisions of article 46 of the GDPR.

 

Rights of the Data Subject

As Data Subject, you may exercise your rights pursuant to articles 15 et seq. of the GDPR. In particular, the Data Subject has the following rights:

  1. right of access: the Data Subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, to access the personal data and the following information, (i.e. purposes of processing, categories of personal data, the recipients to whom the personal data is or will be disclosed, the retention period, any available information as to the source of the data if it is not collected from the Data Subject, the appropriate safeguards relating to the transfer if personal data is transferred to a non-EU country), and to obtain a copy of the personal data processed;

  2. the right to rectification: the Data Subject shall have the right to have, without undue delay, inaccurate personal data concerning him or her rectified, and to have incomplete personal data completed.

  3. the right to erasure: the Data Subject shall have the right to have personal data concerning him or her erased without undue delay, where one of the following grounds applies:



  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

  • the Data Subject may withdraw consent forming the basis of the processing, and where there is no other legal ground for the processing;

  • the Data Subject may object to the processing if there are no overriding legitimate grounds for processing;

  • the personal data has been unlawfully processed;

  • the personal data has to be erased for compliance with a legal obligation in EU law;

  • the personal data has been collected in relation to the provision of information society services referred to in article 8.



  1. The right to restrict processing: the Data Subject shall have the right to have processing restricted where the following applies:



  • if the Data Subject challenges the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;

  • if processing is unlawful and the Data Subject objects to the erasure of the personal data and instead requests the restriction of its use;

  • although the Data Controller no longer needs the personal data for processing purposes, the Data Subject requires the personal data for the establishment, exercise or defence of legal claims;

  • the data subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.



  1. the right to data portability: the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and have the right to transmit this data to another controller:

  2. the right to object: the Data Subject has the right to object at any time to the processing of personal data concerning him or her for direct marketing purposes, including profiling in so far as this is related to such direct marketing.


 

These rights may be exercised by sending us a specific request by email to the address [email protected].

If you believe that the processing of your personal data is in breach of the provisions of the current privacy law, you may lodge a complaint with the Data Protection Supervisory Authority, as set forth by article 77 of the GDPR, or commence proceedings before the competent courts.

 

 

 

 

Last update:  2022-10-18 16:56:12