Privacy Policy

Privacy Policy

Dear user,
The protection of the privacy of our users and visitors is of absolute importance to us and we want you to always feel protected. For this reason, aware of the confidence that you place in us when entrusting us with your data, with this privacy policy we want to share some basic information that will allow you to understand how we go about processing your personal data, especially those collected and provided by you while browsing the website.

This Privacy Policy may be subject to change as a result of regulatory updates or in connection with the services offered through our website. We therefore invite visitors to periodically consult this page. For this purpose, the privacy policy indicates the date of the last update.

Scope of this policy

We also inform you that this policy applies only to the website  www.dececco.com and any subdomains, and not to other websites that may be viewed by the user through external links (so-called redirect).

The use of the social media features present on this website (Facebook, Pinterest, Youtube, Instagram plug-ins) does not entail the automatic acquisition by the Company of the User’s personal data. However, only the data protection regulations of the respective social network apply to data transmissions between the social network and the User’s system and to interactions on the platform. Users are therefore invited to consult the privacy policy of the social network before using the plug-in. The social network plug-in remains active until the user deactivates it or deletes the relevant cookies.

Specific information in relation to individual services offered on the website

This website provides information about the services offered and activities carried out by the Company.

In order to request information, users are required to fill in a form for the collection of personal data necessary to enable the provision of the requested service.

To ensure transparency and awareness for users, a specific information notice on the processing of personal data is provided in sections that include data collection forms. The notice details the characteristics of the processing and all other information required by law (Art. 13 GDPR). These notices are aimed at defining the limits and modalities of data processing for each service, on the basis of which the visitor may freely express his or her consent (if necessary) and possibly authorise the collection of data and its subsequent use. Users are therefore invited to read this information sheet before providing their personal data.

Who is the Data Controller?
Your personal data will be processed by F.lli De Cecco di Filippo Fara San Martino S.p.A. (hereinafter “De Cecco”) with registered office in Via F. De Cecco, Zona Industriale, 66015, Fara San Martino (CH), Italy, tel. 0872/9861, as Data Controller.

The Data Protection Officer (DPO)

De Cecco has a Data Protection Officer. Our Data Protection Officer is Mr Giulio Maria Garofalo, lawyer, email [email protected].

What type of data will be processed and for what purpose?
Personal data include any information that could lead to your identification.
Specifically, by browsing the website the following information can be collected:

  • Browsing data: in the normal exercise of their routines, the computer systems and software procedures used to operate this website acquire some personal data that are then transmitted via internet communication protocols. By their very nature, through association and processing with data held by third parties this information could allow you to be identified as a user and a visitor (e.g. IP address, domain names of computers used by users/visitors connecting to the website etc.). Such data are collected automatically and exclusively in order to allow you to browse the website, and, in an absolutely anonymous manner, can also be used for statistical surveys.
  • Data provided by users voluntarily and directly, including but not limited to their name, surname and contact details. Your request for information/assistance or subscription to the newsletter involves the acquisition of personal data by De Cecco, which will be processed exclusively to provide the requested service. Please review the specific information notice provided before submitting your data.

How are your data used?
Your personal data will be processed with or without the support of any IT and telematic means, and may include any of the operations set out in article 4, point 2 of the GDPR, including collection, registration, organisation, retention, consultation, analysis, matching, processing, modification, selection, extraction, alignment, use, combination, cross referencing, blocking, disclosure, erasure and destruction, within the scope of attaining the intended purposes.
In any case, data will be processed using technical and organisational security measures appropriate to the processing risk in question, in accordance with the provisions of article 32 of the GDPR.

How long are your data kept?
Your personal data will be retained for the time strictly necessary to attain our purposes. In particular: browsing data will be processed for the duration of the session; data relating to requests for information will be processed for 6 months; data relating to requests for assistance will be processed for up to 3 years; data provided to receive the newsletter will be processed until unsubscribed; data collected via cookies will be processed in accordance with our cookie policy.

Who has access to your data and who can they be disclosed to?

In order to provide the services offered through the website, the Data Controller may use third parties acting on its behalf as Data Processors. The updated list of Data Processors is available from the Data Controller.
Moreover, your personal data will not be disseminated, but may be accessible to employees and/or contractors of De Cecco or the companies of the De Cecco Group, as well as to employees and/or contractors working under the direct authority of duly authorised parties and/or system administrators.

Where can your personal data be transferred?

Your personal data are processed on servers located within the European Union. Currently, these servers are located in Italy. Your personal data will not be transferred outside the European Union. The Controller reserves the right to change the location of the servers also outside the European Union, in this case ensuring that the transfer takes place in accordance with the applicable legal provisions, with the appropriate guarantees provided for in Article 46 of the GDPR.

Rights of the Data Subject
As Data Subject, you may exercise your rights pursuant to articles 15 et seq. of the GDPR. In particular, the Data Subject has the following rights:
a) the right of access: the Data Subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, to access the personal data and the following information (i.e. purposes of processing, categories of personal data, the recipients to whom the personal data are or will be disclosed, the retention period, any available information as to the source of the data if they are not collected from the Data Subject, the existence of appropriate safeguards relating to the transfer of personal data if transferred to a non-EU country), and the right to obtain a copy of the personal data processed;
b) the right to rectification: the Data Subject shall have the right to have, without undue delay, inaccurate personal data concerning him or her rectified, and to have incomplete personal data completed.
c) the right to erasure: the Data Subject shall have the right to have personal data concerning him or her erased without undue delay, where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the Data Subject may withdraw consent forming the basis of the processing, and where there is no other legal ground for the processing;
  • the Data Subject may object to the processing if there are no overriding legitimate grounds for processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in EU law;
  • the personal data have been collected in relation to the provision of information society services referred to in article 8.
  1. d) the right to restriction: the Data Subject shall have the right to have processing restricted where the following applies:
  • if the Data Subject challenges the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
  • if processing is unlawful and the Data Subject objects to the erasure of the personal data and instead requests the restriction of their use;
  • if, although the Data Controller no longer needs it for the purposes of processing, personal data is necessary for the Data Subject to establish, exercise or defend a right in court;
  • if the Data Subject has objected to processing pending verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.
  1. e) the right to data portability: the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit this data to another Data Controller.
    f) the right to object: the Data Subject has the right to object at any time to the processing of personal data concerning him or her for direct marketing purposes, including profiling in so far as this is related to such direct marketing.

These rights may be exercised by sending us a specific request by email to the address [email protected].

If you believe that the processing of your personal data is in breach of the provisions of the current privacy law, you may lodge a complaint with the Data Protection Supervisory Authority, as set forth by article 77 of the GDPR, or commence proceedings before the competent courts.

Last updated June 2024