Privacy Policy

Privacy Policy

Dear user,

The protection of the privacy of our users and visitors who browse and use the services offered through our website is of absolute importance to us and we want you to always feel protected.  For this reason, aware of the confidence that you place in us when entrusting us with your data, with this privacy policy we want to share some basic information that will allow you to understand how we go about processing your personal data, especially those collected and provided by you while browsing the website.

We want you to know that your personal data will be processed in compliance with the provisions of the European Regulation on the protection of personal data (Reg. EU 2016/679, hereinafter “GDPR”) as well as current and applicable privacy laws (Italian Legislative Decree 196/2003 as amended, hereinafter “Privacy Code”) and in any case in compliance with the principles of lawfulness, propriety and transparency.

We also inform you that this policy applies only to this website and any subdomains, and not to other websites that may be viewed by the user through external links. The website is owned and managed by F.lli De Cecco di Filippo Fara San Martino S.p.A. (hereinafter “De Cecco”). Please read this Privacy Policy carefully before submitting any type of personal information and/or completing any electronic form on the website. We reserve the right to change the terms of the Privacy Policy at any time, when updating the website, and these changes shall take effect on the day of the update.

Moreover, specific information on the processing of the data collected relating, for example, to portal registration procedures, other requests for services or participation in promotional initiatives can be detailed in specific notices contained in the subsections of the portal, which we invite you to read.

By using the De Cecco website, you consent to the collection, use and possible disclosure of your personal data to Group companies in accordance with this Privacy Policy. If you do not wish to authorise such processing, please do not use the services provided by the platform.

The website and its services are intended for adults. We do not collect personal data relating to persons under the age of 18. At the request of the users, we shall promptly delete all personal data involuntarily collected and relating to persons under the age of 18.

Who is the Data Controller?

Your personal data will be processed by F.lli De Cecco di Filippo Fara San Martino S.p.A. (hereinafter “De Cecco”) with registered office in Via F. De Cecco, Zona Industriale, 66015, Fara San Martino (CH), Italy, tel. 08729861, as Data Controller.

What type of data will be processed and for what purpose?

Personal data include any information that could lead to your identification.

Specifically, by browsing the website the following information can be collected:

–          Browsing data: in the normal exercise of their routines, the computer systems and software procedures used to operate this website acquire some personal data that are then transmitted via internet communication protocols. By their very nature, through association and processing with data held by third parties this information could allow you to be identified as a user and a visitor (e.g. IP address, domain names of computers used by users/visitors connecting to the website etc.). Such data are collected automatically and exclusively in order to allow you to browse the website, and, in an absolutely anonymous manner, can also be used for statistical surveys.

–          Data provided by you voluntarily and directly, including but not limited to your name, surname and contact details. Any request made by you for information or services provided on the website may result in De Cecco’s acquisition of your address and/or any other personal data that shall be processed exclusively to respond to the request, or to provide the related service, and therefore your consent may not be required. If you wish to take advantage of additional services offered through the portal, for example in order to receive the newsletter on De Cecco products or other commercial communications, invitations to events or participation in contests, or targeted promotional offers, you may be required to give your consent.

De Cecco uses cookies and therefore invites you to read its Cookie Policy

How are your data used?

Your personal data will be processed with or without the support of any IT and telematic means, and may include any of the operations set out in article 4, point 2 of the GDPR, including collection, registration, organisation, retention, consultation, analysis, matching, processing, modification, selection, extraction, alignment, use, combination, cross referencing, blocking, disclosure, erasure and destruction, within the scope of attaining the intended purposes.

In any case, data will be processed using technical and organisational security measures appropriate to the processing risk in question, in accordance with the provisions of article 32 of the GDPR.

How long are your data kept? 

Your personal data shall be processed for the time strictly necessary to achieve the relevant purposes, and in any case will not be kept for more than 10 years.

How are your data collected?

Apart from what is specified for browsing data that will be collected automatically, as a user/visitor you will be free to provide your personal data. However, failure to provide the requested personal data marked with an asterisk may result in the impossibility of using the related requested services.

Who has access to your data and who can they be disclosed to?


In order to provide the services offered through the website, the Data Controller may use third parties acting on its behalf as Data Processors. The updated list of Data Processors is available from the Data Controller.

Moreover, your personal data will not be disseminated, but may be accessible to employees and/or contractors of De Cecco or the companies of the De Cecco Group, as well as to employees and/or contractors working under the direct authority of duly authorised parties and/or system administrators.

Where can your personal data be transferred?

Your personal data will be processed by the Data Controller or by Processors in the European Union, and will not be transferred to any non-EU country.

The Data Protection Officer (DPO) and contact details

De Cecco has a Data Protection Officer. Our Data Protection Officer is Giulio Maria Garofalo, who can be contacted at [email protected].

Rights of the Data Subject

As Data Subject, you may exercise your rights pursuant to articles 15 et seq. of the GDPR. In particular, the Data Subject has the following rights:

  1. a)      The right of access: the Data Subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, to access the personal data and the following information, (i.e. purposes of processing, categories of personal data, the recipients to whom the personal data is or will be disclosed, the retention period, any available information as to the source of the data if it is not collected from the Data Subject, the appropriate safeguards relating to the transfer if personal data is transferred to a non-EU country), and to obtain a copy of the personal data processed.
  2. b)      The right to rectification: the Data Subject shall have the right to have, without undue delay, inaccurate personal data concerning him or her rectified, and to have incomplete personal data completed.
  3. c)      The right to erasure: the Data Subject shall have the right to have personal data concerning him or her erased without undue delay, where one of the following grounds applies:

–       The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

–       The Data Subject may withdraw consent forming the basis of the processing, and where there is no other legal ground for the processing.

–       The Data Subject may object to the processing if there are no overriding legitimate grounds for processing.

–       The personal data were unlawfully processed.

–       The personal data must be erased for compliance with a legal obligation in EU law.

–       The personal data were collected in relation to the provision of information society services referred to in article 8.

  1. d)      The right to restrict processing: the Data Subject shall have the right to have processing restricted where the following applies:

–       If the Data Subject challenges the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data.

–       If processing is unlawful and the Data Subject objects to the erasure of the personal data and instead requests the restriction of their use.

–       Although the Data Controller no longer needs the personal data for processing purposes, the Data Subject requires the personal data for the establishment, exercise or defence of legal claims.

–       The data subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.

  1. e)      The right to data portability: the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and have the right to transmit this data to another controller.
  2. f)       The right to object to the processing: the data subject has the right to object at any time to the processing of personal data concerning him or her for direct marketing purposes, including profiling in so far as it is related to such direct marketing.

These rights may be exercised by sending us a specific request by email to the address [email protected].

If you believe that the processing of your personal data is in breach of the provisions of the current privacy law, you may lodge a complaint with the Data Protection Supervisory Authority, as set forth by article 77 of the GDPR, or commence proceedings before the competent courts.