BakeItaly

PRIVACY POLICY

Dear User, thank you for visiting our site. In the following page we describe how to manage the site in relation to the processing of personal data of users who consult it.

This information is also provided pursuant to art. 13 of Legislative Decree no. 196/03 (Personal Data Protection Code) and art. 13 and 14 of European Regulation no. 679/2016 (hereinafter also “GDPR”) to those who interact with the web services directly provided by the Company. The information is provided for this website and not for other websites that may be consulted by the user via links. The information is based on Recommendation no. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by art. 29 of Directive no. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that data controllers must provide users with when they connect to web pages, regardless of the purpose of the connection. The Privacy Policy and the Privacy Standards used for the protection of personal data are based on the following principles:

 

A) TREATMENT TYPE OF TREATMENT

The holder of the data processing is the Company in which references are indicated in the footer of this site.

 

B) PRINCIPLE OF RESPONSIBILITY

The processing of personal data is managed over time by managers identified within the company’s organisation.

 

C) PRINCIPLE OF TRANSPARENCY

The personal data are collected and subsequently processed according to the principles expressed in this Privacy Policy. At the time the data is provided, a brief but complete information is provided to the interested party in accordance with the provisions of art. 13 of Legislative Decree no. 196/03 and art. 13 and 14 of the GDPR.PRINCIPLE OF PERTINENCE OF COLLECTION.

Personal data are processed lawfully and correctly; they are recorded for specific, explicit and legitimate purposes; they are pertinent and not exceeding the purposes of processing; they are kept for the time necessary for the purposes of collection.

 

D) PRINCIPLE OF USE

The purposes of the processing of personal data are made known to the data subjects at the time of collection. Any new processing of data, if unrelated to the stated purposes, are activated subject to new information to the data subject and any request for consent, when required by Legislative Decree no. 196/03 and GDPR. In any case, personal data will not be communicated to third parties or disseminated without the prior consent of the interested party, except in cases expressly indicated by art. 24 of Legislative Decree no. 196/03 and by GDPR.

 

E) PRINCIPLE OF VERIFICABILITY

The personal data is accurate and updated over time. They are also organised and stored in such a way that the data subject is given the opportunity to know, if he or she so wishes, which data have been collected and recorded, as well as to check their quality and request their correction, integration, cancellation due to violation of the law or opposition to processing and to exercise all other rights, pursuant to and within the limits of art. 7 of Legislative Decree no. 196/03 and art. 15 et seq. of GDPR, at the addresses indicated in the Informative Notes ex art. 13 of Legislative Decree no. 196/03 and ex art. 13 and 14 of GDPR on the Company’s website.

 

F) SAFETY PRINCIPLE

Personal data are protected by technical, IT, organisational, logistical and procedural security measures against the risks of destruction or loss, even accidental, and unauthorised access or unauthorised processing. These measures are periodically updated according to technical progress, the nature of the data and the specific characteristics of the processing, constantly checked and verified over time. Third parties who carry out support activities of any kind for the provision of the services requested by the Company, in relation to which they perform personal data processing operations, are designated by the latter as Data Processors and are contractually bound to comply with the measures for the security and confidentiality of the processing. The identity of said third parties is disclosed to users. The Company does not assume any responsibility for: the rules and methods of management of personal data of other Web sites, accessible from our pages through links and references; the contents of any e-mail services, web spaces, chat forums provided to users.

The processing operations connected to the web services offered by this site take place at the Company, and possibly at the offices of the Data Processors and are handled by data processors responsible for the management of the services requested, marketing activities – where requested by the user – data storage activities and occasional maintenance operations.

 

G) FITNESS FOR COMMUNICATION OF DATA

The personal data provided may be communicated to third parties in order to fulfil legal obligations, in execution of orders from public authorities legitimized to do so or to assert or defend a right in court. If necessary in relation to particular services or products requested, personal data may be communicated to third parties who, as independent data controllers, perform functions strictly connected and instrumental to the provision of services or supply of products. Without the communication, these services and products could not be provided. Personal data will not be disclosed, unless the requested service requires it.

 

H) DATA PROVIDED VOLUNTARILY BY THE USER

The types of personal data collected and processed in this site are those necessary to provide the various services provided. The data collected are processed using paper, automated and telematic methods and with logic strictly related to the purposes of processing. Your telephone number and e-mail address may also be used to provide the services. It is therefore clear that, should such data not be provided, you may not be provided with those services that require the use of these tools. Any voluntary sending of e-mails to the addresses indicated on the site involves the acquisition of the sender’s address as well as any other information contained in the message; such personal data will be used only to perform the service or provision requested.

 

I) NAVIGATION DATA

It is useful to know that the software procedures of the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. Although this information is not intended to be associated with identified users, by its nature, if associated with other data held by third parties (e.g. your internet service provider), it could allow the identification of users. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URL (Uniform Resource Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user. These data are used for the sole purpose of anonymous statistics on the use of the site and to check its correct functioning. The Data Controller and, depending on the service requested, the designated Managers keep, for a limited period of time in accordance with the law, the route (LOG) of the connections/navigations made in order to respond to any requests from the judicial authorities or other public body entitled to request said route in order to ascertain any liability in the event of computer crimes. Apart from what has been specified for navigation data, the user is free to provide or not to provide the personal data requested in the service registration form. On this form, however, some data may be marked as mandatory; it must be understood that such data is necessary for the provision of the requested service. If this data is not provided, the service requested cannot be provided. When the data is provided, in accordance with the provisions of art. 13 of Legislative Decree no. 196/03 and art. 13 and 14 of GDPR, the data subject is provided with brief but complete and transparent information on the purposes and methods of processing, on the mandatory or optional nature of providing the data, on the consequences of failure to provide the data, on the subjects or categories of subjects to whom the personal data may be communicated and the scope of dissemination of such data, on the rights referred to in art. 7 of Legislative Decree no. 196/03 and art. 15 et seq. of GDPR (access, integration, updating, correction, deletion for violation of the law, opposition to processing, etc..), the identity and headquarters of the Data Controller and Data Processors. The data subject is therefore called upon to express his/her informed, free, specific and documented consent in the form provided for by law, where required by the same. In the event that personal data is provided in subsequent stages, additions may be made to the information already provided previously and new consent to the processing required by the Privacy Code and by GDPR.

 

L) SAFETY MEASURES ADOPTED FOR DATA COLLECTION PROTECTION

The Company uses “secure” architectures and technologies to protect personal data against undue disclosure, alteration or misuse. The protections activated with regard to personal data are aimed, in particular, at minimizing the risks of destruction or loss, even accidental, of data, unauthorized access or processing that is not permitted or does not comply with the purposes of collection. These security measures obviously comply with the minimum requirements indicated by the Legislator (Technical Regulations on minimum security measures pursuant to Articles 33 to 36 of Legislative Decree no. 196/03). The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or not of the data and to know its content and origin, verify its accuracy or request its integration or updating, or correction (art. 7 of Legislative Decree no. 196/03 and art. 16 of GDPR). Pursuant to the same article, the interested party has the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, their processing. Requests should be addressed to the Company’s contact details indicated in the footer of the site.