Privacy policy

In accordance with the commitment and care that Montalbano Food S.r.l. dedicates to the protection of personal data, we inform site visitors about the methods, purposes and scope of communication and dissemination of their personal data and their rights, in accordance with art. 13 of the European Regulation n. 679/2016 (hereinafter GDPR).

1. CATEGORIES OF PERSONAL DATA PROCESSED BY THE HOLDER OF THE TREATMENT
To allow visitors to the site to be contacted or to ask a question, Montalbano Food S.r.l. (hereinafter the Company), as Data Controller, must process personal data released by the visitors themselves in the appropriate form on the “Contacts” page. This data is provided explicitly by the visitor.
The Company may process the following categories of visitor personal data:
• technical navigation data relating to the IP address, the identification codes of the devices used by the user for the use of the site or services, the characteristics of the browser and access times;
• navigation data aimed at profiling provided indirectly through the use of the service itself and obtained and analyzed with the user’s consent;
• common identification data provided by the user (eg name, surname, email, etc.) for the use of the service.

2. PURPOSE AND LEGAL BASES OF THE PROCESSING
The data entered by the visitor in the form will be processed by the Company exclusively with methods and procedures necessary to provide the requested service. In particular, the data will be used by the Company to respond to what was communicated / requested by the visitor.
Only with express consent can the data be used to carry out statistical analyzes, market surveys, promotional activities via social media and to send commercial information on the Company’s products and promotional initiatives (direct marketing purposes).
Communications for market surveys or commercial information on products and promotional initiatives may be made by post mailing, e-mail, telemarketing, sms, mms.
Some activities could be implemented through suppliers, specifically appointed as Data Processors, including residents outside the European Union.
The legal bases of the purposes described above are the execution of a request from the interested party and the consents expressed by him.

3. DISSEMINATION, COMMUNICATION AND SUBJECTS ACCESSING THE DATA
The personal data released by visitors will not be disclosed, but may be disclosed where necessary for the provision of the service to third parties (such as third party technical service providers, postal couriers, hosting providers, IT companies) appointed, if necessary, Data Processors by the Company for technical or organizational tasks instrumental to the provision of services.
Access to data is also allowed to categories of employees of the Company involved in the organization for data processing (administrative, commercial, marketing, customer service, system administrators).
The updated list of Managers can always be requested from the Data Controller.
The right of communication to third parties remains unaffected if the visitor has given specific and optional consent.

4. TRANSFER OF DATA ABROAD
The personal data released by visitors will be processed by the Company within the territory of the European Union.
If for technical and / or operational reasons it becomes necessary to make use of subjects located outside the European Union, or it becomes necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the area of the European Union, the processing will be regulated in accordance with the provisions of Chapter V of the Regulation and authorized on the basis of specific decisions of the European Union. All the necessary precautions will therefore be taken in order to guarantee the most complete protection of personal data, basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the third party recipient pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules, so-called Corporate binding rules.

5. DURATION OF TREATMENT AND STORAGE OF PERSONAL DATA
The Company in accordance with Art. 5.1 e) of the GDPR will process the data provided by the visitor for the entire duration of the requested services and will keep them for 12 months, as well as for the time necessary to fulfill legal obligations and to protect the action.

6. RIGHTS OF THE INTERESTED PARTY
The Company guarantees visitors that they can exercise their rights under art. 12 of the GDPR. In particular, the right:
– to know if the Data Controller holds and / or processes personal data and to access it in full, also by obtaining a copy (Article 15 Right to access);
– the correction of inaccurate personal data or the integration of incomplete personal data (Article 16 Right of rectification);
– to the cancellation of personal data held by the Data Controller if one of the reasons provided for by the GDPR exists (Article 17 Right to Cancellation);
– to ask the Data Controller to limit the processing only to some personal data, if one of the reasons provided for by the Regulations exists (Article 18 Right to limit the processing);
– to request and receive all personal data processed by the Data Controller, in a structured format, commonly used and readable by an automatic device or to request transmission to another Data Controller without impediments (Article 20 Right to Portability);
– to object in whole or in part to the processing of data for the purpose of sending advertising material and market research (so-called Consent) (Article 21 Right to object)
– to object in whole or in part to the processing of data in automatic or semi-automatic mode for profiling purposes (so-called Consent).
The exercise of these rights can be exercised by communicating to the Data Controller whose contact details are indicated in the appropriate section of this information.
Furthermore, the visitor always has the right to lodge a complaint with the Personal Data Protection Authority, which can be contacted at garante@gpdp.it or via the website http://www.gpdp.it.

7. PRIVACY MANAGER
To exercise your rights, the visitor can contact you at the following addresses:
– Privacy Office c/o Montalbano Food S.r.l., Via Sestese, 61 – 51035 Firenze
– or by sending an email to the address: privacy@montalbanofood.com

8. LATEST UPDATE
This Privacy Notice is updated on 03/24/2021