Dear User, this page describes the methods for managing the site in reference to the processing of your personal data. In accordance with articles 13 and 14 of European Regulation No. 679/2016 (hereinafter referred to only as GDPR) and articles 13 and 14 of San Marino Law No. 171/2018 (hereinafter referred to only as RSM Law) regarding data protection, we therefore provide the information below in order to correctly and transparently provide news about the data collected from our websites and about the related ways such data are used. The information is also based on Recommendation No. 2/2001 that the European data protection authorities - who met in the Group established by article. 29 of Directive No. 95/46/EC - adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, times and nature of the information that Data Controllers must provide users with when they connect to web pages, regardless of the purpose of the connection.
1. DATA ACQUISITION
The personal data that are processed are freely provided by you and acquired by us in the context of browsing our website www.oasy.com.
Personal data are collected by forms in the “Contact” and “Newsletter subscription” sections where you can request information and subscribe to the newsletter.
2. PROCESSED DATA
Processing shall cover the following information:
a) Browsing data: when you visit our website we send cookies, or technologies with similar functionalities to your devices, which allow us to monitor your behaviour. These cookies then send data back to our analysis devices. We can therefore track which marketing channel your contact was generated from (e.g., Google AdWords, email, newsletter) and which pages you visited, and other similar information. We carry out a multi-device analysis, that is we use analytical tools (Google Signals), which allow us to notice if you interacted with our website using different devices. We also receive information on how you use and interact with the site, as well as the time spent on the site. Our website server also collects basic information about the search performed on your browser when you visited the site. Such data may contain information about the date and time of the last visit, the date and time of the search in the browser, your IP address, basic HTTP header information (such as URL references and the user agent) and the previous URLs searched by your browser.
Some functionalities are also active on this site that operate on personal data by sharing them with other entities or websites (such as Facebook, Instagram, etc.). These functionalities send data to third parties, who may use personal information in accordance with their own privacy policies. These functionalities are operated by third parties, which are not associated with us, and we recommend you to read their own privacy policies. The use of cookies and other digital tools with similar functionality is described in more detail in our Cookies Policy, which can be accessed online in the appropriate section.
b) Personal and contact data: when you intend to request any information by contacting us through the “Contact” and “Newsletter subscription” sections of the website, we will collect your details, your email address, your telephone number, etc., in order to be able to fulfil your requests and/or subscribe to the newsletter and we will keep a record of the emails we have sent you.
3. PROCESSING METHODS
Processing will be carried out - also but not only - using computerised and/or automated means, with suitable methods to guarantee the security, protection and confidentiality of the data and to prevent and limit the risk of loss, deterioration, data theft and ensure that it is restored in a reasonable time in the event of data breach.
The processing will take place through the following operations: collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication, comparison or interconnection, limitation, erasure and destruction of data.
4. PURPOSES OF THE PROCESSING
Your personal data will be processed for the following purposes:
a) to allow the technical and functional management of our website (including maintaining computer security), for example identifying parts of the website that have a low latency;
b) to send you newsletters and communications with promotional and informative/advertising content about our products and services if you have given your consent;
c) for profiling purposes or for creating profiles (individual and/or aggregate) based on your profile, preferences and consumption choices, for the development of market and statistical analyses and for transmitting personalised communications, if you have given your consent;
d) for purposes related to the customer care service, in case you want to request information through the “Contact” section of our site so that we can fulfil your requests.
5. LEGAL BASIS OF THE PROCESSING
Your personal data will be processed on the following legal basis:
a) the pursuit of the legitimate interest of the Data Controller;
b) the consent freely and regularly provided by you (in the case of marketing through newsletters and profiling);
c) as necessary for pre-contractual obligations (such as handling requests for information).
In more detail:
The legal basis for the purpose referred to in article 4, sect. a) are article 6.1 (f) of GDPR and article 5.1 (f) of the RSM Law; for the purposes of sect. b) and c) legal basis are article 6.1 (a) of GDPR and article 5.1 (a) of the RSM Law; for the purpose of sect. d) legal basis are article 6.1 (b) of GDPR and article 5.1 (b) of the RSM Law.
6. MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
Providing your data for the purpose detailed in above-described point 4 “Purpose of the processing”, letter d) is mandatory, therefore, your refusal will make it impossible to fulfil any request that you make.
The release of the data for the purposes indicated in above-mentioned letters b) and c) is optional, and you can therefore decide not to provide any data without prejudice to the relationship with our company.
7. RECIPIENTS OF PERSONAL DATA
The personal data collected will be processed by the Data Controller, the Data Processors appointed by the Data Controller and other employees formally authorised and appropriately instructed for processing (pursuant to article 29 of GDPR and article 30 of the RSM Law).
Your data may also be processed by any kind of consultants, as Data Processors, engaged in carrying out technical and support tasks on behalf of the company. The updated list of Data Processors is kept at the company’s head office and can be viewed on request.
Your data will not be disclosed but may be communicated to inspection bodies responsible for checks and controls on the regularity of the legal requirements as well as to other companies of the group, parent companies and associates.
8. DATA TRANSFER TO A THIRD COUNTRY
Your data will not be transferred outside the European Union. However, it is understood that, where necessary, our company will have the right to transfer data to a foreign Country in accordance with the applicable legal provisions.
9. DATA RETENTION PERIOD
The browsing data collected are only used to obtain anonymous statistical information on the use of the sites and to check their correct operation and are deleted after processing.
The other personal data will be processed for the time strictly necessary to manage the requested service.
If you have chosen to receive commercial communications from us, if you have authorised profiling, the data collected will be used (processed) until you decide to withdraw your consent and, in any case, no later than two years after consent for the data provided for commercial communications activities has been issued or renewed, or no more than one year for data used for personalised commercial offers.
10. DATA SUBJECT’S RIGHTS
We hereby inform you that, at any time, in accordance with articles 15-22 of GDPR and of the RSM Law you can exercise the following rights:
1) Have confirmation as to whether or not personal data concerning you are being processed and, where that is the case, obtain access to the data and all the information relating to the processing (right of access pursuant to article 15 of GDPR and of the RSM Law);
2) Obtain the rectification of incorrect personal data without undue delay and the integration of incomplete data also by means of a supplementary declaration (pursuant to article 16 of GDPR and of the RSM Law);
3) Obtain the erasure of your personal data without undue delay if: the data are no longer necessary with respect to the purposes for which they were collected or processed; they have been unlawfully processed; they must be erased in order to fulfil a legal obligation; you have withdrawn consent or object to the processing (right to be forgotten pursuant to article 17 of GDPR and of the RSM Law);
4) Obtain the limitation of the processing when one of the following situations occurs: if you dispute the accuracy of the personal data, for the period necessary for the Data Controller to verify said accuracy; if the processing is unlawful and you object to the erasure of the data and instead request that the use of the data be limited; although the Data Controller no longer needs them for the purposes of the processing, your personal data are necessary to establish or exercise a right in court; if you have objected to processing, pending verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to your data (right of limitation pursuant to article 18 of GDPR and of the RSM Law);
5) Receive the personal data concerning you in a structured format, in common use and readable by an automatic device and to send such data to another Data Controller without impediments by the Data Controller who provided them (right to portability pursuant to article 20 of GDPR and of the RSM Law);
6) Object, in whole or in part, to the processing. If your personal data are processed for direct marketing purposes, you have the right to object to the processing at any time, including profiling, to the extent that it is related to such direct marketing. If the personal data are processed for scientific or historical research or statistical purposes, for reasons linked to your particular situation, you have the right to object to the processing, unless the processing is necessary to perform a task of public interest (right to object pursuant to article 21 of GDPR and of the RSM Law);
7) Withdraw consent at any time;
8) Lodge a complaint with the Data Protection Authority.
11. THE DATA CONTROLLER AND THEIR REPRESENTATIVE IN THE EUROPEAN UNION
To enforce the rights described above, you may contact the Data Controller Wonderfood s.p.a. at any time by means of a communication to be sent by e-mail, to the following e-mail address privacy@wonderfood.com or, by registered letter with acknowledgement of receipt, to the following address: Strada dei Censiti, 2 – 47891 Falciano (RSM) or, to their representative in the European Union, Dr Nathaniel Casadei (tax code CSDNHN82S13H294O) available at the following e-mail address wonderfood@novapoesis.it or, by registered letter, to the following address: Via Pomposa no. 43/I, 47924 Rimini (RN).
Company information |
|
Company Name | Wonderfood Spa |
Registered office address | Strada dei Censiti, 2 47891 Falciano (SM) |
Economic Operator Code | SM 04018 |