Information concerning the handling of personal data

Pursuant to and for the purposes of Regulation EU 2016/679 or GDPR

PURPOSE OF THIS DOCUMENT
This policy provides information on how any personal data collected from users browsing the Site www.granapadano.it may be processed.
The policy is provided in accordance with art.13 of Regulation EU 2016/679 and the applicable Italian laws on the protection of the personal data of anyone interacting with the online services offered by: www.granapadano.it.
The provisions below also take into account Directive 2002/58/EC and the provisions of the Data Protection Authority on the use of cookies.
Aside from what specified for browsing data, the provision of personal data is optional. However, Users who do not provide their data will not be able to access some of the services offered by the Data Controller.

DATA CONTROLLER
The Data Controller is Consorzio Tutela Grana Padano with registered office in Via XXIV Giugno 8, 25025 San Martino della Battaglia – Desenzano del Garda (BS), Italy, contactable at: tel. 030/9109811, fax 030/9910487, email: info@granapadano.it.

SCOPE
This policy applies only to the Site and is not applicable to third-party websites that may be accessible via links that connect the Site to other websites, for which the Data Controller is not responsible.

DATA PROCESSING LOCATION
Data in connection with the services offered on the Site (physically located on the server connected to the internet) are processed on the Data Controller’s premises by employees, collaborators or specifically appointed data processors, or by individuals tasked with occasional maintenance operations.

CATEGORIES OF DATA PROCESSED
BROWSING DATA
The information technology systems and software procedures used by the Site during the course of its normal operation acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users but due to its nature, when elaborated and combined with data held by third parties, it may lead to their identification. This category of data includes, for example, IP addresses or the domain names of the computers used by users to connect to the Site; the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time when the request is made, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server (successful, error, etc.) and other parameters concerning the user’s operating system and computer environment. This data is used solely to obtain anonymous statistical information on how the Site is used and to make sure it is working properly. The Data Controller may provide personal data to ascertain liability in the event of hypothetical cybercrimes or to comply with requests authorised by judicial authorities.

DATA PROVIDED VOLUNTARILY BY WEBSITE USERS
By optionally, voluntarily and explicitly sending emails to the addresses published on the Site, or by filling in the request forms or following other procedures available on the Site, the receiver automatically acquires users’ email addresses, required to reply to their requests, and any other personal details included in the emails.
Users are free to provide personal data indicated in specific request forms or in contacts to request the forwarding of informative material or other correspondence. Users who do not provide their data may not be able to receive what they requested.
Information summaries will be provided or displayed on the relevant pages of the Site for specific services on demand.

USERNAME AND PASSWORD
Where access to specific areas of the Site requires the creation of a username and/or a password, Users will be responsible for keeping their access details confidential and inform the Data Controller immediately in the event of their unauthorised use.

COOKIEs
Cookies are small text files stored on Users’ devices when they visit a website; they allow the Site to recognise Users’ devices. Cookies have different purposes, for example, they allow users to browse through website pages, remember preferences and, in general, provide a better browsing experience.
Depending on their functions and purposes, cookies can be categorised as technical cookies, profiling cookies and third-party cookies.
For additional information on the cookies used by the Site, please see the relevant section.

PROCESSING METHODS
Personal data are processed with and without the aid of electronic, automated, computerised or telematic tools. In accordance with the adjustments imposed by the EU and national legislation, specific security measures are in place to prevent loss, unlawful and inappropriate use of data and unauthorised access.
To provide a comprehensive service, the Site may contain links to third-party websites not managed by the Data Controller, who cannot be considered responsible for any errors, content, cookies, publications of unlawful material, advertising, banners or files that do not comply with the applicable legislation and privacy regulations on these third-party websites.

PROCESSING PURPOSES AND LAWFULNESS
The personal data collected will be processed by CONSORZIO DEL FORMAGGIO GRANA PADANO in compliance with article 6 of Regulation EU 2016/679, for the following purposes:
a) data collected during browsing is used to allow the correct operation of the Site;
b) data provided by users who send requests are used only to comply with each request;
c) with their prior consent – optional and revocable at any time – the personal data provided by users to register for specific services (e.g. newsletter) are used only to provide the services requested.
d) when registering for a service, users express their consent to the processing of their personal data as described in the relevant service privacy policy.
e) any data provided for administrative and accounting purposes are used to comply with contractual obligations.

DATA RECIPIENTS OR CATEGORIES OF RECIPIENTS
For the above-mentioned purposes, personal data may be communicated to the following categories of recipients who will process them in their capacity as Data Processors and/or as natural persons acting under the authority of the Data Controller and Data Processor:
• subjects who provide website management services for the Site, the IT systems and the communication networks;
• firms of professionals or companies that provide assistance and advice to the Data Controller.
In any case, data may be transmitted to subjects authorised to access them by national or EU laws or regulations (e.g. public safety authorities, judicial authorities and police).

TRANSFERS OF DATA TO THIRD COUNTRIES AND SAFEGUARDS
For the above-mentioned purposes, personal data may be transferred to electronic systems located in EU or non-EU countries, in accordance with the GDPR, article 44 – General principle for transfers – article 45 – Transfers on the basis of an adequacy decision – article 46 – Transfers subject to appropriate safeguards.

DATA RETENTION
Data will be retained in a format that will consent the identification of the data subjects for the time strictly necessary to achieve the purposes for which they were collected and other authorised and connected purposes in compliance with the applicable legislation.
After this time, data will be destroyed or anonymised, compatibly with the deletion and backup technical procedures.

DATA SUBJECT RIGHTS
Data subjects can ask the Data Controller to access their data and amend or integrate any incorrect or incomplete data. Where applicable, data subjects may exercise their right to delete, limit the processing purposes, object to the processing and request the portability of their data (articles 15 – 22 of the GDPR). In the cases in which processing is based on consent, data subjects have the right to revoke their consent at any time.
These rights can be exercised by contacting the Data Controller at the addresses provided above.

RIGHT TO COMPLAIN
Data subjects who believe that the processing of their personal data conducted through this site violates the GDPR and national legislation provisions have the right to submit a complaint to the Data Protection Authority, or seek a judicial remedy.

AMENDMENTS TO THIS PRIVACY POLICY
The Data Controller reserves the right to update this Privacy Policy at any time to comply with legislation changes and to improve it, taking into account suggestions put forward by customers, collaborators and users.

COOKIE