101 Caffè Srl, with registered office in Via dei Lavoratori 8/10 - 20090 Buccinasco (MI), IT, in its capacity as Data Controller of personal data pursuant to EU Regulation 679/2016 applicable from May 25, 2018 – the General Data Protection Regulation (GDPR) - and the relevant applicable National Legislation (hereinafter collectively referred to as the "Applicable Legislation") recognizes the importance of the protection of personal data and considers its protection one of the main objectives of its activity. In compliance with the Applicable Legislation, we are providing the necessary information regarding the processing of personal data provided; therefore, 101 Caffè srl invites you to read this information notice carefully as it contains important information on the protection of personal data and the security measures taken to ensure privacy in full compliance with Applicable Legislation. 101 Coffee Srl informs you that the processing of personal data will be based on the principles of lawfulness, fairness, transparency, limitation of purpose and storage, data minimization, accuracy, integrity and confidentiality. Personal data will therefore be processed in accordance with the legislative provisions of the Applicable Legislation and the obligations of confidentiality therein.
1. Data controller
According to the Applicable Legislation, the data controller is 101 Caffè Srl, with headquarters in Via dei Lavoratori 8/10 - 20090 Buccinasco (MI), IT.
In turn, 101 Caffè Srl has appointed a Data Protection Manager, who is available at: email@example.com and tel. +39 02.87240690 for any information relating to the processing of personal data carried out by the Data Controller, including requests for the list of data processors who process data on behalf of the Data Controller.
2. Personal data that is the object of the processing
"Personal Data" means any information relating to an identified or identifiable natural person, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more features of their physical, physiological, mental, economic, cultural or social identity.
"Sensitive Data" means personal data that may reveal racial or ethnic origin, religious or philosophical beliefs, or trade union membership, as well as generic and biometric data, data relating to a person's health or sex life or sexual orientation. "Judicial Data" means personal data relating to criminal convictions and offenses or related security measures. "Processing" means any operation or set of operations, whether or not by automatic means, applied to personal data or a set of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, deletion or destruction.
3. Place of data processing
The processing of data takes place at the abovementioned headquarters of the data controller, at third parties duly identified or through the website.
4. Types of data processed
The processing has as its object the personal and identification data voluntarily provided by the data subject (by way of example but not limited to: name, surname, address, VAT number, tax code, landline or mobile phone number, e-mail address, bank details, cookies, usage data, etc.).
5. Legal basis and mandatory or optional nature of the processing
The data will be processed for institutional purposes, connected or instrumental to the activity of our company, namely:
A: Administrative-accounting. For the purposes of the application of the provisions on the protection of personal data, the forms of processing carried out for administrative-accounting purposes are those related to the performance of activities of an organisational, administrative, financial and accounting nature, regardless of the nature of the data processed. In particular, these purposes are pursued by internal organisational activities, which are functional for the fulfillment of contractual and pre-contractual obligations, for the management of the employment relationship in all its phases, for the keeping of accounts and the application of the rules on taxes, trade unions, social security and welfare, health, hygiene and safety at work.
B: Informative and promotional. The use of electronic mail addresses provided by the customer in the context of the finalization of the registration and for the subsequent execution of the contractual relationship is allowed for the purpose of sending information/promotional communications.
6. Nature of provision and refusal
Any refusal to provide data for the purposes referred to in paragraph A may prevent the stipulation or execution of contractual relations or the fulfillment of legal obligations by 101 Caffè Srl, while any refusal to provide data for the purposes referred to in paragraphs B does not prevent the stipulation or execution of the contract, but does not allow the pursuit of the purposes specified therein.
The data subject may at any time oppose the processing of personal data by exercising the rights provided for by the Applicable Legislation in the forms and ways indicated herein.
In accordance with the provisions of this document, the Customer declares that he/she gives his/her consent to the processing of his/her personal data for the purposes set out in points A and B by means of acceptance via the website.
8. Modalities of data processing-preservation
The processing will be carried out in automated and manual form, with methods and tools to ensure maximum security and confidentiality, by persons appointed as processors and appointed persons under the applicable legislation. The data will be kept for a period not exceeding the purposes for which it was collected and subsequently processed, and in any case in relation to the contractual or commercial relationship in place, except as required for administrative/accounting purposes.
9. Scope of communication and dissemination
The data subject to processing will not be disclosed, unless explicitly authorized by the data subject, following the appropriate information notice. The data may instead be communicated to companies contractually bound to the Data Controller and, where necessary, also to subjects inside and outside the European Union, in accordance with and within the limits of the Applicable Legislation.
The data may be communicated in this sense to third parties belonging to the following categories:
- subjects that provide services for the management of the information system used by the Data Controller and of the telecommunication networks, and which work on the maintenance of the technological part (including the e-mail and the newsletter service);
- freelancers, firms or companies in the area of support and consulting; subjects that carry out control, review and certification of the activities carried out by the data controller;
- subjects carrying out control, audit and certification of the activities carried out by the data controller;
- competent authorities for the fulfillment of legal obligations and/or the provisions of public bodies, at their request.
The identification data processed in application of the company's security procedures is not subject to communication, except in the case of express and specific requests made by the competent judicial and investigative authorities. The subjects belonging to the above mentioned categories act as Data Processors, or operate completely independently as separate Data Controllers. The list of data processors is constantly updated and available on request at the headquarters of the Data Controller. Any further communication or dissemination will take place only with the express consent of the data subject. Moreover, during the ordinary activities of processing, the persons expressly designated by the company as responsible for processing, authorized according to their roles, can access personal and identification data and thus come into the knowledge of it.
10. Right of access to personal data and other rights
Finally, we inform you that at any time, you may exercise your rights towards the Data Controller in accordance with the Applicable Legislation, and thus obtain confirmation of the existence or non-existence of such data, know its content and origin, verify its accuracy, request its integration, updating, correction, or complete deletion, by sending an e-mail to firstname.lastname@example.org
. If the conditions set out in the Applicable Legislation are met, you have the right to request total deletion, limitation of processing, portability, as well as to oppose the processing for legitimate reasons. If the conditions set out in the Applicable Legislation apply, you have the right to lodge a complaint with the Control Authority.