PRIVACY POLICY PURSUANT TO EU REGULATION 2016/679 – GENERAL DATA PROTECTION REGULATION (GDPR)

With this policy we hereby inform you that, pursuant to EU Regulation 679/2016 (hereinafter “GDPR”) and legislation governing personal data protection (hereinafter “Privacy Legislation”), the personal data (hereinafter “Data”) of users of this Website (hereinafter “Data Subjects”) shall be processed in the ways and for the purposes described in this policy.

Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, even if not recorded in a database, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

In accordance with the GDPR, the processing operations carried out by the Data Controllers will be characterised by the principles of lawfulness, correctness, transparency and confidentiality.

1. DATA CONTROLLERS

  • Mutti S.p.A.  with registered office at 28 Via Traversetolo, Montechiarugolo (PR – 43022), VAT no. 02758310342, telephone +39 (0521) 652511, fax +39 (0521) 652596, e-mail muttispa@muttispa.it and Mutti Australia Pty Ltd with registered office at, Suite 11 87-103 Epsom Road, Rosebery NSW 2018, Australia, VAT no. 47633084269, telephone + 61 2 9322 56 73, are the autonomous Data Controllers of the Data collected through this Website;
  • Exclusively in relation to the Facebook Business Tools (for example the “Share” button or the Facebook Insight that redirects to the Facebook page from the Mutti website) and the Facebook Pixels, Mutti S.p.a., Mutti Australia Pty Ltd and Meta Platforms Ireland Ltd., with registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, act as autonomous Data Controllers to measure the level of interaction between the websites visited on the basis of the preferences of the Data Subjects and to provide targeted advertising on the social network. More information is available at the links given below as to how data is processed by Facebook, Instagram, Messenger and other products and functions offered by Meta Platforms Ireland Limited (Meta Products or Products).The user can find more tools and information in the Facebook settings and Instagram settings, including the legal basis to which Meta Platforms Ireland Ltd. with registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland refers and how to exercise the rights of the Data Subject.

2. TYPES OF DATA PROCESSED

The following Data is processed:

  • Browsing data: such as the IP addresses or domain names of the computers used by users connecting to the Website and the URI (Uniform Resource Identifier) notation addresses of the resources requested, the transmission of which is implicit in the use of internet communication protocols. This information is not collected for association with identified Data Subjects, but its nature may, through processing and association with data held by third parties, enable the users to be identified. This data is used purely to obtain anonymous statistical information on the use of the website and to control that it is functioning correctly; it is deleted immediately after processing. Data may be used to assess liability in the event of hypothetical cyber crimes that damage the website: to this end, web contact data may be kept in compliance with and limited to this purpose. Starting with the IP address and the domain name of the computers used, limited to the purpose of assessing liability, it may be possible to trace other data identifying the user (in particular, name, surname, e-mail address, etc.);
  • Data collected by means of cookies: for information on the cookies present on the Mutti Website and other tracking tools, please refer to the Cookie Policy [link to the Cookie Policy]. The interactions with the websites visited by Data Subjects through the use of Facebook Business Tools mean that browsing data is also processed by Facebook, which acts as autonomous controller.

3. MINORS

This Data Controllers’ Website and Services are not for individuals under the age of 16 and the Data Controllers do not intentionally collect personal data relating to minors. In the event that personal data relating to minors is involuntarily collected, the Data Controllers will promptly erase this at the request of a user. The protection of the security and confidentiality of minors is very important for us. When registering with the Website in the specific section, filling in any data collection forms present on said Website or requesting to receive/subscribe to the Newsletter service, the Data Subject confirms and declares that they are over 16 years old or in any case that they are no younger than the legal age in the country of residence, where other age limits apply.

4. PURPOSES OF DATA PROCESSING

The personal data supplied by Data Subjects through the Website is collected and processed by the Data Controllers for the following purposes and legal bases:

A. without prior consent for the purposes of the service and, in particular, for:

1. any telephone technical assistance service provided to the Data Subject for critical issues deriving from use of the website (e.g. display of contents, use of the website and some of its functions); 

  • management of a contact request by the data subject;

2. fulfilment by the Data Controllers of legal obligations, such as:

  • compliance with legislation, regulations or national and European Community law, i.e. obligations established by the competent authorities;

3. the pursuit of a legitimate interest of the Data Controllers:

  • Website management and maintenance: the interest of the Data Controllers reflects the general interest of an enterprise in guaranteeing business operations, including through the functions of the Website and the adoption of possible ways of improving the efficiency of the service offered;
  • to prevent or discover fraudulent activity or abuse that is damaging to the Website and the exercise and protection of the Data Controllers’ rights in a court of law and dispute management: the interest of the Data Controllers as a general, real and current interest in not suffering damages following unlawful conduct by a third party, insofar as this must prevail over the interests of the individual Data Subject;

B. only following consent for:

1. The use of Facebook tools to measure and analyse interactions with the web pages visited by the Data Subjects and the supply of targeted advertising on the Facebook social network, in particular:

  • the Data Controllers and Facebook Ireland Limited will process, as autonomous data controllers as described in paragraph 1), the data relating to interactions with the websites visited by Data Subjects through the use of Facebook Business Tools (by way of example, Cookies, Insight and Facebook Pixels). More information about how Meta Platforms Ireland Ltd. processes Data, including the legal basis to which Meta Platforms Ireland Ltd. refers, and about how to exercise Data Subject rights in regard to Meta Platforms Ireland Ltd., is available from the Facebook Ireland Data Policy available at https://www.facebook.com/privacy/explanation;
  • In particular, the Data Controllers’ Website uses what are termed “social plug-ins”. Social plug-ins are special tools that allow for the incorporation of social network functions directly within the Website (e.g. the “Share” button or the Facebook icon to redirect to the Facebook page from the Mutti website). All social plug-ins featured on the website are marked with the respective proprietary logo of the social network platform. The collection and use of information obtained by means of the plug-in are regulated by the respective privacy disclosures of the social networks, to which you are asked to refer.

When you visit a page of our website and interact with the plug-in (e.g. by clicking on the “Share” button or the Facebook icon to redirect to the Facebook page from the Mutti website) or you decide to leave a comment, the relevant information is sent by the browser directly to the social network platform (in this case Facebook) and saved by it. More information about how Meta Platforms Ireland Ltd. processes Data, including the legal basis to which Meta Platforms Ireland Ltd. refers, and about how to exercise Data Subject rights in regard to Meta Platforms Ireland Ltd., can be found in the Meta Platforms Ireland Ltd. Data Policy available at https://www.facebook.com/privacy/explanation

5. NATURE OF CONFERRAL OF DATA

The conferral of data in respect of the purposes pursuant to letter A) is mandatory and any refusal to do so will make it impossible for the Data Controller to follow up on the requests of the Data Subject or fulfil its legal obligations. As regards the purposes pursuant to letter B.1), the conferral of personal data is optional and its use is subject to a voluntary interaction with the social plug-in by the Data Subject. Failure to interact shall have no consequences and the Data Subject may continue to browse the Website even without interacting directly with the social network platform.

6. METHODS OF DATA PROCESSING

The Data of Data Subjects is processed using electronic means through the collection, recording, update, organisation, storage, consultation, elaboration, selection, extraction, comparison, use, interconnection, blocking, erasure and destruction of the Data. Data will be processed by Mutti S.p.a. and Mutti Australia Pty Ltd and their appointed persons using computer (and manual) systems, according to the principles of correctness, loyalty and transparency envisaged by applicable personal data protection legislation and protecting the confidentiality of the Data Subject and their rights by taking suitable technical and organisational measures to guarantee a level of security that is appropriate to the risk. Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access. 

7. DATA STORAGE

With reference to the purposes pursuant to points A) of paragraph 4 (Purpose of processing), Data will be processed for the entire duration of the relationship in order to fulfil the specified purposes and in any case for no more than 10 years from contract execution, if a contract is concluded. Browsing Data will be processed and stored for 7 days. Personal Data functional to the fulfilment of any legal obligations will also be stored thereafter, in compliance with such obligations and in respect of the storage times established by provisions applicable over time. 

For Data conferred for the purposes pursuant to point B, no. 1 (use of Facebook Business Tools) of paragraph 4 (Purpose of processing), Data will be processed in the ways envisaged by Meta Platforms Ireland Ltd.  in the Regulation on Facebook data, available to view at https://www.facebook.com/privacy/explanation. 

8. SCOPE OF PROCESSING, DISCLOSURE, DISSEMINATION 

The data of Data Subjects will be made accessible and processed for the purposes described in paragraph 4 of this disclosure:

  • to in-house staff and collaborators of the Data Controllers Mutti S.p.a. and Mutti Australia Pty Ltd (in their capacity as appointed and/or internal data processors and/or system administrators);
  • to companies belonging to the same corporate group as Mutti;
  • to third parties to whom activities are outsourced on behalf of the Data Controllers Mutti S.p.a and Mutti Australia Pty Ltd (such as, for example, Website management and maintenance providers, suppliers, companies that issue promotional coupons, companies that manage the competitions and the promotions of the Data Controllers etc., upon the appointment of same as data processors, limited to the purposes envisaged by this policy and in compliance with the GDPR).

The Data collected will not be disseminated and will not be disclosed without the explicit consent of the Data Subject.

Conversely, the Data Controllers may disclose your Data to supervisory bodies, public entities, data protection authorities, police forces and legal authorities, as well as to all subjects to whom disclosure is a legal requirement in order to pursue the specified purposes, without any need for your express consent (pursuant to Art. 6 of the GDPR). Said parties listed will process the data in their role as autonomous data controllers.

A complete, up-to-date list of the parties that process Data as processors and autonomous controllers is available on request from Mutti S.p.A. with registered office at 28 Via Traversetolo, Montechiarugolo (PR – 43022) and from Mutti Australia Pty Ltd, Suite 11 87-103 Epsom Road, Rosebery NSW 2018, Australia.

9. TRANSFER OUTSIDE THE EU 

The Data Controllers may transfer Data outside the European Union for the technical management of certain processes (e.g. management of mailing lists and registered accounts).  To this end, the Data Controllers Mutti S.p.a. and Mutti Australia Pty Ltd shall assess the impact of data transfers and adopt the most appropriate safeguards (e.g. the adoption of adequacy decisions where present or standard contractual clauses and in certain limited cases the exemptions permitted by law). 

For information on the transfer of the Personal Data collected by means of cookies, including those of third parties, please refer to the Mutti Cookie Policy and the privacy policies of each third party, available from their websites and illustrated in the tables included in the Cookie Policy. More specifically, to this end, the social networks will process the Data of Data Subjects as autonomous data controllers. For more information about the data processing performed by such social networks (e.g. Facebook, Instagram, Twitter and YouTube), please refer to the privacy policies adopted by the social networks at the following links:

10. RIGHTS OF DATA SUBJECTS

In respect of the data processing described therein, Data Subjects can exercise the rights pursuant to Articles 15-22 of the GDPR and, more specifically:

  • the right to obtain confirmation as to whether or not personal data concerning him or her exists, even if not yet registered, and access to its content (right of access);
  • the right to obtain the update, amendment and/or correction of Personal Data (right to rectification);
  • the right to request the erasure of personal data or the restriction of the processing of data processed unlawfully, including that not needing to be stored in connection with the purposes for which the data was collected or otherwise processed (right to be forgotten and right to restriction);
  • the right to lodge a complaint with the competent Supervisory Authority in the event of a breach of personal data protection regulations;
  • the right to object to processing (right to object);
  • the right to withdraw consent, where given, without detriment to the lawfulness of the processing based on the consent given prior to withdrawal;
  • the right to object entirely or partly to an automated collection process, including profiling;
  • the right to receive a copy of the personal data conferred to the Controller in a structured, commonly used and machine-readable format and to ask that such data be transmitted to another data controller, where technically possible (right to data portability).

11. METHOD OF EXERCISING RIGHTS

You may exercise your rights at any time by sending the autonomous Data Controllers a letter via recorded delivery to: Mutti S.p.A., Via Traversetolo n. 28, Montechiarugolo (PR – 43022), or an e-mail at muttispa@muttispa.it or by contacting Mutti Australia Pty Ltd at Suite 11 87-103 Epsom Road, Rosebery NSW 2018, Australia.

12. CHANGES TO THIS PRIVACY POLICY

This Policy may undergo changes over time in accordance with privacy laws. The Data Subject is therefore asked to check this page regularly. To this end, the policy reports the date on which it was last updated.

Last revised October 2023

Choose country and language

Global site