PRIVACY DISCLOSURE IN ACCORDANCE WITH REGULATION (EU) 2016/679 – GENERAL DATA PROTECTION REGULATION (GDPR)
We hereby inform you, in accordance with Regulation EU 679/2016 (hereinafter the “GDPR” and with legislation, including national regulations, governing personal data protection, Italian Legislative Decree no. 196/2003 (hereinafter the “Privacy Legislation”), that the personal data (hereinafter the “Data”) relating to the Website users (hereinafter the “Data Subjects”) will be processed in the following ways and for the following purposes.
Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In compliance with the provisions of the GDPR, processing carried out by Data Controllers will be lawful, correct, transparent and protect confidentiality.
1. DATA CONTROLLERS
• Mutti S.p.A. and MUTTI NORDICS AB (hereinafter “Mutti”, having registered office in Montechiarugolo, at Via Traversetolo n. 28 (PR – 43022), VAT no. 02758310342, telephone +39 (0521) 652511, fax +39 (0521) 652596, e-mail firstname.lastname@example.org and MUTTI NORDICS AB, having registered office in STOCKHOLM, at CONVENDUM VASAGATAN 16 (111 20 ) VAT no. SE559188233601, telephone +46730789969, “Controllers”) are the autonomous controllers of the processing of the Data collected through this Website;
• Exclusively in relation to the Facebook Business Tools (for example the “Share” button or the Facebook Insight that redirects to the Facebook page from the Mutti website) and the Facebook Pixels, Mutti S.p.a., Mutti Nordics and Meta Platforms Ireland Ltd., having registered office at 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland, act as autonomous data controllers to measure the level of interaction between the websites visited on the basis of the preferences of the Data Subjects, and to provide targeted advertising on the social network. More information is available at the links given below as to how data is processed by Facebook, Instagram, Messenger and other products and functions offered by Meta Platforms Ireland Limited (Meta Products or Products). The user can find more tools and information in the Facebook settings and Instagram settings, including the legal basis to which Meta Platforms Ireland Ltd., with registered office at 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland refers and how to exercise the rights of the data subject.
2. TYPES OF DATA PROCESSED
The following Data is processed:
– Browsing data: such as the IP addresses or domain names of the computers used by users connecting to the Website and the URI (Uniform Resource Identifier) notation addresses of the resources requested, the transmission of which is implicit in the use of internet communication protocols. This information is not collected for association with identified data subjects, but its nature may, through processing and association with data held by third parties, enable the users to be identified. This data is used purely to obtain anonymous statistical information on the use of the website and to control that it is functioning correctly; it is deleted immediately after processing. Data may be used to assess liability in the event of hypothetical computer crime to the detriment of the website: to this end, web contact data may be kept in compliance with and limited to this purpose. Starting with the IP address and the domain name of the computers used, limited to the purpose of assessing liability, it may be possible to trace other data identifying the user (in particular, name, surname, e-mail address, etc.);
– Data supplied voluntarily by the user: such as identifying data, like name, surname, place and date of birth, e-mail address, telephone number, tax code, address of residence or domicile, etc.; any other data supplied, e.g. when registering with the Website in the specific section and filling in any data collection forms as may be available form the Website, or when buying Mutti brand products or subscribing to specific services, such as the Newsletter Service. For the “Work with us” section of the website, Mutti asks users to refer to the specific disclosures on the processing of such data;
The Data Controller’s website and services are not intended to be used by individuals under the age of 16. The Data Controller does not intentionally collect personal data relating to minors. In the event that personal data relating to minors is involuntarily collected, the Data Controller will promptly erase this at the request of a user. The protection of the security and confidentiality of minors is very important for us. When registering with the Website, in the specific section, and when filling in any data collection forms present on such Website or when requesting the supply/subscribing to the Newsletter service, the data subject confirms and declares that they are aged over 16 years old or in any case that they are no younger than the age indicated by legislation of the country of residence, where other age limits apply.
4. PURPOSES OF DATA PROCESSING
The personal data supplied by Data Subjects through the Website is collected and processed by the Controller for the following purposes and legal bases:
A. without prior consent for service purposes and, in particular, for:
1. the execution of the contract and/or precontractual commitments, in particular:
– participation in events/contests regulated by specific regulations or general conditions of contract that will be submitted to you for acceptance;
– any telephone technical assistance service provided to the data subject for critical issues deriving from use of the website (e.g. display of contents, use of the website and some of its functions);
– management of a contact request by the data subject;
2. fulfilment by the Controller of legal obligations, such as:
– compliance with obligations set forth by national and European Community laws, regulations or legislation or set by the competent authorities;
3. the pursuit of a legitimate interest of the Controller:
– Website management and maintenance: the interest of the Controller is the general interest of an enterprise in guaranteeing business operations, including through the Website function and possible ways by which to increase the efficiency of the service offered;
– to prevent or discover fraudulent activity or abuse that is damaging to the Website and the exercise and protection of the Controller’s rights in a court of law and dispute management: the interest of the Controller is the general, real, current interest in not suffering damages following unlawful conduct by a third party, insofar as this must prevail over the interests of the individual data subject;
B. only with prior consent for the following purposes:
1. Marketing Purposes, in particular for:
– sending of commercial and promotional communications relating to products, services, special initiatives and invitations to events through newsletters and/or automated tools (e-mail, social media, social chat, etc.)
– registering for services and functions offered to the individual website user;
2. Using Facebook tools to measure and analyse interactions with the web pages visited by the Data Subjects and to supply targeted advertising on Facebook social network, in particular:
– the Company and Facebook Ireland Limited will process, as autonomous controllers as described in paragraph 1) above, the data relating to interactions with the websites visited by Data Subjects through the use of Facebook Business Tools (merely by way of example, Cookies, Insight and Facebook Pixels). For further information about how Meta Platforms Ireland Ltd. processes Data, including the legal basis to which Meta Platforms Ireland Ltd. refers, and about how to exercise data subject rights in regard to Meta Platforms Ireland Ltd., please read the Facebook Ireland Data Policy available at https://www.facebook.com/privacy/explanation;
– In particular, the Data Controllers’ Website uses what are termed “social plug-ins”. Social plug-ins are special tools that allow for the incorporation of social network functions directly within the Website (e.g. the “Share” button or the Facebook icon to redirect to the Facebook page from the Mutti website). All social plug-ins featured on the website are marked with the respective proprietary logo of the social network platform. The collection and use of information obtained by means of the plug-in are regulated by the respective privacy disclosures of the social networks, to which you are recommendedto refer.
When you visit a page of our website and interact with the plug-in (e.g. by clicking on the “Share” button or the Facebook icon to redirect to the Facebook page from the Mutti website) or you decide to leave a comment, the relevant information is sent by the browser directly to the social network platform (in this case Facebook) and saved by it. More information about how Meta Platforms Ireland Ltd. processes Data, including the legal basis to which Meta Platforms Ireland Ltd. refers, and about how to exercise data subject rights in regard to Meta Platforms Ireland Ltd., is available from the Meta Platforms Ireland Ltd. Data Policy available at https://www.facebook.com/privacy/explanation
5. NATURE OF CONFERRAL OF DATA
Conferral of data in respect of the purposes pursuant to letter A) is mandatory, and any refusal to do so will make it impossible for the Controller to fulfil the contractual commitments made or follow up on your requests or fulfil legal obligations. As regards the purposes pursuant to letter B.1) above, conferral of personal data is optional and its use is subject to the giving of explicit consent by the Data Subject. Any refusal to give such consent will have no effect, except that it will not be possible to inform the Data Subjects about initiatives run by the Company that may be of their interest. Instead, as regards the purpose pursuant to letter B.2), conferral of personal data is optional and its use is subject to a voluntary interaction with the social plug-in by the Data Subject. Failure to interact shall have no consequences and the Data Subject may continue to browse the Website even without interacting directly with the social network platform.
6. METHODS OF DATA PROCESSING
The Data of the Data Subjects is processed using electronic means through the collection, recording, update, organisation, storage, consultation, elaboration, selection, extraction, comparison, use, interconnection, blocking, erasure and destruction of the Data. Data will be processed by the Company and its appointed persons using computer (and manual) systems, according to principles of correctness, loyalty and transparency envisaged by applicable personal data protection legislation, and protecting the confidentiality of the Data Subject and their rights by taking suitable technical and organisational measures to guarantee a level of security that is appropriate to the risk. Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access.
7. DATA STORAGE
With reference to the purposes pursuant to points A) of paragraph 4 (Purpose of processing) above, Data will be processed for the entire duration of the relationship in order to achieve the specified purposes and in any case for no more than 10 years from contract execution, if a contract is concluded. Browsing Data will be processed and stored for 7 days. Personal Data functional to the fulfilment of any legal obligations will be stored even thereafter, in compliance with such obligations and in respect of the storage times established by provisions applicable over time.
For Data conferred for the purposes pursuant to point B, no. 1 (marketing), paragraph 4 (Purpose of processing) above, Data will be stored for 24 months from collection and until consent is withdrawn. Upon expiry of this time, data will be erased or made anonymous and in any case Data Subjects can always alter the consent given to the processing of their Data by the Controller for these same purposes.
For Data conferred for the purposes pursuant to point B, no. 2 (use of Facebook Business Tools) of paragraph 4 (Purpose of processing) above, Data will be processed according to that envisaged by Meta Platforms Ireland Ltd. in the Regulation on Facebook data, available for consultation at https://www.facebook.com/privacy/explanation.
8. SCOPE OF PROCESSING, DISCLOSURE, DISSEMINATION
Your Data will be made accessible and processed for the purposes described in paragraph 4 of this disclosure:
- to in-house staff and collaborators of the Controller in their capacity as appointed and/or internal data processors and/or system administrators;
- to companies belonging to the same corporate group as Mutti;
- to third parties to whom activities are outsourced on behalf of the Controller, such as, for example, Website management and maintenance providers, suppliers, etc., upon appointment of data processors, limited to the purposes envisaged by this disclosure and in compliance with the GDPR.
The Data collected will not be disseminated and will not be disclosed without your explicit consent.
By contrast, with no need for express consent (pursuant to Art. 6 of the GDPR), the Controller may disclose your Data to supervisory bodies, public entities, data protection authorities, police forces and legal authorities, as well as to all subjects to whom disclosure is a legal requirement in order to pursue the specified purposes. The parties listed will process the data in their role as autonomous data controllers.
A complete, up-to-date list of subjects processing Data as processors and autonomous controllers is available on request from Mutti S.p.A. with registered office in Montechiarugolo, at Via Traversetolo n. 28 (PR – 43022) and from MUTTI NORDICS AB, having registered office in STOCKHOLM, at CONVENDUM VASAGATAN 16 (111 20 ).
9. TRANSFER OUTSIDE THE EU
The Company may transfer the Data outside the European Union. To this end, in accordance with privacy legislation, the Company shall assess the impact of the transfers of data and adopt, if applicable, the most appropriate guarantees (for example, decisions of adequacy or standard contractual clauses).
10. RIGHTS OF DATA SUBJECTS
In respect of the data processing described therein, Data Subjects can exercise the rights pursuant to Articles 15-22 of the GDPR and, more specifically:
- the right to obtain confirmation as to whether or not personal data concerning him or her exists, even if not yet registered, and access to their content (right of access);
- the right to obtain the update, amendment and/or correction of Personal Data (right to rectification);
- the right to request the erasure of personal data or the restriction of processing of data processed unlawfully, including that not needing to be stored in connection with the purposes for which the data was collected or otherwise processed (right to be forgotten and right to restriction);
- the right to lodge a complaint with the Supervisory Authority in the event of a breach of personal data protection regulations;
- the right to object to processing (right to object);
- the right to withdraw consent, where given, without detriment to the lawfulness of the processing based on the consent given prior to withdrawal;
- the right to object entirely or partly to an automated collection process, including profiling;
- the right to receive a copy of the personal data conferred to the Controller in a structured, commonly used and machine-readable format and to ask that such data be transmitted to another data controller, where technically possible (right to data portability).
11. METHOD OF EXERCISING RIGHTS
You can exercise your rights at any time:
by notifying the Controller in a letter sent recorded delivery to: Mutti S.p.A., Via Traversetolo n. 28, Montechiarugolo (PR – 43022), or to MUTTI NORDICS AB, having registered office in STOCKHOLM, at CONVENDUM VASAGATAN 16 (111 20 ); or by e-mailing: email@example.com
This Disclosure may be changed over time in implementation of provisions of law issued regarding privacy. We therefore recommend that data subjects check this page regularly. To this end, the disclosure shows the date on which it was last updated.
Last revision May 2022