INFORMATION PURSUANT TO ART. 13 AND 14 R. (EU) 2016/679
The data controller is Befed Franchising Srl (P.IVA: 1666880933) with headquarters at Via Madonna della Neve 27 – 24121 Bergamo, Italy, to whom any inquiries regarding data processing may be addressed either at the address of the registered office or via email at email@example.com
PURPOSE AND LEGAL BASIS FOR PROCESSING
- Data from Data Subjects are collected for the following purposes:
- Responding to inquiries
- Getting in touch with Interested Parties
- Providing our services and fulfilling contractual obligations undertaken
- Fulfilling legal obligations imposed on the data controller
- Evaluate C.V.’s, both in the case of spontaneous application through the “Work with us” page and as a result of request for collaboration carried out through announcement on social channels of the owner, through the medium of recruitment agencies, through the use of dedicated portals.
- Adopt security measures
- Collect browsing statistics
The provision of data is mandatory in order to benefit from the above services and any denial will result in the inability of the Owner to provide the requested service or product.
- The personal data provided may also be processed for:
- Promotional activities of the Owner, including through the use of social networks;
- Sending newsletters and promotional messages related to products and services offered by the Data Controller;
- Geolocation through the “find a venue near you” page
- Profiling customers’ tastes and consumption habits
For these particular activities, the expression of specific consent is requested, which can be revoked at any time.
TYPES OF DATA COLLECTED
- Personal Data may be collected as a result of contractual, pre-contractual relationships, or automatically during the use of this Site or through third parties.
- The Personal Data collected by the Owner are:
- generalities, fiscal identifiers, contact information and contact details, email,
- Consumption preferences and habits
- IP address, Usage data, Cookie.
MODE OF TREATMENT
- The Data Controller processes Users’ Personal Data by taking appropriate technical and organizational measures to protect their security and aimed in particular at preventing unauthorized access, disclosure, loss, modification or destruction of Personal Data.
- The processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes.
CATEGORIES OF RECIPIENTS
- The Owner may disclose Personal Data to third parties:
- In fulfillment of legal and contractual obligations;
- for the Holder’s internal organization (administrative, sales, marketing, system administrators)
- for the Holder’s external organization (third-party technical service providers, hosting providers, IT companies, communication agencies, home delivery services, table reservation services). In this case, where the prerequisites are met, third party service providers may be appointed as Data Processors by the Controller. An up-to-date list of Data Processors can always be obtained from the Data Controller.
- Personal data will not be disseminated, except in the case of publication, with explicit consent, of material on the website or social profiles of the Data Controller, to the disclosures of which please refer:
- You Tube: https://policies.google.com/privacy?hl=it
- LinkedIn: https://it.linkedin.com/legal/privacy-policy?
- Instagram: https://help.instagram.com/519522125107875
- Facebook: https://www.facebook.com/privacy/explanation
- Tik Tok: https://www.tiktok.com/legal/page/eea/new-privacy-policy/en
- Regarding the conduct of any sessions by videoconference, the following platforms may be used, in relation to which please refer to the respective disclosures:
- Zoom: https://zoom.us/privacy
- GoToMeeting: https://www.logmeininc.com/it/legal/privacy
- Google Meet: https://policies.google.com/privacy?hl=it
- Skype: https://privacy.microsoft.com/it-it
- Whereby: https://whereby.com/information/tos/privacy-policy/
- Whatsapp: https://www.whatsapp.com/privacy/?lang=it
- Management of CVs of candidates for possible employment: CVs submitted spontaneously by candidates or collected through recruitment process are deleted after the selection process is completed.
- Direct marketing and profiling: data are kept for a maximum period equal to that stipulated by the applicable regulations (equal to 24 and 12 months, respectively). Other data are deleted after 5 years. The user’s personal data intended for analyses directed at the development and improvement of the service are kept for the period of time necessary to carry out the analyses.
- Administrative, Accounting and Tax management of purchases and sales
- Requests for information: data are kept for as long as necessary to respond to requests from data subjects;
- Service Delivery: Data will be retained for the duration of the contractual relationship
- Tax Data: invoices, accounting records and transaction data are kept for 11 years in accordance with the law (including tax obligations).
- Defense in court: data will be retained for as long as necessary to ensure the Data Controller’s defense in court (statute of limitations and forfeiture periods; warranty periods as per law).
- Exercise of the right to be forgotten through a request for express deletion of personal data processed by the owner: data will be stored, in a protected form and with limited access, solely for the purpose of investigation and prosecution of crimes, for a period not exceeding 12 months from the date of the request, and thereafter will be securely deleted or irreversibly anonymized.
- Telematic traffic, however, excluding the contents of communications: data will be retained for a period not exceeding 72 months from the date of communication, pursuant to Art. 24 of Law no. 167/2017, which transposed EU Directive 2017/541 on counterterrorism.
RIGHTS OF THE DATA SUBJECT
Pursuant to R. (EU) 2016/679 (GDPR) and applicable national legislation, the data subject may, in the manner and within the limits provided by the current legislation, exercise the following rights by sending the request form prepared for this purpose to firstname.lastname@example.org:
- request confirmation of the existence of personal data concerning him/her (data subject’s right of access – Article 15 of Regulation 679/2016);
- Know its origin;
- Receive intelligible communication;
- Have information about the logic, methods and purposes of processing;
- request the updating, rectification, integration, deletion, transformation into anonymous form, and blocking of data processed in violation of the law, including data no longer necessary to achieve the purposes for which they were collected (right to rectification and deletion – Articles 16 and 17 of Regulation 679/2016);
- Right to restrict and/or object to the processing of data concerning him/her (Article 18 of Regulation 679/2016);
- Right of revocation;
- Right to data portability (Article 20 of Regulation 679/2016);
- in cases of consent-based processing, receive their data provided to the data controller, in a structured, machine-readable form and in a format commonly used by an electronic device;
- The right to lodge a complaint with the Supervisory Authority (data subject’s right of access – Article 15 of Regulation 679/2016).
Bergamo, November 2022