PRIVACY POLICY – Information document pursuant to article 13 Regulation (EU) 2016/679 – GDPR

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) we hereby give you the required information about the processing of personal data provided. This information does not apply to other sites that may be viewed by following links contained on websites run by the controller, who cannot be held in any way responsible for the websites of third parties.

This information is given pursuant to article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation) and is also based on the requirements of Directive 2002/58/EC, as updated byDirective 2009/136/ECon cookies, and on the Order issued by the Italian Data Protection Authority on 08/05/2014 on cookies.

Personal data that can be processed

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (C26, C27, C30).

Specific information

Specific information may be included in the website with regard to special services or the special processing of data supplied.

Cookies

For more information on the cookies used on this website,see the cookie policy using the following link.

DATA CONTROLLER

Pursuant to articles 4 and 24 of Regulation (EU) 2016/679 the Data Controller is Sofar SpA, Via Firenze 40, 20060 Trezzano Rosa (MI), Italy, in the person of its legal representative, who can be contacted by email at privacy@sofarfarm.it

DATA PROTECTION OFFICER(DPO)

Pursuant to articles 37 – 39 of Regulation (EU) 2016/679 the Data Protection Officer is Res Excelsa Srl, via Aventina 7, 00153 Rome, Italy, who can be contacted by email at dpo@sofarfarm.it

PURPOSES AND LEGAL BASIS OF PROCESSING

PURPOSE A)

Browsing this website

  • LEGAL BASIS: legitimate interest (article 6 (1) f) and recital 47 GDPR): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. Activities strictly necessary for operating the site and delivering the browsing service on the platform.
  • DATA RETENTION PERIOD: for the length of the browsing session.
  • NATURE OF PROVISION: necessary to allow browsing of the website

PURPOSE B)

Anonymous statistical analysis on how the visitor uses the website

  • LEGAL BASIS: legitimate interest (article 6 (1) f) and recital 47 GDPR): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. Activities strictly necessary for operating the site and delivering the browsing service on the platform.
  • DATA RETENTION PERIOD: for up to 2 years from the browsing session.
  • NATURE OF PROVISION: necessary to allow browsing of the website

PURPOSE C)

Filling in contact request forms and sending information

  • LEGAL BASIS: the need to take steps including at the request of the data subject prior to entering into a contract (article 6 (1) b) GDPR).
  • DATA RETENTION PERIOD: 1 year
  • NATURE OF PROVISION: provision of the data is optional or mandatory depending on the specific purpose for which the data is processed. Failure to provide data will make it impossible to obtain the service requested or to use the services offered by the data controller.

PURPOSE D)

Filling in any data collection forms in the private registration/login area

  • LEGAL BASIS: the need to take steps including at the request of the data subject prior to entering into a contract (article 6 (1) b) GDPR).
  • DATA RETENTION PERIOD: 2 years
  • NATURE OF PROVISION: provision of the data is optional or mandatory depending on the specific purpose for which the data is processed. Failure to provide data will make it impossible to obtain the service requested or to use the services offered by the data controller.

PURPOSE E)

Filling in any data collection forms for personnel selection

  • LEGAL BASIS: the need to take steps including at the request of the data subject prior to entering into a contract (article 6 (1) b) GDPR).
  • DATA RETENTION PERIOD: 2 years
  • NATURE OF PROVISION: provision of the data is optional or mandatory depending on the specific purpose for which the data is processed. Failure to provide data will make it impossible to obtain the service requested or to use the services offered by the data controller

PURPOSE F)

Marketing activities for digital campaigns

  • LEGAL BASIS: data subject’s consent (article 6 (1) a) GDPR).
  • DATA RETENTION PERIOD: until the purpose has been completed
  • NATURE OF PROVISION: the provision of such data is optional. Failure to provide data will make it impossible to obtain the service requested or to use the services offered by the data controller

DATA RECIPIENTS OR CATEGORIES OF RECIPIENTS

Personal data provided will be disclosed to recipients, who will process the data as processors (article 28 of Regulation (EU) 2016/679) and/or as persons acting under the authority of the Controller or Processor (article 29 of Regulation (EU) 2016/679), for the purposes listed above, and to third parties. In detail, data will be disclosed to:

  • The local sales/distribution network;

  • Parties that provide IT system and telecommunications management services (including the email system);

  • Firms or companies that formally provide support and advice;

  • Competent authorities to fulfil legal obligations and/or orders from public bodies, on request;

  • For administrative and accounting purposes, data can also be sent to commercial information companies to assess solvency and payment habits and/or to parties for debt recovery purposes.

The parties belonging to the above categories act either as data processors or, independently, as separate data controllers. The list of processors is constantly updated and is available by writing to dpo@sofarfarm.it or the registered office at Via Firenze 40, 20060 Trezzano Rosa (MI), Italy

TRANSFER OF DATA TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS AND GUARANTEES

Personal data will not be transferred to non-EU countries.

DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD

Processing will be carried out electronically and manually, using methods and tools that ensure maximum security and confidentiality, by specifically authorised parties. In accordance with article 5 (1) e) of Regulation (EU) 2016/679 personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data will be retained based on the purpose of the processing.

The period is determined based on criteria about which data subjects can receive information by writing to dpo@sofarfarm.it

DATA SUBJECTS’ RIGHTS

You can exercise your rights as expressed in Regulation (EU) 2016/679, by sending an email tothe Controller at dpo@sofarfarm.it or by writing to the Controller’s registered office indicated above. You have the right, at any time, to ask the Controller for access to your personal data (article 15), for rectification (article 16) or erasure (article 17) of the data, or for restriction of processing (article 18) or to object to its processing based on legitimate interests (article 21).

Processing does not have its legal basis in consent but in legitimate interest. When processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

To object to processing and to exercise the other rights, you can write to dpo@sofarfarm.it

You have the right to complain to a Supervisory Authority. Disclosing personal data is not mandatory. You are free to provide your personal data in the dedicated areas of the site. Failure to provide data means that you are unable to use the services offered by the controller. There is no automated decision-making process.

Revision date 14/12/2020