Pastificio Rana S.p.A., as Data Controller, intend to provide you the following specific information about the management of the website www.ristorantefamigliarana.it/en with reference to the process of personal data of users who consult it. It is also an information notice, according to article 13 of European Regulation 2016/679 (“GDPR” or “Regulation”).

 

LEGAL FRAMEWORK

• Directive 2002/58/EC on “personal data processing and protection of private life in the field of electronic communications”.
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation “GDPR”).
• Legislative Decree 30 June 2003 n. 196 “Code regarding the protection of personal data", as amended by Legislative Decree 10 August 2018 n. 101.

 

THE DATA CONTROLLER

The Data Controller is Pastificio Rana S.p.A., Via Antonio Pacinotti n. 25 – 37057 San Giovanni Lupatoto (VR), e-mail address privacy@rana.it.

 

THE DATA PROTECTION OFFICER

The Data Controller has appointed a Data Protection Officer (“DPO”), who can be contacted at the following address privacy@rana.it.

 

DATA PROCESSING LOCATION

The personal data are processed at the Data Controller’s head office and at the head offices of other third parties, appointed as Data Processors according to art. 28 of the GDPR, who perform outsourcing services.

 

PERSONAL DATA PROCESSED

 

Browsing data

The information technology systems and the software procedures needed for the running of this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of the Internet communication protocols.

Such data is not collected to be associated with identified Data Subjects, but due to its nature, it could allow to identify the users, through processing and association with data held by third parties.

To this category of data belong the IP addresses or the domain names of the PC used by the users who connects to the website, the URI notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the size of the file obtained in response, the numeric code specifying the status of the response given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment.

Such data is used only in order to obtain anonymous statistical information on the use of the website and to control the correct operation and is delated immediately after processing. The data could be used to ascertain the liability in case of possible cybercrimes damaging the website.

 

Personal data voluntary provided by the user

The optional, explicit and voluntary sending of personal data by the user by filling the registration form on the website or by calling the telephone numbers published on the website, entails the subsequent collection of the personal data provided by the user, necessary to provide the service or the information requested.

Anonymous or aggregated data

Anonymisation is a process aimed at preventing the Data Subject’s identification. The data made anonymous are not regulated by the data protection legislation. The aggregated data can derive from personal data supplied by the user but is not considered personal data since, as specified, it doesn’t allow to directly or indirectly identify the Data Subject.

 

COOKIES

Please refer to the Cookie Policy available at [•] for more information on the cookies we use or if you wish to revoke or modify any consent previously expressed to the installation of cookies.

 

PURPOSES AND LEGAL BASES OF THE PROCESS

Personal data will be processd for the following purposes:

 

• (i) Purposes aimed at allowing navigation and consultation within the website.

The legal base of the process is the consent that is explicitly given by consulting the website (art. 6, paragraph 1, let. a), GDPR).

 

• (ii) Purposes related to the provision of the requested services (replies to requests for information).

The legal base of the process is the consent that is explicitly given by sending the request (art. 6, paragraph 1, let. a), GDPR).

 

• (iii) Purposes related to booking management.

The legal base of the process is to take steps at the request of the data subject prior to entering into a contract (art. 6, paragrafo 1, let. b) GDPR). With regard to special categories of personal data the legal base of the process is the consent expressed through the voluntary and free communication of such personal data.

 

• (iv) Defensive purposes in case of abuse in the use of the site or attempted fraud.

                   The legal basis of the processing is the legitimate interest (art. 6, first paragraph, let. f), GDPR).

 

SPECIAL CATEGORIES OF PERSONAL DATA

Processing your booking request, we may process sensitive health data that you provide voluntarily and with your express consent.

 

LINKS TO OTHER WEBSITES

This website could contain links or references for the access to other websites. We inform you that the Data Controller does not control the cookies or other monitoring technologies of such websites to which this policy does not apply. We therefore recommend that you consult the individual privacy policies relating to these websites.

 

DISCRETIONARY NATURE OF THE DATA PROVIDING

Apart from what has been specified concerning the surfing data (necessary for the functioning of the website), users are free to provide their personal data or not. However, failure to provide such data may enable to obtain what was requested.

 

CHECK ON YOUR PERSONAL DATA

The company will not sell or distribute the personal data collected to third parties unless it has obtained explicit consent from the data subject or unless this is explicitly required by law.

 

PROCESSING METHODS AND STORAGE TIME

Personal data are processed, even with the aid of automated devices, for the time strictly necessary to achieve the purposes for which it was collected. In particular, with reference to personal data processed in the context of the booking management the Data Controller will retain the data for ten years from the conclusion of the booking, that is until the time when the limitation period relating to contractual actions that may arise with reference to the contract in execution of which data are processed have expired and according to the provisions of the tax legislation. The data can be retained for a longer period, if necessary, in order to comply with regulatory provisions or if the data are necessary for the Data Controller to defend its rights in Court. The Data Controller, inspired by internationals standards, has adopted additional security measures to minimize the risks related to the confidentiality, availability and integrity of the personal data collected and processed.

 

SHARING, COMMUNICATION AND DIFFUSION OF PERSONAL DATA

The personal data collected may be shared, transferred or communicated to other companies, appointed as Data Processor, for activities strictly connected to the purposes indicated above and necessary to the functioning of the service (such as the management of the information system). Apart from these cases, personal data won’t be communicated unless there’s a contractual provision or upon specific consent by the Data Subject. In this sense, personal data may be transmitted to third parties, but only and exclusively if: a) there is explicit consent to share the data with third parties; b) there is a need to share information with third parties in order to provide the service required by the Data Subject; c) it is necessary in order to meet a request by the Court or Public Security Authorities. No data deriving from the web service is diffused.

 

TRANSFER OF PERSONAL DATA

Personal data will not be transferred to third countries, namely countries not belonging to the European Union or to the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the provisions of articles 44 et seq. of the GDPR

 

RIGHTS OF DATA SUBJECT

The regulation for the protection of personal data provides some rights for the subject to whom the data refer (data subject). In particular, according to art. 15 and subsequent of the EU Regulation 2016/679, each data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, to obtain rectification, erasure or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. To exercise the aforementioned rights, the user can contact the Data Controller by sending a registered letter with return receipt to the address indicated above or an email to privacy@rana.it or The Data Protection Officer at the following address dpo@rana.it.

 

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Every data subject who believes that the processing of personal data relating to him or her, through the web site, infringes the Regulation, shall have the right to lodge a complaint with a supervisory authority, according to article 77 of GDPR

 

CHANGES TO THIS DATA PROTECTION POLICY

The Data Controller periodically checks its data protection and security policy and – if needed – reviews it in connection with modifications deriving from regulations or organisations, or as dictated by technological evolution. Should the policy be modified, the new version will be published on this web page.