Your privacy is very important to Remo Srl (“Remo”) and for this reason Remo collects and manages your personal data with the utmost care, adopting specific security measures. Below you will find the main information on the processing carried out by Remo in relation to your personal data collected through the website www.fiorentini-baker.com (“Website”) both if you access the Website and simply decide to browse using the services, without making a purchase, and if you decide to purchase one or more products.
- Data controller of your personal data.
Pursuant to current legislation and the provisions of EU Regulation 2016/679 (hereinafter also “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, we inform you that:
The Data Controller of your personal data is Remo Srl, VAT no. 00886941202, registered office: Piazza Aldrovandi, 1, 40125 – Bologna (Italy).
Phone and contact data: 051/273222 – E-mail: email@example.com.
- Type of personal data processed by Remo
2.1. Browsing data
We may process personal data that we collect while you are browsing the Website or using the services offered by the Website. Computer systems and software procedures used to operate our Website, acquire some personal data whose transmission is implicit in the use of internet communication protocols.
This category of data includes your IP address or the domain name of the computer used to connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the your IT environment.
These data are used exclusively for the following purposes and are processed for the time strictly necessary to fulfil them:
⦁ allow access and browsing of the Website;
⦁ obtain statistical information on the use of our Website;
⦁ check the correct operation of the Website and improve our offer and services.
2.2 Data provided voluntarily
To simply view the Website no provision of your personal data is required.
As a user you have the possibility to register on the Website, creating your own personal account in order to carry out the purchase procedure. To carry out the registration to the Website, Remo collects the following personal data by filling in a specific form: first name, last name, e-mail address, telephone number, shipping address and billing data. To complete the registration process on the Website, you will need to create a personal password and confirm the registration of the account through the confirmation link, which you will receive by e-mail after sending the request.
During the purchase procedure, Remo collects personal data useful to complete the order, i.e. name, surname, shipping address, e-mail, telephone number, tax code.
The personal account will allow the user to check the order history, favourite product list.
Remo does not collect payment information, such as information on the credit card used for the purchase or its expiration date. This data will be encrypted and transmitted directly to the payment processor without passing through Remo’s servers. Therefore Remo has no access to this information and cannot save or store it.
The Website also provides a Contacts section, through which the user can submit requests for information, by filling out the appropriate form with information like name, surname, e-mail address and country.
2.3. Special data
Remo does not deliberately collect special categories of data, defined in art. 9 of EU Regulation 679/16 such as those data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health, sexual activity or sexual orientation of the person.
We encourage you not to provide such personal information through the Website.
- Purposes of data processing and related legal grounds
The personal data you provide will be used by Remo exclusively for the following purposes:
⦁ allow registration on the Website and access to services reserved for registered users. The legal ground is the execution of a contract to which you are a party and/or the execution of pre-contractual measures.
⦁ In case of purchase through the Website, the performance of obligations arising from contractual relationships of sale or the performance of pre-contractual activities, including the proper management of your purchase order and the required support in finalizing the order if necessary. The legal ground of the data processing is the execution of a contract to which you are a party and/or the execution of pre-contractual measures.
⦁ Fulfilment and respect of obligations arising from the law or from regulations and standards in force, in particular in the administrative, accounting, fiscal and privacy fields. The legal ground is the fulfilment of one or more legal obligations to which Remo is subject.
⦁ Management of general support activities and answering requests for information from users or customers of the Website, or answering any reports. The legal ground is the legitimate interest of Remo to answer requests, which also coincides with the legitimate interest of the users or customers of the Website who, in response to a request, expect a response from the Data Controller. The legitimate interest of Remo as defined above may be deemed to prevail over the fundamental rights and freedoms of the data subject, also by virtue of such reasonable expectations and of the relationship between the data subject and Remo, as well as in consideration of the nature of the data processed and the overlapping interests of the data subjects themselves.
⦁ Exclusively for the e-mail address provided for a purchase through the Website, to allow the direct offer, via e-mail, by Remo of products similar to those purchased (purpose called “soft spam”), provided that there is no deny consent to such processing in the manner indicated. The legal ground allowing the processing is the legitimate interest of the Data Controller to send this type of communication. This legitimate interest may be considered equivalent to the interest of the data subject in receiving “soft spam” communications. Pursuant to art. 130 of Italian Legislative Decree no. 196/2003, the processing put in place for this purpose does not require specific consent from the data subject, who is however informed, when receiving any communications, of the possibility to object at any time to the processing by means of the so-called opt-out to stop such communications.
⦁ Mange any complaints and/or disputes with customers of the Website. The legal ground is the legitimate interest of the Data Controller in dealing with issues that have arisen and customer complaints about products or services. This legitimate interest is equivalent to that of the customer to receive a response to communications or requests sent and to see the issues raised managed.
⦁ Only with your prior express consent, your personal data will be processed to send commercial and/or promotional communications (including Newsletters) regarding the initiatives, products and services offered by Remo (direct marketing purposes). The legal ground for the processing is the specific consent by the data subject, who may revoke it at any time.
- Compulsory or optional provision of data.
The provision of your data is:
⦁ compulsory for the purposes A), B), C) indicated in the previous point. Without the requested data it will not be possible to conclude or execute the contract, nor will it be possible to fulfil the legal obligations to which Remo is subject;
⦁ optional for purpose D). Failure to provide this information will prevent Remo from responding to requests for assistance or information.
⦁ For purposes E) and F), the data used have already been collected by the Data Controller to pursue other purposes indicated above. Therefore, the provision of such data is not expressly requested as Remo already has such data;
⦁ optional for purpose G). Without your specific consent, we will not be able to process your data for the purpose in question.
- How we process your personal data
Remo will process your data through the collection, recording, retention and processing, by means of digital, electronic and IT tools, suitable for storing, managing and transmitting the data, with logics that are strictly related to the purposes thereof.
Who will process your personal data and to whom your personal data will be disclosed.
The data processing will be carried out by staff appointed and instructed by Remo, specifically authorised pursuant to art. 4, paragraph 10 of EU Regulation 2016/679, and designated pursuant to art. 2 quaterdecies of the Italian Legislative Decree 101/2018, with procedures, technical and IT tools suitable to protect the confidentiality and security of your personal data.
Without prejudice to the communications and disclosures required by law, the data may be communicated to third parties who operate on behalf of Remo and according to its instructions, as data Processors. More specifically, the data may be communicated to:
⦁ companies or third parties in charge of shipping and/or delivery services, products sold through the Website and management of logistics services and suppliers related to the fulfilment of purchase orders;
⦁ banks and companies that manage the payment circuits through which payments are made for products purchased through the Website;
⦁ professionals, companies or consultants belonging to the following categories: internet providers, companies specialised in IT services, consulting companies in charge of installing, maintaining and updating the Website and relied upon by Remo to provide its services, including the sending of newsletters by automated systems;
⦁ all those public and/or private individuals, physical persons / legal entities (legal, administrative, tax consulting firms, judicial authorities etc.), if the communication is necessary or functional to the proper fulfilment of a legal obligation;
⦁ all subjects who have access to personal data by virtue of regulatory or administrative measures.
The data subject may request a complete and updated list of the subjects appointed as data processors by contacting one of the contacts listed below.
Your data will NOT be disseminated under any circumstances.
- How long and where we retain your personal data
The information and personal data that you provide through the Website, including data freely provided by filling out the forms on the Website, will be retained only for a period of time required to fulfil the purpose for which they have been collected and in compliance with applicable laws. More specifically:
⦁ personal data collected through the Contacts section and processed for the performance of the sales contract, including pre-contractual activity, are retained for 10 years from the execution of the contract, or if the pre-contractual activity does not lead to the conclusion of a contract, for 2 years from the end of the aforementioned pre-contractual activity.
⦁ Personal data processed to manage and maintain company accounts are retained for the time necessary to fulfil tax obligations and to keep accounting records, and in any case for a maximum of 10 years.
⦁ Personal data processed for “soft spam” activities are retained, in relation to this specific purpose, pursuant to and in accordance with the terms of art. 130 of the Privacy Code and unless you expressly state that you do not wish to receive further communications (opt-out)
⦁ The processing of data for direct marketing purposes and the retention of personal data may be carried out until the revocation of consent by the data subject as provided by the Authority for the protection of personal data in provision no. 181 of 15 October 2020, or for a period of 3 years from the last interaction of the user with the Newsletter.
Once the stated purposes have been fulfilled or following revocation of your consent, your personal data will be deleted or destroyed, unless otherwise requested by the authority or because of retention requirements established by law or different indications provided in particular sections of the Website.
Transfer of data abroad
The Data Controller may transfer your data to third parties (see paragraph 5) which may be located outside the European Union/EEA and which offer an adequate level of data protection, as established by specific decisions of the European Commission (https://www.garanteprivacy.it/web/guest/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-internazionale/trasferimento-dati-estero).
In particular, in order to execute the contract of sale of the Products, the Data Controller will transfer the collected data to FIORENTINI BAKER ASSOCIATED LTD with legal office in the UK, on the basis of the adequacy decision of the European Commission dated 28/06/2021.
The transfer of your personal data to countries for which there is no adequacy decision will take place only after the conclusion of specific agreements with those subjects, containing appropriate safeguards and guarantees for the protection of your personal data, also called “standard contractual clauses”, approved by the European Commission with decision 2021/914 of 4 June 2021; or if the transfer is necessary for the conclusion and execution of a contract for the purchase of goods offered on our Website, for the registration to the Website or the use of services on the Website or for the management of your requests.
- Security measures
We will take appropriate security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data. Technical, logistical and organisational measures are put in place to prevent damage, loss (including accidental loss), alteration, improper and unauthorised use of processed data.
We regularly test, verify and evaluate the effectiveness of our security measures in order to ensure continuous improvement in the processing security.
- Your rights
We would like to remind you that in relation to your personal data, you may exercise your rights towards the Data Controller, as set out in article 15 et seq. of the EU Regulation 2016/679, i.e. you may obtain confirmation of the existence of your personal data and request their communication in an intelligible form. You will also have the right to request the update, rectification, integration and erasure of the data or the limitation of processing. Finally, you have the right to oppose, in whole or in part, for legitimate reasons, the processing of your personal data, even if pertinent to the purpose of collection. You have the right to exercise the right to data portability and to lodge a complaint with the Supervisory Authority.
Below is a list of your rights
Rights of the data subject articles 15-22 of EU Regulation 2016/679
Art. 15 Right of access of the data subject:
the data subject has the right to obtain confirmation as to whether or not personal data relating to him/her are being processed; if so, to obtain access to the personal data and related information (categories of data, purposes, possible recipients, retention period or criterion, etc.).
Art. 16 Right of rectification: the data subject has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary statement.
Art. 17 Right to erasure (“right to be forgotten”): the data subject has the right to obtain from the Data Controller the erasure of personal data concerning him/her without undue delay and the Data Controller has the obligation to erase without undue delay the personal data for any of the reasons referred to in art. 17 paragraph 1 letters a, b, c, d, e, f, and paragraph 2 and paragraph 3 letters a, b, c, d, e.
Art. 18. Right to limitation of processing: the data subject has the right to obtain from the Data Controller the limitation of processing in one of the cases referred to in article 18 paragraph 1 letters a, b, c, d, and paragraphs 2 and 3.
Art. 19 Obligation to notify in case of rectification or erasure of personal data or limitation of processing: the Data Controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification or erasure or limitation of processing carried out pursuant to articles 16, 17 paragraph 1 and art. 18, unless this proves impossible or involves a disproportionate effort. The Data Controller shall inform the data subject of those recipients if the data subject so requests.
Art. 20 Right to data portability: the data subject has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her that have been provided to a Data Controller and has the right to transmit such data to another Data Controller without hindrance from the latter to whom he/she has provided them in the cases referred to in art. 20 paragraph 1 letter a, b, paragraphs 2, 3, 4.
Art. 21 Right of objection: the data subject shall have the right to object at any time, for reasons relating to his or her particular situation, to the processing of personal data relating to him or her pursuant to article 6, paragraph 1, letter e or f, including profiling on the basis of those provisions. Where the personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- Procedures for exercising the rights of the data subject.
The User may request information about the processing methods and the exercise of his/her rights as a data subject, as explained below:
⦁ formal requests for the exercise of rights by the data subject should preferably be sent using the request form provided by the Authority for the protection of personal data (downloadable through the following link https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/1089924) addressed to Remo Srl, to the attention of the administrative office, by certified e-mail to firstname.lastname@example.org, or by ordinary mail to the address of the registered office in Bologna, Strada Maggiore n. 49.
The User can also delete his/her account and therefore his/her personal data, except for those that Remo is obliged to keep according to the law, through the section “Request deletion of personal data” that can be found in his/her account.
Updated version of 22 december 2021