101 Caffè Srl, with registered office in Via dei Lavoratori 8/10 – 20090 Buccinasco (MI), IT, in its capacity as Data Controller of personal data pursuant to EU Regulation 679/2016 applicable from May 25, 2018 – the General Data Protection Regulation (GDPR) – and the relevant applicable National Legislation (hereinafter collectively referred to as the “Applicable Legislation”) recognizes the importance of the protection of personal data and considers its protection one of the main objectives of its activity. In compliance with the Applicable Legislation, we are providing the necessary information regarding the processing of personal data provided; therefore, 101 Caffè srl invites you to read this information notice carefully as it contains important information on the protection of personal data and the security measures taken to ensure privacy in full compliance with Applicable Legislation. 101 Coffee Srl informs you that the processing of personal data will be based on the principles of lawfulness, fairness, transparency, limitation of purpose and storage, data minimization, accuracy, integrity and confidentiality. Personal data will therefore be processed in accordance with the legislative provisions of the Applicable Legislation and the obligations of confidentiality therein.
1. Data controller
According to the Applicable Legislation, the data controller is 101 Caffè Srl, with headquarters in Via dei Lavoratori 8/10 – 20090 Buccinasco (MI), IT.
In turn, 101 Caffè Srl has appointed a Data Protection Manager, who is available at: firstname.lastname@example.org and tel. +39 02.87240690 for any information relating to the processing of personal data carried out by the Data Controller, including requests for the list of data processors who process data on behalf of the Data Controller.
2. Personal data that is the object of the processing
“Personal Data” means any information relating to an identified or identifiable natural person, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more features of their physical, physiological, mental, economic, cultural or social identity.
“Sensitive Data” means personal data that may reveal racial or ethnic origin, religious or philosophical beliefs, or trade union membership, as well as generic and biometric data, data relating to a person’s health or sex life or sexual orientation. “Judicial Data” means personal data relating to criminal convictions and offenses or related security measures. “Processing” means any operation or set of operations, whether or not by automatic means, applied to personal data or a set of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, deletion or destruction.
3. Place of data processing
The processing of data takes place at the abovementioned headquarters of the data controller, at third parties duly identified or through the website.
4. Types of data processed
The processing has as its object the personal and identification data voluntarily provided by the data subject (by way of example but not limited to: name, surname, address, VAT number, tax code, landline or mobile phone number, e-mail address, bank details, cookies, usage data, etc.).
5. Legal basis and mandatory or optional nature of the processing
A: Administrative-accounting. For the purposes of the application of the provisions on the protection of personal data, the forms of processing carried out for administrative-accounting purposes are those related to the performance of activities of an organisational, administrative, financial and accounting nature, regardless of the nature of the data processed. In particular, these purposes are pursued by internal organisational activities, which are functional for the fulfillment of contractual and pre-contractual obligations, for the management of the employment relationship in all its phases, for the keeping of accounts and the application of the rules on taxes, trade unions, social security and welfare, health, hygiene and safety at work.
B: Informative and promotional. The use of electronic mail addresses provided by the customer in the context of the finalization of the registration and for the subsequent execution of the contractual relationship is allowed for the purpose of sending information/promotional communications.
6. Nature of provision and refusal
The data subject may at any time oppose the processing of personal data by exercising the rights provided for by the Applicable Legislation in the forms and ways indicated herein.
8. Modalities of data processing-preservation
9. Scope of communication and dissemination
The data may be communicated in this sense to third parties belonging to the following categories:
– subjects that provide services for the management of the information system used by the Data Controller and of the telecommunication networks, and which work on the maintenance of the technological part (including the e-mail and the newsletter service);
– freelancers, firms or companies in the area of support and consulting; subjects that carry out control, review and certification of the activities carried out by the data controller;
– subjects carrying out control, audit and certification of the activities carried out by the data controller;
– competent authorities for the fulfillment of legal obligations and/or the provisions of public bodies, at their request.
The identification data processed in application of the company’s security procedures is not subject to communication, except in the case of express and specific requests made by the competent judicial and investigative authorities. The subjects belonging to the above mentioned categories act as Data Processors, or operate completely independently as separate Data Controllers. The list of data processors is constantly updated and available on request at the headquarters of the Data Controller. Any further communication or dissemination will take place only with the express consent of the data subject. Moreover, during the ordinary activities of processing, the persons expressly designated by the company as responsible for processing, authorized according to their roles, can access personal and identification data and thus come into the knowledge of it.