Essebi

Information on the processing of personal data

Disclosure pursuant to Articles 13 of Regulation (EU) 2016/679
General Data Protection Regulation
Browsing on the website www.essebicucine.it

Below we provide to the individuals who come into contact with our Company (the “Data Subjects”) a brief description of the essential features of the processing of their personal data related to their browsing of the website www.essebicucine.it of Essebi Srl, with its registered office at Via Madonna Delle Grazie, 3, VAT number IT 02252240268, acting as the Data Controller (hereinafter the “Controller”). The processing will be carried out in compliance with Regulation (EU) 2016/679 – General Data Protection Regulation (the “Regulation”) and Legislative Decree 30 June 2003, No. 196, as amended by Legislative Decree 101/2018 (hereinafter the “Code”).

By “data,” we mean “any information concerning an identified or identifiable natural person,” and by “processing,” we mean “any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.”

For more details, please refer to the detailed information that follows.

Who is the Data Controller?

Essebi S.r.l.
Via Madonna Delle Grazie, 3
31030 Cison Di Valmarino (TV), Italy
Email: info@essebicucine.com
Tel: +39 0438 975528
Fax: +39 0438 85855

Tax Code and Business Register: IT 02252240268
R.E.A. TV 197807
Share Capital: € 102,900.00 fully paid
VAT number: IT 02252240268

What personal data do we process?

Usage data (browsing data);
Personal data such as identifying and contact information (e.g., name, surname, residence, email, phone number);
Data voluntarily provided by the user;
Data possibly collected through cookies and/or other tracking tools.

Why do we process personal data? (Purposes)

For sending informational materials or other communications following the completion of the relevant form on the website by the user (contact form) or following the sending of an email by the user to the addresses listed on the site, and generally for the conclusion and proper execution of a contract with the Data Subject and/or for the performance of pre-contractual activities and measures at the request of the Data Subject.
To comply with legal obligations or to fulfill orders from public authorities.
For the necessity of asserting, exercising, or defending a right in legal proceedings or whenever authorities exercise their functions, as well as for detecting any fraudulent or malicious activities.

What is the legal basis for processing?

Processing under point 1 is necessary for the execution of a contract or pre-contractual measures taken at the user’s request.
Processing under point 2 is necessary to fulfill the Controller’s legal or regulatory obligations.
Processing under point 3 is based on the legitimate interest of the Controller.

How do we process personal data?

We process data electronically, telematically, and/or in paper form, observing all precautions applied by the Controller to ensure its security, confidentiality, and control.

The data is generally stored within the EU but may also be stored and processed on servers located outside the European Community, in compliance with the applicable regulations.

To whom do we disclose personal data? (Categories of recipients)

Employees, individuals appointed and authorized by the Controller;
External entities (e.g., service providers) acting as Data Processors pursuant to Article 28 GDPR, such as the entity managing the website;
Entities legally authorized to access the data;
Entities to whom disclosure is necessary to fulfill contractual obligations;
Public authorities;
Third parties.
The personal data processed by the Controller is not subject to dissemination in any way.

For how long do we retain personal data?

Personal data will be retained for the time necessary to achieve the purposes listed above. In any case, processing cannot exceed the duration required for each processed data, based on the prescription period for exercising rights connected to that data.
Criteria used to determine the retention period:
a. Achievement of the processing purposes.
b. Retention period required by law.
c. Withdrawal of consent by the Data Subject (in the case of processing based on consent).
d. Maximum retention period permitted by current regulations to protect the Controller’s rights and/or interests.

Is providing personal data mandatory or optional? What happens if personal data is not provided?

To browse the website, users must provide navigation data and data contained in certain cookies (technical cookies). In case of non-provision, users may have a suboptimal browsing experience on this website, and we may not be able to meet their requests.

The voluntary provision of other data, such as through the completion of the form on the website, is optional, but if the mandatory data is not provided, we may not be able to meet the user’s requests.

What rights does the Data Subject have?

The Data Subject has the right to:
Access the data we hold and request its communication in an intelligible form.
Request the updating, rectification, and/or integration of data.
Request the erasure of data (“right to be forgotten”).
Request the restriction of data processing.
Request notification of any updates, rectifications, erasures, or restrictions.
Request data portability.
Object to data processing.
Withdraw consent at any time for the processing activities that require it.
File a complaint with a supervisory authority.

1) Identity and contact details of the Data Controller and the Data Processor:

Essebi S.r.l.
Via Madonna Delle Grazie, 3
31030 Cison Di Valmarino (TV), Italy
Email: info@essebicucine.com
Tel: +39 0438 975528
Fax: +39 0438 85855

Tax Code and Business Register: IT 02252240268
R.E.A. TV 197807
Share Capital: € 102,900.00 fully paid
VAT number: IT 02252240268

2) Types of data processed:

Visiting and browsing the website typically involves the collection and processing of common personal data related to browsing. Additionally, by filling out the relevant form on the site, personal data such as identifying and contact information (e.g., name, surname, email, phone number), information related to the requested service, and any additional data voluntarily provided by the user may be collected.

Regarding data possibly collected through cookies, please refer to the Cookie Policy.

3) Purpose and legal basis of data processing:

The Controller will process the data for the following purposes:
To provide the requested service following the completion of the relevant form (contact form) on the website by the user and generally for the conclusion and proper execution of a contract with the Data Subject and/or for the performance of pre-contractual activities requested by the user.
Compliance with legal obligations to which the Controller is subject.
The need to assert, exercise, or defend a right in legal proceedings or whenever authorities exercise their functions, based on the Controller’s legitimate interest, as well as for detecting any fraudulent or malicious activities.

How do we process the data?

The data will be processed using electronic, telematic, and/or paper means in compliance with the Regulation and the Code, and in a manner that ensures data security and confidentiality, preventing unauthorized disclosure, use, alteration, or destruction. Personal data will be processed and retained in full compliance with the principles of necessity, data minimization, and limitation of retention periods, by adopting appropriate technical and organizational measures based on the level of risk of the processing.

If necessary to achieve the purposes set out in paragraph 3, the Data Subject’s data may be transferred abroad to countries/organizations outside the EU that guarantee compliance with the GDPR processing methods, particularly under Articles 44 et seq. GDPR.

Recipients of the data:

The data may be disclosed (within their respective competence and solely for the purpose of fulfilling the described purposes) to:
a) parties to whom data communication is necessary for the website’s operation, acting as Data Processors under written agreements with the Controller, such as the website manager;
b) persons authorized by the Controller who are bound by confidentiality agreements or are subject to adequate legal obligations of confidentiality (e.g., employees or collaborators of the Controller);
The data will not be disclosed to third parties.

To comply with legal, regulatory, or community obligations or contractual obligations, and to assert any rights in judicial proceedings, the following third parties may have access to the Data Subject’s data: (i) banks, credit institutions, and financial entities; (ii) consultants in tax, legal, or accounting matters; (iii) companies providing the Controller with services instrumental to managing the contractual relationship (e.g., management software providers); (iv) authorities and supervisory and control bodies (e.g., Revenue Agency, judicial authorities, etc.); (v) companies providing the Controller with services for credit recovery.

Data retention period:

For the purposes indicated above, the data will be retained for the time strictly necessary to achieve the purposes for which it was collected and processed. The criterion for determining the actual data retention period will be the statute of limitations for actions arising from the relationship with the Data Subject. Except for the need to retain the data to fulfill legal obligations imposed on the Controller or to assert, exercise, or defend the Controller’s rights in legal proceedings, the data will not be retained for more than 10 years from the termination of the relationship or the completion of the intended purpose, unless specifically required by law. After this period, the data will be destroyed or irreversibly anonymized, unless further retention is necessary to fulfill legal obligations or comply with orders from public authorities and/or supervisory bodies.

Browsing data is deleted immediately after processing (except for log data that must be retained for legal obligations, including the possible need to detect crimes by the competent authorities); for cookies, refer to the specific “Cookie Policy.”

Mandatory and optional nature of providing personal data:

To browse the website, the user must provide browsing data and data contained in certain cookies (technical cookies). In case of non-provision, users may experience suboptimal navigation on this website, and we may not be able to fulfill their requests.

The voluntary provision of other data, such as through the completion of the form on the website, is optional. However, failure to provide the requested data may make it impossible to fulfill the user’s request, as the communication is essential and necessary for this purpose.

Provision is mandatory for the purposes of fulfilling legal obligations; in case of refusal, our company will not be able to proceed with the contractual relationship and the related legal obligations.

Data Subject’s rights:

By sending a communication to the Controller’s registered office at info@essebicucine.it, each Data Subject may, at any time, exercise their rights under Articles 15 and following of the Regulation, including: (i) obtaining confirmation of whether or not processing of Data concerning them is in progress; (ii) accessing their Data and the information listed in Article 15 of the Regulation; (iii) obtaining without undue delay the rectification of inaccurate Data concerning them or the completion of incomplete Data; (iv) requesting the erasure of Data concerning them without undue delay; (v) requesting the restriction of the processing of Data concerning them; (vi) being informed of any rectifications or erasures or restrictions of processing performed concerning the data that concerns them; (vii) receiving the Data concerning them in a structured, commonly used, and machine-readable format; (viii) objecting at any time, for reasons related to their particular situation, to the processing of data concerning them based on the legitimate interest of the Controller; (ix) withdrawing their previously given consent at any time and free of charge, without affecting the lawfulness of the processing carried out up to the point of withdrawal.

The full list of Data Subject rights can be found at https://www.garanteprivacy.it/Regolamentoue/diritti-degli-interessati.

Exercising the rights mentioned above is not subject to any formality and is free of charge. A response to the Data Subject’s request will be provided within one month of receipt. In cases of particular complexity, this period may be extended; in such cases, the Controller undertakes to provide at least an interim communication within one month of receipt of the request.

In exercising one of the rights provided for by the Regulation, the Controller reserves the right to verify the identity of the requesting Data Subject by requesting a photocopy of an identity document attesting to the legitimacy of the request. Once the requesting Data Subject’s identity has been confirmed, the photocopy will be immediately destroyed.

Complaint to the Supervisory Authority:

If the Data Subject believes that the processing concerning them violates the provisions of the Regulation, they can always lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or the authority of the country where they usually reside, work, or where the alleged violation took place.

The Controller reserves the right to make changes to this privacy policy at any time by notifying users on this website and, where technically and legally feasible, sending a notification to users through one of the contact details held by the Controller. Please consult this page frequently, referring to the date of the last modification indicated below.

This privacy notice is effective as of September 10, 2024.