Information on the processing of personal data of website users

Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter “GDPR”)

Why this notice PASTIFICIO BIA S.R.L. (hereinafter also “Company” or “Data Controller”) is committed to respecting and protecting your privacy and wants you to feel secure both during simple browsing of the site and in the event you decide to register by providing your personal data to use the services made available to its Users and/or Customers. On this page, the Company intends to provide information regarding the processing of personal data of users who visit or consult the website accessible electronically from the address www.pastabia.com (the “Site”). This information is provided solely for the Company’s website and not for other websites that may be consulted by the user via links (for which please refer to their respective privacy policies). The reproduction or use of pages, materials, and information contained within the Site, by any means and on any support, is not permitted without the prior written consent of the Company. Copying and/or printing for exclusively personal and non-commercial use is permitted (for requests and clarifications, contact the Company at the contact details provided below). Other uses of the content, services, and information on this site are not allowed.

Regarding the content offered and information provided, the Company will endeavor to keep the Site’s content reasonably updated and reviewed, without offering any guarantee on the adequacy, accuracy, or completeness of the information provided, explicitly declining any responsibility for any errors or omissions in the information provided on the Site.

Origin – Browsing Data The Company informs you that the personal data provided by you and acquired simultaneously with the request for information and/or contact, registration on the site, and use of services via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services—including browsing data and data used for any purchase of products and services offered by the Company, but also the “browsing” data of the site by Users—will be processed in compliance with applicable regulations. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow for the identification of browsing users. This category of data includes “IP addresses” or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (success, error, etc.), and other parameters related to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to monitor the correct functioning of the Company’s website. It should be noted that the aforementioned data could be used to ascertain responsibility in case of computer crimes against the Company’s site or other sites connected or linked to it: except for this possibility, web contact data currently does not persist for more than a few days.

Origin – Data provided by the user The Company collects, stores, and processes your personal data for the purpose of providing the products and services offered on the Site, or for legal obligations. Regarding certain specific Services, Products, Promotions, etc., the Company may also process your data for commercial purposes. In such cases, specific, separate, optional, and always revocable consent will be requested through the methods and at the contact details indicated below.

The optional, explicit, and voluntary sending of e-mails to the addresses indicated in the relevant section of the Website, as well as the completion of questionnaires (e.g., forms), communication via chat, push notifications via APP, social networks, call centers, etc., involves the subsequent acquisition of some of your personal data, including those collected through the use of Apps and related services, necessary to respond to requests. We also point out that when using a mobile connection to access digital content and services offered directly by the Company or by our Partners, it may be necessary to transfer your personal data to such third parties. We highlight that you may access the Site or connect to areas where you may be enabled to publish information using blogs or message boards, communicate with others (for example, coming from the Company page on Facebook®, LinkedIn®, YouTube®, and other social network sites), review products and offers, and post comments or content. Before interacting with these areas, we invite you to read the General Terms of Use carefully, keeping in mind that, in some circumstances, the information published can be viewed by anyone with Internet access, and any information you include in your publications can be read, collected, and used by third parties.

Purposes of processing and legal basis The data is processed for the following purposes:

1. Strictly connected and necessary for registration on the site www.pastabia.com, for services and/or Apps developed or made available by the Company, for the use of related information services, for managing contact or information requests, and for making purchases of products and services offered through the Company website;

2. For ancillary activities related to managing User/Customer requests and sending responses, which may include the transmission of promotional material; for the completion of purchase orders for offered products and services, including aspects related to credit card payments, shipping management, the potential exercise of the right of withdrawal provided for distance purchases, and updates on the availability of temporarily unavailable products and services;

3. Related to the fulfillment of obligations provided by EU and national regulations, the protection of public order, and the detection and suppression of crimes;

4. Direct marketing, i.e., sending advertising material, direct sales, performing market research, or commercial communication of products and/or services offered by the Company; this activity may also concern products and services of Company Group companies and be carried out by sending advertising/informative/promotional material and/or invitations to participate in initiatives, events, and offers aimed at rewarding users/customers, carried out using “traditional” methods (e.g., paper mail and/or operator calls), or through “automated” contact systems (e.g., SMS and/or MMS, phone calls without operator intervention, e-mail, fax, interactive applications), pursuant to Art. 130 paragraphs 1 and 2 of Legislative Decree 196/03 and subsequent amendments.

    

The provision of data for the purposes referred to in points 1), 2), and 3), connected to a pre-contractual and/or contractual phase or functional to a user request or required by a specific regulatory provision, is mandatory. Failing this, it will not be possible to receive the information and access any requested services. Regarding point 4) of this Information Notice, the consent to data processing by the user/customer is instead free, optional, and always revocable without consequences on the usability of products and services, except for the Company’s inability to keep users/customers updated on new initiatives or particular promotions or benefits that may be available.

The Company may send commercial communications relating to products and/or services similar to those already provided, pursuant to Directive 2002/58/EU, using the e-mail or postal coordinates provided by you on such occasions, which you may oppose using the methods and contact details below.

Methods, processing logic, storage times, and security measures Processing is also carried out with the aid of electronic or automated means and is performed by the Company and/or third parties that the Company may use to store, manage, and transmit the data. Data processing will be carried out with the logic of organization and processing of your personal data, including those relating to logs originated from access and use of services made available via the web, of the products and services used related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data. The personal data processed will be stored for the times provided for by the applicable legislation.

Regarding data security, in the sections of the website set up for particular services where personal data is requested from the browsing user, the data is encrypted using a security technology called Secure Sockets Layer (SSL). SSL technology encodes information before it is exchanged via the Internet between the user’s computer and the Company’s central systems, making it unintelligible to unauthorized persons and thus ensuring the confidentiality of the transmitted information. Furthermore, transactions carried out using electronic payment instruments are performed directly using the Payment Service Provider (PSP) platform, and the Company stores only the minimum set of information necessary to manage any disputes. Regarding data protection aspects, the user/customer is invited, pursuant to Art. 33 of the GDPR, to report to the Company any circumstances or events from which a potential “personal data breach” may arise, in order to allow an immediate evaluation and the adoption of any actions aimed at countering such an event, by sending a communication to privacy@pastabia.com or contacting Customer Service. The measures adopted by the Company do not exempt the Customer from paying necessary attention to the use, where required, of passwords/PINs of adequate complexity, which they must update periodically—especially if they fear they have been compromised/known by third parties—as well as keeping them carefully and making them inaccessible to third parties to avoid improper and unauthorized use.

Cookies A cookie is a short string of text that is sent to your browser and potentially saved on your computer (or alternatively on your smartphone/tablet or any other tool used to access the Internet); this typically happens every time you visit a website. The Company uses cookies for various purposes to offer you a fast and secure digital experience, for example, allowing you to keep the connection to the protected area active while browsing through the pages of the site.

Cookies stored on your terminal cannot be used to retrieve any data from your hard drive, transmit computer viruses, or identify and use your e-mail address. Each cookie is unique in relation to the browser and device you use to access the Website or use the Company App. Generally, the purpose of cookies is to improve the functioning of the website and the user’s experience in using it, although cookies can be used to send advertising messages (as specified below). For more information on what cookies are and how they work, you can consult the website “All about cookies” at http://www.allaboutcookies.org.

For detailed information on Cookies, please read the dedicated page (www.pastabia.com/cookie-policy-en).

Scopes of communication and data transfer For the pursuit of the purposes indicated above, the Company may communicate and have processed, in Italy and abroad, the personal data of users/customers by third parties with whom we have relationships, where these third parties provide services at our request. We will provide these third parties only with the information necessary to perform the requested services, taking all measures to protect your personal data. Data may be transferred outside the European Economic Area if necessary for the management of your contractual relationship. In this case, the recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Data Controller. In the case of using services offered directly by Partners, we will provide only the data strictly necessary for their execution. In any case, only the data necessary for the pursuit of the intended purposes will be communicated, and where required, the guarantees applicable to data transfers to third countries will be applied. We may also disclose personal data to our commercial service providers for marketing reasons, appointed for this purpose as external data processors. Furthermore, personal data may be communicated to competent public bodies and authorities to fulfill regulatory obligations or to ascertain responsibility in case of computer crimes against the site, as well as communicated to or allocated with third parties (as processors or, in the case of electronic communication service providers, as independent data controllers) who provide IT and telematic services (e.g., hosting, website management, and development services) and which the Company uses to perform tasks and activities of a technical and organizational nature instrumental to the functioning of the website. The entities belonging to the categories listed above operate as distinct Data Controllers or as Processors specifically appointed by the Company.

Personal data may also be known by Company employees/consultants who are specifically instructed and appointed as Persons in Charge of processing.

The categories of recipients to whom the data may be communicated are available by contacting the Company at the details provided below.

Rights of the data subjects You may exercise at any time the rights recognized to you by law, including:

1. To access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable storage period, and the existence of automated decision-making processes;

    

2. To obtain without delay the rectification of inaccurate personal data concerning you;

    

3. To obtain, in the cases provided for, the erasure of your data;

    

4. To obtain the restriction of processing or to object to it, whenever possible;

5. To request the portability of the data you have provided to the Company, i.e., to receive them in a structured, commonly used, and machine-readable format, also to transmit such data to another controller, within the limits and constraints provided by Art. 20 of the GDPR.

Furthermore, you may lodge a complaint with the Data Protection Authority pursuant to Art. 77 of the GDPR.

For the processing referred to in point 4) of the purposes, the Customer may always revoke consent and exercise the right to object to direct marketing (in “traditional” and “automated” forms). Unless otherwise indicated, the objection will apply to both traditional and automated communications.

Data Controller The Data Controller, pursuant to Art. 4 of the GDPR, is PASTIFICIO BIA S.R.L. C.da Piana Mulini Area PIP snc – Resuttano ZIP 93010 Prov CL VAT: 01712650850.

The rights indicated above may be exercised at the request of the Data Subject through the methods made known by Customer Service or on the Company’s Website, or by using the following reference: Leonardo Trubia (privacy@pastabia.com).

The use of the Website, including those intended for tablets and/or smartphones, by the Customer and/or User implies full knowledge and acceptance of the content and any indications included in this version of the information notice published by the Company at the time the site is accessed. The Company informs that this notice may be modified without prior notice and therefore recommends periodic reading.

The Data Controller PASTIFICIO BIA S.R.L.

This privacy policy was updated on 07/19/2024