Articles 13 of Regulation (EU) 2016/679
With this notice, we inform users, pursuant to Article 13 of European Regulation 2016/679 regarding the protection of personal data (hereinafter “GDPR”), about the processing of personal data carried out through this website (hereinafter for brevity also “the Site”), without extending to other websites that the user may access through referral links inserted within it. The processing of personal data is carried out in compliance with current legislation on the protection of personal data and is based on the principles of fairness, lawfulness, transparency, and data protection.
1) Data Controller and Data Protection Officer
The Data Controller is Battaglio S.p.A. (“Battaglio” or “Company” or “Data Controller”), with its registered office at Strada del Portone No. 30, zip code 10195, Grugliasco (TO) – tel. +39 011 3494444, e-mail: info@battaglio.it, represented by its legal representative pro tempore.
2) Purposes, Categories of Personal Data Processed, and Legal Basis of Processing on the Site
Through the Site, different types of personal data are collected and processed for different purposes and in different ways. Specifically:
- a) Common identifying and contact data: Users of the Site are required to provide personal data by completing the appropriate form only if they wish to participate in the "Frutta Party" and get in touch with the Company; in such cases, users, after reading this notice, may provide only the data strictly necessary to participate in the event (name, surname, email, phone number, and any other data voluntarily provided by the user). The legal basis for processing is the necessity of performing a contract to which the data subject is a party (Article 6, paragraph 1, letter b) of the GDPR) and the legitimate interest of the Company in providing the information requested by the user (Article 6, paragraph 1, letter f of the GDPR);
- b) CV-related data: These are the data contained in resumes voluntarily submitted to the Company for current and future job positions, through uploading in the "Work with us" section. The legal basis for processing in this case is the necessity of performing a contract to which the data subject is a party (Article 6, paragraph 1, letter b) of the GDPR);
- c) Technical navigation data: The computer systems and software procedures used for the functioning of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information that is not collected to be associated with identified data subjects but, by their very nature, could, through processing and association with data held by third parties, allow the identification of users. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters related to the user's operating system and computing environment. This data is used solely to gather anonymous statistical information about the use of the site and to check its correct functioning, and is deleted immediately after processing. The data may be used to ascertain responsibility in the case of hypothetical cybercrimes committed against the Site. The legal basis for processing in this case will be the legitimate interest of the Company, pursuant to Article 6, paragraph 1, letter f) of the GDPR.
d) Cookies and Other Tracking Systems:
Cookies
Cookies are text files that websites visited by users send to their devices and which are retransmitted to the same websites on the next visit. Cookies can be divided into two macro categories: “profiling cookies” and “technical cookies.”
Profiling Cookies
This Site does not use profiling cookies, meaning cookies aimed at creating profiles related to the user in order to send messages in line with preferences expressed during browsing on the site.
Technical Cookies
The Site uses technical cookies to enable secure, fast, and efficient browsing of the site itself and to provide users with the requested services. The installation of these cookies does not require prior consent from users.
Session Technical Cookies
Session cookies are used for navigation and for authentication to online services and restricted areas. The use of these cookies (which are not stored persistently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable effective site navigation. The use of permanent cookies is strictly limited to the acquisition of statistical data useful for understanding the level of use of the individual site.
Third-party Cookies
No third-party cookies are installed.
The legal basis for processing in these cases will be the legitimate interest of the Company, pursuant to Article 6, paragraph 1, letter f) of the GDPR.
Information on the Processing of Personal Data Carried Out Through the Social Media Platforms Used by Battaglio
Regarding the processing of personal data carried out by the managers of the Social Media platforms used by Battaglio, reference is made to the information provided by them through their respective privacy policies. Battaglio processes personal data provided by users through the Social Media platform pages dedicated to the Company solely to manage interactions with users (comments, public posts, etc.) and in compliance with current regulations.
3) Methods of Data Processing
The processing related to the web services of the Site is carried out using automated tools for the time strictly necessary to achieve the purposes for which the data was collected; it takes place at the server in Italy and is managed only by technical staff responsible for processing, or by any persons in charge of maintenance and administration operations. Specific security measures are taken to prevent data loss, illegal or improper use, unauthorized access, and loss of confidentiality. Data processing refers to their collection, recording, organization, storage, processing, modification, deletion, and destruction, or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data is carried out using manual, computer-based, and telematic tools, with methods strictly related to the purposes themselves and, in any case, in a manner that ensures the security and confidentiality of personal data. No automated decision-making process (e.g., profiling) is carried out.
4) Consequences of Refusing to Provide Data
Except for navigation data, providing personal data collected through the Site to address user requests and inquiries is voluntary and optional. Providing certain data requested for specific purposes offered by the Site is necessary for the provision of the service itself. In this regard, it is clarified that, with reference to the "Frutta Party" event, providing the data in the fields marked with an asterisk is mandatory, and failing to enter them will prevent completing the registration and fulfilling the subsequent requests.
Providing the data in the fields marked with an asterisk in the "Work with us" section is mandatory, and failing to provide them will prevent Battaglio from processing them and, consequently, from establishing any potential employment relationships.
5) Data Transfer to Third Countries
The processing will primarily take place in Italy and the EU. In this regard, the Company assures that any transfer of data outside the European Community will be carried out in compliance with applicable legal provisions, entering into agreements if necessary to ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
6) Retention Period
Unless the user explicitly expresses the desire to delete them, in relation to the different purposes and aims for which they were collected, their personal data will be retained for the period specified by applicable law, and in any case, for a period not exceeding what is necessary to achieve the above-mentioned purposes.
7) Categories of Recipients
Personal data may be communicated to:
- to persons previously authorized and to persons appointed as data processors pursuant to Article 28 of the GDPR, who carry out specific tasks and operations (site administration, analysis of browsing and traffic data, management of emails voluntarily sent by the user, etc.);
- to subjects and in cases provided by law;
- to police forces or judicial authorities, in accordance with the law and upon their formal request, or if there are valid reasons to believe that the communication of such data is reasonably necessary for: (a) investigating, preventing, or taking actions related to suspected illegal activities, or assisting state control and regulatory authorities; (b) defending against any claims or accusations from third parties, or protecting the security of its website and business; or (c) exercising or protecting the rights, property, or security of the Company, its customers, its employees, or any other party.
The data will not be subject to dissemination.
8) Rights of the Data Subject
The user has the right to:
- access the personal data concerning them and obtain confirmation of the existence or non-existence of such data, their communication in an intelligible form, and their integration;
- request the update, rectification, or, when applicable, the integration of personal data;
- request the limitation of processing concerning them, the deletion, anonymization, or blocking of personal data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data was collected or subsequently processed;
- object, in whole or in part, for legitimate reasons, to the processing of their personal data even if relevant to the purpose of collection;
- obtain the transfer of their data to another data controller (so-called right to data portability).
If the processing is based on consent, pursuant to Article 7, paragraph 3, of the GDPR, the user can withdraw the consent given at any time, without prejudice to the lawfulness of the processing carried out before the withdrawal.
The user has the right to lodge a complaint, pursuant to Article 77 of the Regulation, with the national supervisory authority (in Italy, the Garante for the protection of personal data: www.garanteprivacy.it).
The rights listed above may be exercised by contacting the Company using the contact details provided in point 1) of this notice.