Privacy Policy
PRIVACY STATEMENT PROVIDED PURSUANT TO ART. 13 OF REG. (EU) 2016/679
The following information is provided pursuant to Art. 13 of Reg. (EU) 2016/679 (hereinafter referred to as GDPR). This file is intended to inform users of San Benedetto's Internet portals of how ACQUA MINERALE SAN BENEDETTO S.P.A. (hereinafter referred to only as "San Benedetto") collects, shares and uses personal information and how users can exercise their rights to protect their privacy.
Personal data (name, surname, telephone number, email address, etc.) will be acquired to allow browsing and/or use the services of the Acqua Minerale San Benedetto S.p.A. website, which is the Data Controller.
Personal data will be processed in accordance with the principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the data subject.
In relation to the personal data provided by the user, San Benedetto informs of the following:
a) PERSONAL DATA: The processing will only concern the data that will be entered in the registration and authentication form such as: Cookies, Browsing data, name, surname, telephone number and email.
b) SOURCE OF PERSONAL DATA: Personal Data can be freely provided by the User or, in the case of browsing data, automatically collected while browsing the website.
c) DATA CONTROLLER AND DATA PROTECTION OFFICER: The data controller is Acqua Minerale San Benedetto S.p.A., with registered office in Viale Kennedy 65, Scorzè (VE), email privacysanben@sanbenedetto.it.
San Benedetto has appointed a DPO who can be contacted at the following address dpo@sanbenedetto.it.
d) DATA PROCESSING PURPOSES AND LEGAL BASIS: Personal data is processed for the following purposes: 1) to enable the User to take advantage of the services provided through these websites, such as commercial requests or sending unsolicited applications, and 2) following specific consent, to allow San Benedetto, as well as natural persons or legal entities contractually related to San Benedetto, to send information and commercial communications, promotional or otherwise, including newsletters, as well as advertising material, following any specific consent, for profiling activities, i.e. to allow the processing and performance of statistical and market studies and research, as well as for the analysis of tastes, preferences, habits, needs and consumer choices and to receive personalised offers based on purchasing preferences.
e) COMPULSORY OR NON-COMPULSORY PROVISION OF DATA: The provision of data is optional; however, failure to provide data for the purposes set out in points 1) and 2) will result in the impossibility of using certain services accessible only through the website, such as, for example, participation in prize-draw competitions.
f) DATA RECIPIENTS: Within the limits relevant to the indicated processing purposes, the data may be disclosed to other parties involved in the organisation of the websites (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Controller. The updated list of Data Processors may always be requested from the Data Controller. The data will not be disseminated in any way. The Data Processors and Data Controllers in office are duly identified in the Privacy Document, which is updated periodically.
g) DATA TRANSFER OUTSIDE THE EEA: The data collected will not be transferred outside the European Economic Area.
h) RETENTION PERIOD: The data collected will be retained for a period of time not exceeding the achievement of the purposes for which it is processed ("retention limit", Art. 5 GDPR), without prejudice to cases of compliance with a legal obligation or order of an authority. The obsolescence of retained data in relation to the purposes for which it was collected is periodically checked. At the end of the retention period, the Personal Data will be erased. Therefore, at the end of this period, the right of access, erasure, rectification and the right to Data portability can no longer be exercised.
i) DATA PROCESSING METHODS: The processing will be carried out using manual and/or computerised and electronic tools with organisational and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data itself in compliance with the organisational, physical and logical measures laid down by the provisions in force.
j) RIGHTS OF THE DATA SUBJECT: The data subject shall always have the right to: access his/her personal data; obtain the rectification or erasure of his/her personal data or the restriction of processing concerning him/her; object to processing; obtain data portability; withdraw consent, where applicable: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before withdrawal; lodge a complaint with the supervisory authority (Data Protection Supervisor). These rights may be exercised by sending a request by email to privacysanben@sanbenedetto.it.