This page describes the methods of managing the websites – www.ntfood.it; www.nutrifree.it; foodservice.nutrifree.it; concorso.nutrifree.it; panettonesenzaglutine.it – and applications (APP Nutrifree) owned by Nt Food S.p.A. as the Data Controller (later also named as the Controller) in relation to the processing of personal data of users who consult the sites and is valid as a Policy.
The Controller pays the utmost attention to the safeguarding and protection of the personal data of its users: the processing is based on the principles of correctness, lawfulness, transparency and protection of confidentiality in compliance with Decree Law 196/2003 and European Regulation 2016/679 (hereinafter GDPR 2016/679).
1. Data Controller and Processing location
The Data Controller is Nt Food S.p.A., based in Via della Galeotta Loc. Tei 6/c Altopascio (LU) – 55011. The processing connected to the web services take place at the aforementioned premises of the Controller and is handled by authorised staff. The hosting service is entrusted to Amazon AWS. The servers are located in Ireland.
2. Types of data processed
- Navigation data
During their normal operation, computer systems and software procedures used to operate this website acquire personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified users but its nature may lead to the identification of users through processing and association with data held by third parties.
This category includes IP addresses or domain names of the computers used to connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the server response status (successful, error etc.) and other parameters pertaining to the user’s operating system and IT environment.
This data is solely used to compile anonymous statistics on the use of the website and to verify its correct operation. The data could be used by the authorities to ascertain responsibility in the event of alleged computer crimes detrimental to the site.
- Data provided voluntarily
Apart from what is specified for the navigation data necessary to communicate with the computer and telematic protocols, the provision of personal data by users is free and optional, even if functional to the provision of certain services: in these cases, therefore, failure to provide data could compromise or render the provision of the service impossible.
The personal data provided voluntarily to interact with the site, provided for the performance of certain services (registration to the site, subscription to events/competitions with prizes, requests for information, sending email messages), are used solely to perform the service or performance requested and are communicated to third parties only if this is strictly necessary for the execution of the service itself.
The provision of data for direct marketing and/or profiling purposes is optional and the user is free to express their consent or otherwise to such treatment.
This consent may be revoked at any time by modifying the data associated with your profile upon any new access to your account on the site.
For the processing of personal data that consists in sending by email newsletters and information material related to the services offered by the Controller, it will be possible to revoke consent by clicking on the link “Cancel subscription/Unsubscribe” at the bottom of each email.
Minors cannot provide personal data. The Controller shall in no circumstances be responsible for any false statements that may be provided by minors. In any case, if the Controller detects the falsity of any statement, it will immediately delete all personal data relating to any material that had been acquired. The Controller will address, to the party exercising parental authority or the legal guardian, the requests relating to the personal data of minors.
Definition of cookies
Cookies are small data files that the sites visited by the user send to their terminal or device, where they can be deleted at the end of each working session or stored to be retransmitted to the same sites on the next visit of the same user, cookies allow a site to recognise the user’s device, to track navigation through the different pages of the site, and to identify the users who visit the site.
There are different types of cookies.
– Technical cookies that include
- Navigation and session cookies that ensure normal navigation on the website (e.g. they permit authentication for access to restricted areas);
- Functional cookies that make navigation easier for the user by storing the choices made, e.g. the language chosen);
- Analytical cookies that are used to develop aggregate statistical analyses on how users browse the site, like the number of pages visited or the number of clicks made on a page, etc.
– Profiling cookies that allow you to create profiles related to the tastes, choices and propensities shown by the user during navigation and subsequently are used to send the user advertising messages in line with their preferences.
The table of cookies used by the websites owned by Nt Food S.p.A. is available in the relevant sections viewable on the respective websites.
a) Block/Manage Cookies
You can configure your browser to accept all cookies, reject all cookies, or receive a notification when you set up a cookie. Each browser is different, so it is best to verify in the browser guide how to change cookie preferences.
- In Internet Explorer you can block all cookies by clicking on “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the scrolling selector.
- In Firefox you can block all cookies by clicking on “Tools”, “Options” and clearing “Accept cookies from sites” in the “Privacy” tab.
The blocking of all cookies will, however, have a negative impact on the usability of many websites. If you block all cookies, you will not be able to use the features and applications on this website fully.
b) Deleting Cookies
You can also delete cookies that are stored on your computer: check your browser’s help guide. For example:
- In Internet Explorer, you must manually delete the cookie files
- In Firefox, you can delete cookies by clicking “Tools”, “Options”, “Privacy”, then choosing “Use custom settings” in the “History settings” menu and finally selecting “Remove cookies” from the “Show cookies” menu and confirming the operation.
c) Links to Social Network services
Through the sites and the application certain services provided by third parties are made available to users, with particular reference to links to social network services. In particular, the site features social plugins for Facebook, Twitter, Instagram, Pinterest, LinkedIn, YouTube and WhatsApp. These plugins do not set a cookie, but if it is already present on the visitor’s computer they are able to read it and use it according to its settings. The collection and use of information by these third parties are governed by the respective privacy policies to which reference should be made.
3) Purposes of data processing
The data provided voluntarily by the users of the site is processed for the following purposes:
- to register on the site
- to allow the use of services reserved for registered users
- to subscribe to the Restricted Area and for the subsequent management of related organisational and administrative obligations
- to subscribe to newsletters
- to produce anonymous statistics
- with the express consent of the user, to carry out direct marketing and/or profiling with automated tools
- to select staff through “Submit your application”
- to comply with legal obligations and the provisions of the competent authorities.
4) Processing and storage methods
The processing will be carried out using automated and/or manual methods, in compliance with the security provisions of Art. 32 of the GDPR 2016/679 and Decree Law 196/2003, by specially authorised parties, in compliance with the provisions of Art. 29 of the GDPR 2016/679.
In compliance with the principles of lawfulness, limitation of the purposes and the minimisation of the data, pursuant to Art. 5 of the GDPR 2016/679, the retention period of personal data is established for a period of time not exceeding the achievement of the purposes for which it is collected and processed, and respecting the times prescribed by law.
5) Location of data processing
The personal data will be processed at the registered and operational office of the Controller.
6) Personal data communication and dissemination
The personal data processed may be communicated to:
- Couriers, shippers or third parties responsible for the packaging, dispatch and/or delivery of any material which may be delivered on winning a prize in a competition for prizes or similar activity;
- Companies, consultants, professionals, natural/legal persons, in case communication is necessary or functional to the correct performance of contractual obligations, as well as the obligations arising under the law;
- All those parties with access to the data under legislative or administrative provisions;
There will be no processing or dissemination of personal data without the prior consent of the user.
7) Transfer of data
The Data Controller does not transfer personal data to third countries.
8) Withdrawing consent
With reference to Art. 23 of Decree Law 196/2003 and Art. 6 of the GDPR 679/2016, the interested party can withdraw consent at any time.
9) Rights of the interested party
At any time, the user may exercise, pursuant to Art. 7 of the Privacy Code and Art. 15-22 of the GDPR 2016/67, the right to:
- Request confirmation of the existence or otherwise of their personal data;
- Obtain information on the purposes of the data processing, the categories of personal data, the recipients or categories of recipients to whom the data has been or will be sent and, where possible, the retention period;
- Request that their personal data be corrected and deleted;
- Obtain a restriction on processing;
- Obtain data portability, i.e. receive their personal data from a Data Controller, in a structured, commonly used and machine-readable format and transmit it to another Controller without hindrance;
- Oppose the processing at any time, including for direct marketing and profiling purposes;
- Object to to an automated decision-making process concerning individuals, including profiling;
- Lodge a complaint with the competent Supervisory Authority;
The user may exercise their rights by writing to the Data Controller at the following address:
- Nt Food S.p.A., Via della Galeotta Loc. Tei 6/c Altopascio (LU) – 55011.
- Email: email@example.com