Updated on: 01.02.2021, template: Privacy websites information letter_EN V2.0

 

A. Loacker AG (VAT no. 00187320213) with registered office in Via Gasterer Weg 3, 39054 Auna di Sotto/Unterinn, Italy (hereinafter, “Controller”), owner of the websites www.loacker.comwww.loacker-deutschland.de (hereinafter, the “Site”), as controller of the processing of personal data of users who navigate and are registered to the Site (hereinafter, “Users”) provides here below the privacy disclosure pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter “Regulation”).

 

1. Purpose of data processing and legal basis

The Users’ personal data will be lawfully processed by the Controller, pursuant to art. 6 of the Regulation, for the following purposes:

  1. navigation of the Site, in relation to the possibility of acquiring User data, necessary at a technical level, such as the IP address, during navigation of the Site;
  2. response to contact requests by the Site visitors;
  3. registration to the “Pastry Workshop” by the Site visitors;
  4. administrative-accounting purposes, namely, to perform activities of an organizational, administrative, financial or accounting nature, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;
  5. legal obligations, namely, to comply with obligations provided by law, from an authority, by regulation or by European legislation.

 

The provision of personal data for the purposes of the data processing indicated above is voluntary but necessary, since the lack of providing of data will make it impossible for the User to navigate on the Site, subscribe to Site where provided and use the services offered by the Controller. With reference to the purposes in points (1/a, 1/b and 1/c), the legal basis of the data processing is, in fact, the execution of the services provided through the Site and requested by the User (pursuant to art. 6 para. 1 lit b of the Regulation); with reference to the purposes in points (1/d and 1/e) of the previous paragraph, the legal basis of the data processing is to fulfill the legal obligation which the Controller is subject to (pursuant to art. 6 para. 1 lit c of the Regulation).

The contents of the above listed Site and any services offered are reserved to subjects who have reached eighteen years of age. The Controller, therefore, does not collect personal data of minors under 18 years of age. Upon request of the Users, the Controller shall immediately delete all personal data involuntarily collected relating to minors under 18 years of age.

 

2. Data processing method and data storage period

The Controller will process the personal data of Users utilizing manual and computer instruments, with logic strictly related to the same purposes and, in a way that guarantees the security and privacy of the data.

The personal data of the Users of the Site will be held for the time strictly necessary to fulfill the primary purposes illustrated in paragraph 1, or as necessary for the protection in civil law of the interests of both the Users and the Controller.

 

3. Scope of communication and dissemination of data

Employees and/or collaborators of the Controller, responsible for the management of the Site, may become acquainted with the personal data of the Users. These subjects, who are authorized by the Controller, will process the User data exclusively for the purposes indicated in the present disclosure and in compliance with the previsions of the Regulation.

Third parties who may process the personal data on behalf of the Controller may also become acquainted with the personal data of the Users as “External Data Processors”, such as, for example, suppliers of computer and logistics services for the operation of the Site, providers of outsourcing and cloud computing services, professionals and consultants.

The personal data of Users may be communicated to third parties to fulfill legal obligations, or to comply with orders from public authorities, or to exercise a right in court.

Users have the right to obtain a list of any data processors appointed by the Controller, by making a request using the method indicated in paragraph 4 below.

 

4. Users’ rights

Users may exercise the rights guaranteed to them by the Regulation by contacting the Controller through:

  • return receipt certified mail to the head offices of the Controller;
  • email to address info@loacker.com.

The Data Protection Officer (DPO) appointed by A. Loacker Spa/AG in accordance with art. 37 of the Regulation can be contacted at the company’s registered office or via the email address info@loacker.com.

Website Users, as parties to the data processing, have the right to:

  1. obtain access, update, correction or, if they wish, integration of the data;
  2. request and obtain the cancellation, transformation into anonymous form or the block of the data processed in violation of law, including data for which retention is not necessary relative to the purposes for which the data was collected and processed;
  3. obtain certification that the operations referred to in letters a) and b) have been brought to the attention, even with regard to their content, of those to whom the data has been communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
  4. revoke consent at any time, when the data processing is based on their consent;
  5. data portability (right to receive all the personal data pertaining to them in a structured, commonly used and machine-readable format), the right to restriction of processing of the personal data and the right to erasure (“right to be forgotten");
  6. object:
    1. in full or in part, for legitimate reasons, to the processing of personal data pertaining to them, although relevant to the purpose of its collection;
    2. in full or in part, to the processing of personal data pertaining to them for the purpose of sending advertising materials or direct sales, or the execution of market research or commercial communications;
    3. at any time, when the personal data is processed for purposes of direct marketing, to the processing of their data for that purpose, including profiling, to the extent that it is connected to that direct marketing.
  7. lodge a complaint with a Supervisory Authority (in the member country in which they usually live, work or in the member country where the alleged violation has taken place) when they believe that the processing pertaining to them violates the Regulation. The Italian data protection authority is the Garante Privacy, with office in Piazza Venezia no. 11, 00187 - Rome (http://www.garanteprivacy.it/).