Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)
WHY THIS INFORMATION?
In accordance with Regulation (EU) 2016/679 (hereinafter "GDPR"), this page describes the methods of processing personal data. This information is provided pursuant to art. 13 GDPR. The information is not to be considered valid for other third-party websites, which may be consulted via links on this website, for which no responsibility is assumed.
Processable personal data
-
Personal data : any information relating to an identified or identifiable natural person (' data subject '); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 GDPR).
-
Contractor/user data.
-
Browsing data: The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
-
Data communicated voluntarily: the optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the completion of data collection forms entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data entered.
Information about the processing of personal data carried out through Social Media platforms
Regarding the processing of personal data carried out by the managers of the Social Media platforms used by the Data Controller, please refer to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
Specific information
Specific information may be present on the pages of the Site in relation to particular services or processing of the data provided.
Cookies and other tracking systems. What are they? What are they for?
For cookies and other tracking systems, see the cookie policy reported in the footer of the site and at the following link .
1. WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?
The Data Controller is A&D SpA Gruppo Alimentare e Dietetico , with registered office in Strada 2, Palazzo C1, Assago Milanofiori (MI), in the person of its Legal Representative pro-tempore, who can be contacted for any information by telephone +39 02 5770791, e-mail address privacy@aedgruppo.it .
2. PURPOSE OF THE PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD AND NATURE OF THE PROVISION
|
PURPOSE OF THE PROCESSING |
LEGAL BASIS |
RETENTION PERIOD |
NATURE OF THE PROVISION |
|
Browsing this website. The data necessary for the use of web services are also processed for the purpose of: •obtain statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.); •check the correct functioning of the services offered. The data will be used to ascertain responsibility in the event of hypothetical computer crimes against the site. |
The processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the interested party which require the protection of personal data do not prevail, taking into account the reasonable expectations of the interested party and the activities strictly necessary for the functioning of the site and navigation itself (Art. 6, par. 1 lett. f and C47 of the GDPR). |
The storage of browsing data will last for the duration of the browsing session and in any case will not persist for more than seven days (except in the event of the need to ascertain crimes by the Judicial Authority). |
Providing data is necessary for browsing the website. |
|
Use of cookies and similar technologies. See the cookie policy in the footer of the site. |
For cookies and similar non-technical/necessary technologies, the processing is based on consent to the processing of personal data (art. 6 par. 1 lett. ae C42, C43 of the GDPR). Consent is given through the banner and the site's cookie policy. |
See the cookie policy in the footer of the site. |
See the cookie policy in the footer of the site. |
In addition to navigation, personal data will be processed for:
|
PURPOSE OF THE PROCESSING |
LEGAL BASIS |
RETENTION PERIOD |
NATURE OF THE PROVISION |
|---|---|---|---|
|
A) CONTACTS, INFORMATION REQUEST and CUSTOMER CARE : through the contact details indicated, we will collect and respond to requests, we will provide assistance for any need related to the use of the site and the purchase of our products. |
The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures adopted at the request of the same (art. 6 par. 1 lett. b) and C44 of the GDPR). |
Maximum 12 months |
The transfer is necessary. Failure to provide the necessary data will make it impossible to be contacted or obtain what is requested from the Data Controller. |
|
B) ONLINE PURCHASES AND RELATED ADMINISTRATIVE ACCOUNTING ACTIVITIES (e.g. order management, invoicing, payments, shipment processing and management of any returns, management of any credits and related pre-contractual/contractual obligations). |
The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures adopted at the request of the same (art. 6 par. 1 lett. b) and C44 of the GDPR). |
10 years from purchase for administrative accounting purposes. |
The transfer is necessary. Failure to provide the necessary data will make it impossible to conclude and execute the purchase contract for goods offered by the Data Controller. |
|
C) DIRECT MARKETING , for sending advertising or direct sales material or for carrying out market research, commercial and promotional communications, newsletters, via automated means (email, SMS) . The communications may contain promotional activities and/or logos of third-party partners and companies belonging to the Group. There will be no transfer of personal data. For the complete list of Group companies and partners, interested parties can write to privacy@aedgruppo.it . |
The processing is based on consent to the processing of personal data (art. 6 par. 1 lett. a) and C42-43 of the GDPR). |
Until consent is revoked (or opt-out). |
The provision is optional. Failure to provide the necessary data will make it impossible to receive direct marketing communications. |
|
D) NON-AUTOMATED PROFILING: personal data will be entered into company databases/CRMs/platforms, in order to carry out analyses, evaluations and to divide interested parties into homogeneous groups based on specific company activity characteristics for better management of services and for sending targeted promotional communications. |
The processing is based on consent to the processing of personal data (art. 6 par. 1 lett. a) and C42-43 of the GDPR). |
Until consent is revoked and in any case for a maximum of 12 months. |
The provision is optional. Failure to provide the necessary data will make it impossible to perform analyses and send targeted promotional communications. |
|
AND) CUSTOMER AREA REGISTRATION , to allow the user to create an account, to manage it and to be able to use the related services. |
The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures adopted at the request of the same (art. 6 par. 1 lett. b) and C44 of the GDPR). |
Until the termination of the contract or until the cancellation of the account, in any case without prejudice to the technical time for disabling the credentials. |
The transfer is necessary. Failure to provide the necessary data will make it impossible to access the reserved area. |
|
F) MANAGEMENT OF LEGAL ISSUES that may arise in relation to the contractual or extra-contractual relationship. |
The processing is necessary for the pursuit of the legitimate interest of the Data Controller in the protection of his rights, provided that the interests or fundamental rights and freedoms of the interested party which require the protection of personal data do not prevail (art. 6, par. 1 lett. f) and C47 – 50 of the GDPR). |
Until the existing relationship exists and until it expires for the time necessary for the defense in court. |
Providing data is necessary. The refusal must be balanced with the legitimate interest of the Data Controller indicated in the purposes of this point. |
|
G) ABANDONED CART REMINDER. |
The processing is necessary for the pursuit of the legitimate interest of the Data Controller in the protection of his rights, provided that the interests or fundamental rights and freedoms of the interested party which require the protection of personal data do not prevail (art. 6, par. 1 lett. f) and C47 – 50 of the GDPR). |
For the time needed to send reminder emails for your abandoned cart ( maximum 48 hours ). |
The data becomes mandatory only in the finalization phase of the purchase (insertion of the product in the cart). |
|
H) MANAGEMENT OF YOUR REQUESTS and requests from other interested parties, pursuant to art. 15 et seq. of the GDPR (rights of the interested party). |
The processing is necessary to fulfill a legal obligation to which the Data Controller is subject (art. 6 par. 1 lett. c) and C45 of the GDPR). |
5 years from the closure of the request, barring disputes. |
The provision of personal data is mandatory, as it is essential to be able to fulfill legal obligations. |
3. TO WHOM WILL THE PERSONAL DATA BE COMMUNICATED? DATA RECIPIENTS
Personal data will be communicated to entities that will process the data as independent Data Controllers, or Data Processors (art. 28 GDPR) and processed by natural persons (art. 29 GDPR) who act under the authority of the Data Controller and the Processors on the basis of specific instructions provided in order to the purposes and methods of processing, for specific purposes based on the reference area. The data will be communicated to recipients belonging to the following categories: - entities that provide services for the website and communication networks, including email, hosting and website management; - freelancers, firms or companies in the context of assistance and consultancy relationships; - Group companies and commercial partners of the Data Controller, entities belonging to the distribution network and service and logistics companies, couriers; - entities that provide services for the management of the activities indicated above in the purposes (communications entities, press agencies, websites, etc.); - banks and credit institutions; - Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
The list of Data Controllers is available by writing to privacy@aedgruppo.it or to the other contact details indicated above.
4. WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
Personal data will not be transferred to countries outside the EEA.
5. IS THERE AN AUTOMATED PROCESS?
Personal data will be subjected to traditional manual, electronic and automated processing. It is specified that no fully automated decision-making processes are carried out.
6. WHAT ARE YOUR RIGHTS? HOW CAN YOU EXERCISE THEM?
You may exercise your rights as expressed in articles 15 et seq. of the GDPR by contacting the Data Controller at the email address privacy@aedgruppo.it , or at the contact details indicated above. You have the right, at any time, to request access to your personal data (art.15), rectification (art.16), erasure (art.17), and restriction of processing (art.18). The Data Controller shall communicate (art. 19) to each of the recipients to whom the personal data have been transmitted any rectifications or erasures or limitations of processing carried out. The Data Controller shall communicate these recipients to the interested party if the interested party requests it. In the cases provided for, you have the right to the portability of your data (art.20) and, in this case, they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object (art.21), at any time, to the processing of data based on legitimate interest, and in cases where the legal basis is consent, you have the right to revoke the consent given without prejudice to the lawfulness of the processing based on consent before the revocation.
To stop receiving automated direct marketing communications (email, SMS messages, instant messaging), interested parties are invited to write an e-mail to privacy@aedgruppo.it with the subject “cancellation from automated” or to use our automatic cancellation systems provided for e-mails only (opt-out).
To stop receiving any marketing communications, interested parties are invited to write an email to privacy@aedgruppo.it with the subject “marketing cancellation”.
In the event that you believe that the processing of your personal data by the Data Controller violates the provisions of Regulation (EU) 2016/679, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which you habitually reside or work or in the place where the alleged violation of the regulation occurred (Data Protection Authority https://www.garanteprivacy.it/ ), or to take appropriate legal action.
7. CHANGES TO THE INFORMATION NOTICE
The Owner may change, modify, add or remove any part of this Privacy Policy. In order to facilitate the verification of any changes, the information will contain the indication of the update date.
Updated: February 13, 2025
