Privacy notice pursuant to Regulation EU 2016/679 – General Data Protection Regulation

Dear Data Subject, we are sharing with you the following privacy notice, issued in accordance with “Regulation (EU) 2016/679 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data” (hereinafter referred to as “GDPR”) to those using the forms of Ravioli S.p.A. (hereinafter, “Ravioli”) available online at the following address: www.raviolispa.com.

This notice concerns only the above mentioned forms available on Ravioli’s website and does not apply to any other forms or web sites that may be accessed by the user through hyperlinks.
More specifically, pursuant to Article 13 GDPR, we inform you about the following:

1. Data Controller
The Data Controller is Ravioli S.p.A. – Via Passo Pordoi 4, Milan.
Any query about this Privacy Policy, the protection of personal data and information security may be addressed to Ravioli S.p.A. via email, at the following email address: raviolispa@raviolispa.com

2. Types of data processing
The following data must necessarily be entered in order to fill out the forms mentioned above:
Contact details;
Corporate data;
Data to be entered into free text areas.
If you enter your data into the fields described above and click ‘Enter’, you enable Ravioli to save and store it in its database for the purpose of collecting, recording, organizing, consulting, processing, modifying, selecting, extracting, comparing, using, interconnecting, blocking, erasing, destroying such data.

3. Purposes of data processing
Ravioli shall use your data for the following purposes:
A- to respond to commercial requests received;
B- to send, upon express consent obtained separately, newsletters, website updates, information on security patches, surveys, promotional campaigns in connection with Ravioli’s business activities.

4. Lawful basis for processing, data retention period
Pursuant to Articles 6 and 7 GDPR, giving consent to personal data processing by ticking an appropriate box is optional, but required in order to submit the forms described above. Subscribing to the newsletter is not required and may be refused simply by omitting to tick the appropriate box.
Pursuant to Article 8, Paragraph 1 GDPR, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child. Ravioli requires all users of the forms mentioned above to be at least 16 years old or the holder of parental responsibility over the child to self-certify their consent to the processing of the personal data of the child under 16.

6. Special categories of personal data
Pursuant to Article 5, Paragraph 1 (c) GDPR, Ravioli shall keep only the personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which data is processed («data minimization»); users are therefore required not to share personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor to process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Should the user willingly share such data with Ravioli, Ravioli’s employees or independent contractors, who have received specific privacy-related training, shall promptly eliminate the message sent by the user without responding.

7. Recipients of personal data
The potential primary suppliers who might access, process, store and, more generally, carry out processing activities involving Ravioli’s data and information are evaluated also based on their data security approach and on the measures they have put in place to safeguard the privacy of Natural Persons whose data are processed by Ravioli.
Under no circumstances shall Ravioli transfer your data to third parties. Within the limits permitted by the purposes of data processing mentioned earlier, your data may be transferred to specific suppliers appointed as Data Processors pursuant to Article 28 GDPR. You can request an updated list of the suppliers concerned via email at the following address: raviolispa@raviolispa.com

8. Localization of personal data processing
All the data processing described in this notice and carried out by Ravioli shall take place within the European Union area.

9. Methods of processing
The personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures («integrity and confidentiality»).
Ravioli considers the security of information, including personal data, as an essential factor.

10. Data subject rights
The data subject shall always have the right to obtain from the Controller access to the personal data, rectification or erasure of the personal data, restriction of processing, the right to object to processing of personal data, the right to data portability, the right to withdraw consent; the data subjects can exercise these rights and the other rights provided under the GDPR simply by notifying the Data Controller via email, using the following address: raviolispa@raviolispa.com
More specifically, Ravioli shall act on the data subject request without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months in case of erasure of specific data. Moreover, the data subject shall have the right to lodge a complaint with a supervisory authority. In Italy such supervisory authority is the Data Protection Authority.
Cookies Policy
On the 8th of May, 2014 the Personal Data Supervisor produced the legislation n. 229 entitled “Identification of simplified procedures for the disclosure statement and the acquisition of the acceptance of the use of cookie”, with consequent publication in the Official Journal on the 3rd of June, 2014. Through such legislation the Personal Data Supervisor transposes the European Directives according to which every website – on the first access of a new visitor – must show an informative banner to let them be aware of the Cookies Policy operated by the website they are browsing, and to make conditional the consequent following browsing subordinated to the acceptation of such Policy. The whole measure is available on http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3118884.

Definition
Cookies are short and small texts which the browsed websites send to the personal computer (usually to the browser) of each visitor, where they are memorised to be later sent again to the same websites during the next visit of the same visitor. During the browsing of a website, the user can receive on his/her computer also other cookies coming from different websites or web servers (meaning from “third parties), in which some elements (such as i.e. images, maps, sounds, specific links to other domains) – present on the website the user is visiting – can reside. A great amount of cookies is normally present in the visitors’ browsers and sometimes they might have a long temporal persistency. Such cookies are used for numerous reasons: implementation of computer authentications, screening of the sessions, memorisation of information about specific configurations concerning the visitors accessing the server, and so on. In order to implement the correct use of the Directive, the Personal Data Supervisor determined two broad categories of cookies: technical cookies and profiling cookies. The Personal Data Supervisor also defined another distinction regarding the subject installing the cookies, which may be the same owner of the website (“editor”) or a third party installing the cookies through the first party, defining such cookies as third-party cookies. In this specific situation, the Personal Data Supervisor expressively limited the responsibility of the editor referring to the disclosure statement of the party installing such cookies.

Technical Cookies
Technical Cookies are those used with the only purpose of “the conveyance of a communication on an electronic communications network, or as strictly necessary for the provider of a service of the information society expressively requested by the subscriber or the user, in order to grant such service” (art. 122, comma 1, of the Code). Such cookies are not used for any different purpose and are normally installed directly by the owner or editor of the website. They might be browsing or session cookies, which guarantee the basic standard browsing and use of the website (i.e. allowing the user to make a purchase or to log in to access the secure areas of the website); analytics cookies, treated in the same way as technical cookies whereas directly used by the editor of the website in order to collect information in aggregated form regarding the number of visitors and how they use the website itself; functionality cookies, which allow the visitor to browse the website according to a certain numbers and types of selected criteria (i.e. language, products selected for the purchase) in order to improve the service offered to the user. No specific prior acceptance of the user is required in order to install such cookies, whilst providing the disclosure statement to data processing is compulsory as per art. 13 of the Code.

Profiling Cookies
Profiling cookies have the purpose of creating profiles regarding the user and they are used in order to send advertising messages according to the preferences shown by the user during the web browsing. As per the specific invasive nature that such cookies might have in the privacy and fundamentals rights of the users, the European and Italian Directive lays down that the user is accordingly informed about the use of the cookies in order to express his/her personal acceptance to them. Such cookies are well described in art. 122 of the Code which provides that “the storage of the relevant information in the terminal equipment of a subscriber or a user, as well as the access to already stored data, are allowed only if the subscriber or the user has expressed his/her own consent after being well informed according to the simplified procedures as per art. 13, comma 3” (art. 122, comma 1, of the Code).

According to all the information provided so far, our website installs in the terminal equipment of the user solely and exclusively first- and third-parties technical cookies among which:
Google Analytics – Statystics System
Read the Directive
Google Maps – Geographic Maps
Read the Directive

No personal data concerning the users is registered by the website.

How to double-check the settings related to the use of cookies and disable them
Cookies make easier and faster the browsing of our website, but you are able not to accept them by refusing them. This refusal will not allow us to remember your favorite selections, to offer you a customised and bespoke experience in terms of content and to collect aggregated data derived from your visit on our website. You can change the settings related to the use of cookies directly from your web browser.
For further information about how to handle and disable the cookies, please check out the following links:

Further information about disabling cookies using Firefox
Further information about disabling cookies using Chrome
Further information about disabling cookies using Safari
Further information about disabling cookies using Internet Explorer