The User’s personal data (hereinafter, the Data) will be processed, through IT and telematic methods and, for particular operations, via paper support, by The Cooking Hacks SRL, with headquarters in Via Livigno 6 / B, 20158 Milan (of following, TCH), as data controller (hereinafter, the Data Controller), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 relating to the protection of individuals with regard to the treatment of personal data and related implementation legislation (hereinafter, jointly, the Regulation) in order to allow the registration and access of the User to the TCH sites (hereinafter, the Sites), as well as to allow the User to take advantage of the services connected to the Sites (by way of example: recalculation of recipes, private area, shopping list, prize events, events, initiatives, etc …, hereinafter, the Services), in compliance with current legislation and as reported in this statement.
A. DATA COLLECTED AT THE TIME OF REGISTRATION TO THE SITES AND SUBSEQUENTLY
When registering on the Sites, the User will be asked to enter some Data. TCH invites the User to check which Data are indicated as mandatory and which, however, as optional, it is understood that failure to provide the Data marked as mandatory prevents registration on the Sites; failure to provide the Data marked as optional does not prevent registration on the Sites, but may make certain Services and/or some communication channels and/or participation in some events unusable (unless the User does not return the Data subsequently). In particular, if the User does not provide his/her mobile phone number, in the event that this data is requested, he/she cannot be contacted via text message or other mobile messaging, in case of consent, to be invited to previews, events and/or cannot participate in prize events and/or surveys that are carried out via text message or other mobile messaging. The user can associate an image (so-called “avatar” or similar) to his user profile and will have the opportunity to express preferences and establish which data to make public and which to keep confidential towards other users of the sites and/or third parties. Any responsibility in this regard lies with the User. The User can at any time modify his/her profile and, in cases where the Owner allows it, enter the data previously not provided for the purpose of using the Services and / or participating in initiatives that would otherwise be precluded. By registering on the Sites, Users will benefit from a series of exclusive Services reserved for registered users. The Sites are managed by the Owner both by sending periodic e-mails to the e-mail address provided by the user, and by sending a newsletter if the user has requested its receipt. With these communications, the Owner will inform the User of the Services on the Sites, of the news concerning the Sites, as well as of the initiatives that will be organized in favour of the Users of the Sites or, exclusively, of the Registered Users (by way of example: award, discussion areas/comments, invitations etc …). The newsletter may also contain advertising banners, advertisements and advertising proposals from both the Owner and third parties, if the User has given his express consent to the receipt of third party commercial communications. In the event that the User receives a non-optioned commercial communication, TCH requires the User to send a communication to the address firstname.lastname@example.org, in order to carry out any checks.
B. REGISTRATION TO SPECIFIC SERVICES
To be able to use some specific and additional Services, at the time of registration, the User may have to communicate certain further Data in addition to those already made at the time of registration to the Sites or at the time of registration to other Services. In this case, the requested data will be indicated according to the cases as mandatory and optional according to the same rules as in the previous point.
C. PURPOSE OF DATA PROCESSING
The Data will be processed by the Data Controller, according to the principles of necessity, lawfulness, correctness, proportionality and transparency
- (i) to allow the use of the Sites and of every single Service (including, for example, the periodic newsletter) whose performance is gradually requested;
- (ii) for any fulfilment deriving from legal obligations;
- (iii) for sending advertising material and carrying out promotional, marketing and / or direct sales activities of products and / or services sold and / or provided by the Owner, unless the User decides not to receive these communications when registering on the Sites or subsequently;
- (iv) for the sending by the Owner of commercial communications concerning products or services of selected third-party partners, with which the Owner has legal relations (without in this case there is a communication of data to third parties) only with explicit consent User;
- (v) to carry out profiling activities, i.e. to evaluate the tastes of the User, preferences and consumption habits, also through the invitation to participate in market research, and for the subsequent sending of profiled marketing communications, only with the consent explicit of the User.
The contact methods aimed at direct marketing activities, on behalf of selected partners and profiling as in points (iv) and (v) above, may be both automated (via email or text message) and traditional (telephone calls with an operator and postal items). In any case, the User may withdraw consent, even partially, for example by consenting only to traditional contact methods.
D. LEGAL BASIS OF DATA PROCESSING
The processing of data for the purpose indicated in point (i) of the preceding paragraph is carried out to allow the user to use the services and therefore does not require the express consent of the user (according to article 6.1 letter (b) of the Regulation).
The processing of data for the purpose indicated in point (ii) of the preceding paragraph is carried out to fulfil legal obligations and therefore does not require the express consent of the user (according to article 6.1 letter (c) of the regulation).
The processing of data for the purposes indicated in point (iii) is carried out based on the legitimate interest of the owner to offer the user its products and services (according to article 6.1 letter (f) of the Regulation) unless opposition of the User when registering on the Sites or subsequently. In particular, the Data Controller may carry out these direct marketing activities in the absence of the express consent of the User (under an assessment of the prevalence of his interest in sending direct marketing communications, in the absence of real prejudice to the interests of the User, rights and fundamental freedoms and as provided for in Recital 47 of the Regulation which qualifies as “legitimate interest” to process personal data for direct marketing purposes), but only up to an opposition of the User to such treatment.
The processing of data for the purposes indicated in points (iv) to (v) of the preceding paragraph is carried out only in the presence of the express and specific consent of the User and based on the same.
The provision of Data for the purposes referred to in points (i) and (ii) of the preceding paragraph is, therefore, necessary for the purposes of registration on the Sites and to allow the User to use the Services: their failure to communicate will make it impossible to register on the Sites.
The provision of Data for the purposes referred to in points (iii) to (v) is instead optional, but any refusal by the User will make it impossible for the Owner to carry out direct marketing activities, on behalf of third parties or with profiling.
E. SCOPE OF COMMUNICATION AND DISCLOSURE OF DATA
The Data provided by the User will be processed in compliance with the Regulation and, in any case, in such a way as to guarantee their safety and confidentiality, to prevent their unauthorized disclosure or use, alteration or destruction. The data will be processed electronically and/or if necessary on paper, also with the aid of electronic and informative means, directly and/or through delegated third parties, according to logic strictly related to the aforementioned purposes. These subjects will operate as external data processors according to art. 28 of the Regulation. The Data Controller will also proceed directly to process the User Data in its technological infrastructure and/or making use of the support and technological infrastructure of third party suppliers appointed as data processors. A list of all the managers appointed by the Data Controller is available to the User by writing to the address email@example.com. The treatment will be entrusted, in individual operations, to natural persons appointed in charge of the treatment.
The User Data will be stored on the servers available to the Owner located in the European Union.
If for technical and/or operational reasons it is necessary to make use of subjects located outside the European Union, or it is necessary to transfer some of the Data collected to technical systems and services managed in the cloud and located outside the area of the European Union, the treatment will be regulated following the provisions of Chapter V of the Regulation and authorized based on specific decisions of the European Union. Therefore, all necessary precautions will be taken to guarantee the most complete protection of personal data by basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the recipient third party according to art. 46 of the Regulation; c) on the adoption of binding corporate rules, the so-called corporate binding rules.
F. UNDER AGE USERS
The Owner encourages parents to monitor their children’s use of the Internet for a safe and filtered use of the related contents, also through the use of parental control tools. In addition to ensuring an online environment suitable for minors, these tools can prevent the disclosure of personal data by children or young people who do not have the consent of their parents. About the collection and processing of personal data, the Data Controller does not carry out any processing of the personal data of minors without the consent of their parents. Registration on the Sites is therefore allowed only to users over the age of 18 or users over the age of 16. The Owner, moreover, encourages the registration of registered parents of minors on the Sites of parents: in this way parents can use the Services and to be always aware of the initiatives that the Owner makes available to their children, and to verify their thus the correspondence to one’s expectations and one’s models and educational paths. About the provision of some Services, the Owner does not require users to disclose their age, and / or is not in a position to learn about the age of the users. The Owner therefore invites all users who are under 18 years old not to communicate their personal data in any case without the authorization of a parent, reserving the right to inhibit access to the Services and / or exclude from the Sites any user who has concealed his minor age or has in any case communicated his personal data in the absence of the consent of his parents despite being under the age of 18.
G. LINK TO SITES WITH THIRD PARTY SERVICES
Within the Sites and/or other messages and/or communications that the Owner will send to the user as part of the provision of the Services, banners, advertising messages and/or advertisements of third parties, advertisers or commercial partners may be contained of the owner. The Data Controller informs users that by adhering to the proposals of the aforementioned third parties, users will be able to purchase goods or services and access multimedia pages of exclusive relevance of these third parties, which are outside the control of the Data Controller and that they are not in any therefore required to comply with the provisions of this statement. The Data Controller, therefore, invites users to provide their data to these third parties only in the face of suitable guarantees of confidentiality and to pay the utmost attention before joining the services they offer, concerning which the Data Controller cannot carry out any checks, nor will he be involved in any other way or responsible.
H. PERIOD OF RETENTION OF PERSONAL DATA
The data collected for the processing purposes indicated in points (i) to (iv) of the paragraph “Purpose of data processing” will be kept (but not used as for the purposes from (iii) to (iv) in the absence of the consent of the User) until the cancellation of the account on the Sites, or until the express request of the User to delete the Data (which will, however, lead to the cancellation of the account and the impossibility of further use of the Services) except in the case of exceptional necessity of the Holder to keep the Data to defend their rights in relation to disputes existing at the time of the request or upon indication of the public authorities. The data collected for the processing purposes indicated in point (v) of the paragraph “Purpose of data processing” will be kept until the User withdraws consent to the profiled marketing activities described therein or until the account is cancelled on the Sites, or to the express request for deletion of such Data, except for the exceptional need to keep the Data to defend one’s rights in relation to disputes existing at the time of the request, or upon indication of the public authorities.
I. USER RIGHTS
TCH reminds that the User has the right:
- to obtain the cessation of treatment in cases where the User Data is processed for direct marketing purposes, also in relation to products or services identical to those already purchased by the Owner and/or provided through the Sites (so-called right of opposition)
- to obtain information in relation to the purposes for which the User Data are processed, the period of treatment and the subjects to whom the Data are communicated (so-called right of access)
- to obtain the correction or integration of inaccurate data concerning him (so-called right of rectification)
- to obtain the cancellation of the Data concerning him in the following cases
- (a) the Data is no longer necessary for the purposes for which it was collected;
- (b) the User has withdrawn his consent to the processing of Data if they are processed on the basis of his consent;
- (c) the User has objected to the processing of the Data concerning him if they are processed for a legitimate interest of the Owner; or
- (d) the processing of User Data does not comply with the law.
However, TCH reports that the retention of Data by the Data Controller is lawful if it is necessary to allow the User to fulfil a legal obligation or to ascertain, exercise or defend a right in court (so-called cancellation right)
- to obtain that the Data concerning him are only kept without any other use of them in the following cases
- (a)the User disputes the accuracy of the Data, for the period necessary to allow TCH to verify the accuracy of such Data;
- (b) the processing is illegal but the User still opposes the cancellation of the Data by the Owner;
- (c)the Data is necessary for the User to ascertain, exercise or defend a right in court;
- (d)the User has opposed the treatment and is awaiting verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party (c.f. right of limitation)
- to receive in a commonly used format, readable by an automatic and interoperable device, the Data concerning the User processed by automated means, if they are processed by registration on the Sites or on the basis of the User’s consent (so-called right of portability).
Finally, TCH reminds that the User has the right to contact the Guarantor for the protection of personal data Piazza di Monte Citorio, 121 – 00186 Rome RM) to assert his rights in relation to the processing of his personal data.
L. CONTACT DETAILS TO ENSURE YOUR RIGHTS
The owner of the processing of personal data is The Cooking Hacks S.R.L. The owner has appointed ex-art. 37 ss. of the Regulation a Data Protection Officer (also known as DPO), domiciled for the assignment at The Cooking Hacks S.R.L. and who can be contacted for questions relating to the processing of data at firstname.lastname@example.org. By writing to the same email address, the User can exercise the rights indicated in the preceding paragraph. The User may also modify the consents issued regarding the processing of Data by the Owner at any time, directly through the privacy settings of his / her account.
In addition to the above, if the promotional e-mail messages sent by the Owner are no longer of interest to the User, simply click on the link at the bottom of these e-mails, to no longer receive any communication in this regard.
M. CHANGES TO THIS REPORT
Notwithstanding that, in any case, the Data Controller does not proceed with processing operations other than those expressly authorized and/or requested by each user, this information may be subject to changes to comply with new legal provisions, with the changed processing policies of the personal data by the Owner and/or following changes in the characteristics of the Sites and/or Services. Each updated version of this information will be made available on the Websites in the dedicated section: the Owner, therefore, invites all users to periodically consult the Websites in order to be always informed of the latest version published.
N. SITE AND COOKIE NAVIGATION
A “cookie” is a small amount of data containing a unique anonymous identification code which is sent to the User’s browser by a web server and which is subsequently stored on the hard disk of the user’s computer. The cookie is then reread and recognized only by the website that sent it every time subsequent connections are made. The cookies used by the Owner are text files that the Sites transfer to the user’s computer to facilitate navigation. Thanks to cookies, the recognition of the registered user by the user can be facilitated, for example by avoiding the need to authenticate (through “log-in” and “password”) on the occasion of each access to the Sites. Cookies also can allow Users to customize their use of the Sites by saving their favourite settings. Cookies also record some information relating to user navigation. Each user has the right to independently disable cookies through the software used on his personal computer for browsing the Internet (so-called “browser”). Many browsers are set up to accept cookies in the absence of different instructions from the user. TCH invites the User to check the settings of their browser concerning cookies and to adjust them according to their preferences, however bearing in mind that to take advantage of some Services it may be necessary to enable the reception of cookies (in such cases you will be duly informed). The technological platform through which the Sites are made available to the user, also through cookies, automatically records some information on the personal computer and the user’s browsing, such as the name of his Internet access provider, site of origin, pages visited, date and duration of the visit, etc … This information is used only to allow access to the Sites and / or the enjoyment of some Services and / or can be used in aggregate form for statistical purposes. The Sites also have the possibility of analyzing, always in aggregate form, the opinions and preferences expressed by the user in the context of the Services made available.