Information on the processing of personal data

of users who consult the site pursuant to art. 13 of regulation (EU) 2016/679 (“GDPR”)

A.I.A. – AGRICOLA ITALIANA ALIMENTARE S.p.A. Single-member company (VAT number – Tax code: 00233470236), in the person of its pro tempore legal representative, with registered office in San Martino Buon Albergo (VR) – Piazzale Apollinare Veronesi n.1, as data controller personal pursuant to art. 4. 4. par. 1 of the GDPR (“Owner”) is constantly committed to protecting the online privacy of its users, protecting their personal data and describing, on this page, what information can be collected and how it can be used through its accessible website electronically at the following address: https://www.veronesi.it/.

1) Source of personal data and Data Controller
This page describes the general methods of processing the personal data of users of the Data Controller’s Site, referring to any sections, if any, where the user can find specific information and any requests for consent (for individual treatments), which they can also be contextual to the user’s personal data collection forms (eg: “contact request” section).
This information does not concern other sites, pages or online services accessible via hypertext links that may be published on the Site but referring to resources external to the aforementioned domains.
Following consultation of the Site, data relating to identified or identifiable natural persons may be processed.

2) Processing methods
The information and data provided by the user or otherwise acquired as part of the use of the Site will be processed in compliance with the provisions of the GDPR and the confidentiality obligations that inspire the activity of the Owner. According to the GDPR, the treatments described in this document will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.

3) Types of data
Following browsing on the Site, the user is informed that the Data Controller will process the following types of personal data (“Personal Data”):

(i) Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (eg: successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning [see below paragraph (iii) on cookies], to identify anomalies and / or abuses, and are deleted immediately after the ‘processing. The data could be used by the competent authorities to ascertain responsibility in the event of hypothetical computer crimes against the Site.

(ii) Data provided voluntarily by the interested party
Apart from what is specified for navigation data, the user is free to provide the Personal Data contained in any contact forms present on the Site (eg: to send a request for information, etc.). Failure to provide them could make it impossible to provide the service. In these cases, only the information necessary for the requested service will be collected (see the specific information in detail). If the user provides or otherwise processes the Personal Data of third parties in the use of the Site, he / she guarantees from now – assuming all related responsibility – that this particular hypothesis of treatment is based on an appropriate legal basis pursuant to art. 6 of the GDPR which legitimizes the processing of the information in question.

(iii) Cookies and other tracking systems
Cookies are small text files that the sites visited by the user send and record on their computer or mobile device, to be then re-transmitted to the same sites on the next visit. Thanks to cookies, a site remembers the user’s actions and preferences (such as , for example, the login data, the chosen language, the font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to visit said site or browse from a page to other of it.
Cookies, therefore, are used to perform computer authentication, session monitoring and storage of information regarding the activities of users who access a site and may also contain a unique identification code that allows you to keep track of the user’s navigation within. of the site itself for statistical or advertising purposes. While browsing a site, the user can also receive on his computer cookies from sites or web servers other than the one he is visiting (so-called “third party” cookies). Some operations could not be performed without the use of cookies, which in some cases are therefore technically necessary for the site to function.
There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer for different periods of time: “Session cookies”, which are automatically deleted when the browser is closed; CD. “Persistent cookies”, which remain on the user’s device until a pre-established expiry date. According to the legislation in force in Italy, the user’s express consent is not always required for the use of cookies. In particular, the so-called “technical cookies”, ie those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user. In other words, these are cookies that are essential for the functioning of the site or necessary to perform activities requested by the user.
For more information on the cookies used on the Site and possibly manage in consent, where required, the user is referred to the relevant cookie information retrievable on the site.

4) Purpose of the processing and legal bases
The processing of Personal Data has the purpose of allowing the user to browse the Site and the provision by the Owner of any services, where provided; the legal basis of the processing is the execution of pre-contractual measures adopted at the request of the interested party pursuant to art. 6, par. 1, lett. b) of the GDPR. The provision of Personal Data for these purposes is optional, but failure to provide it would make it impossible to carry out the requested services.
It is specified that for some of the services on the Site the legal basis may be the specific consent of the user pursuant to art. 6, par. 1, lett. a) of the GDPR. In such cases, the Site has user consent collection features compliant with art. 7 of the GDPR, together with the specific information where the distinct purposes of the processing are explained.

5) Recipients of Personal Data
The user’s personal data may be shared, for the aforementioned purposes, with:
– persons authorized by the Data Controller to process Personal Data necessary to carry out activities strictly related to the provision of services, who are committed to confidentiality or have an adequate legal obligation of confidentiality (eg employees and system administrators);
– third parties possibly involved in the management of the Site who typically act as Managers or Sub-Managers of the processing of Personal Data;
– subjects, entities or authorities to whom it is mandatory to communicate the user’s Personal Data by virtue of the provisions of the law or orders of the authorities.

6) Transfers of Personal Data
Some of the user’s Personal Data may be shared with recipients established outside the European Economic Area. The Data Controller ensures that the processing of the user’s Personal Data by the Recipients referred to in the previous § 5) takes place in compliance with the GDPR. Indeed, transfers can be based on an adequacy decision, on the Standard Contractual Clauses (SCC) approved by the European Commission or on another suitable legal basis.

7) The privacy rights pursuant to art. 15 and ss. of the GDPR
Pursuant to articles 15 and following of the GDPR, the user has the right to ask the Data Controller, at any time, to access his Personal Data, to rectify or delete them or to oppose their treatment, he has the right to request the limitation of processing in the cases provided for by art. 18 of the GDPR, as well as, in the cases provided for by art. 20 of the GDPR, to obtain their data in a structured format, commonly used and readable by an automatic device.
Requests should be sent to the Data Controller at the following e-mail address: privacy@gruppoveronesi.com.
The Data Protection Officer (DPO) can be contacted at the e-mail address: dpo@veronesi.it.
In any case, the user always has the right to lodge a complaint with the competent Supervisory Authority (Guarantor for the Protection of Personal Data www.gpdp.it), pursuant to art. 77 of the GDPR, if you believe that the processing of your Personal Data is contrary to the legislation in force.

8) Changes
This information on the processing of personal data of users who consult the site is in force from the date of its publication on the site itself. The Owner reserves the right to modify or simply update its content, in part or completely, also due to changes in the applicable legislation. The Owner will inform the user of these changes as soon as they are introduced and they will be binding as soon as they are published on the Site. The Owner therefore invites the user to regularly visit this section to become aware of the most recent and updated version of this Information to be always updated on the data collected and on the use made by the Data Controller.