Privacy Policy

Security of personal data

The Privacy Policy is also based on Recommendation no. 2/2001 that the European Authorities for the protection of personal data, united in the Group established by Article 29 of Directive n.95/46/EC, adopted on 17 May 2001, in order to identify certain minimum requirements for gathering personal data online and, in particular, the modalities, timing and nature of the information which data controllers must provide to users when the latter connect to web pages, regardless of the connection purposes.

This Privacy Policy relates only to www.caffenibes.it and not to other websites that the user may access via links.

1. DATA CONTROLLER

Following consultation of this website, data relating to identified or identifiable individuals may be processed.

The full list of all the people responsible for the processing of personal data, who have been appointed by us, is readily available by contacting the Person Responsible for the access to the data, indicated in paragraph 13 of this document.

2. PLACE WHERE THE DATA IS PROCESSED

Data processing connected to services on this website takes place at the aforementioned office of the owner and are only handled by technical staff responsible for this purpose or by persons responsible for occasional maintenance operations.

3. DATA COLLECTION METHOD

The collection of information through the website can be done in the following ways:

3.1 Explicit methods

The information is collected by means of an explicit request whenever the user surfs the website and can include: your name, address, telephone number, email address etc. Such information is requested when you order a product, require information about a service, participate in promotional activities, fill in surveys, etc..

3.2 Implicit methods

Browsing data

Computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data, whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with specific individuals, however, by their very nature, may allow to identify users, through processing and associations with data held by third parties.

This data category includes IP addresses or domain names of the computers used by users connecting to the website, URI addresses (Uniform Resource Identifier) of requested resources, time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment. Other information collected by these methods may include: the URL (Uniform Resource Locator) of the website which the user comes from, which pages were visited, what is the next URL which the user has visited and the browser used to reach the website.

Cookies

A “cookie” is a small data file transferred to the hard drive of your computer when accessing a website. No personal user data is purposely acquired by the website.

We do not use cookies to transmit personal information, nor any kind of system is used for tracking users, the so-called cookies. This website only uses session cookies, which are not stored permanently on the user's computer and disappear when closing the browser.

The use of the so-called session cookies is strictly limited to transmitting session identifiers (consisting of random numbers generated by the server) necessary to enable a safe and efficient website navigation. The session cookies used on this website avoid using other computer techniques potentially prejudicial for the privacy of users and do not allow acquisition of personal identification data.

The information gathered is anonymous and helps analyze the traffic patterns on the website. Over time, this may help improve contents and simplify its use. Most browsers automatically accept cookies, but you can also reject them entirely or selectively accept only some, depending on your browser preferences.

If you inhibit the loading of cookies, some components of the website may not be available and some pages may be incomplete.

Data Log

Logs are files containing data relating to traffic patterns or activities performed by users, who connect over the network to our website, which are registered automatically. These files make it possible to rebuild all the events on our website. Logs are an essential element for the management of the system and help solve many technical and organizational issues.

The information we store on such files are only those that are essential in order to detect both connection times and the connected IP address. This information, besides being necessary for administrative purposes, is stored for a maximum period of 30 months (as provided for by art.132 of the Privacy Code) for both purposes of investigation and the prosecution of crimes.

3.3 Information voluntarily submitted by the interested party

The voluntary submission of e-mails to the addresses listed on this website, including using the services provided, involves the display of the sender’s e-mail address and of any other personal data included in the message. This information will be used for the sole purpose of providing the requested service. If, for any reason, data are used for other purposes, they will be the subject of necessary obligations depending on the use we will make of them in accordance with current regulations (informative report and, if necessary, request for consent), otherwise they will be immediately and irrevocably removed from our information systems.

4. LINKS TO OTHER WEBSITES

The website contains links to third party websites. When users utilize such links, they are forwarded to areas not controlled by our organization, which is responsible neither for the content that you might encounter nor for the procedures relating to privacy therein adopted. This policy does not not extend to the privacy procedures taken by any linked site. It is advisable to carefully examine the procedures of each site you visit. Other websites, in a completely independent manner, may send their own cookies to users, collect data or solicit personal information.

5. NATURE OF PROCESSED DATA

The data collected, in addition to those mentioned above and required to provide the requested services and for the relative obligations (e.g. invoicing, etc.), cover the following categories of data:

· Personal, fiscal and economic data, which are necessary for the provision of services subject of contractual relations, existing or future;· Data related to e-mail addresses;

Compribene does not acquire in any way data classified as sensitive (art. 4 paragraph d - Legislative Decree no. 196/03) or of a judicial nature (art. 4 paragraph e - Legislative Decree no. 196/03). If such data are voluntarily provided for requesting a service, unless they are accompanied by consent for the processing, they we will be deleted.

6. PURPOSES OF DATA PROCESSING

By purposes of data processing we mean the reason, the purpose for which data is collected. According to such purposes, it is necessary, in some cases, to obtain prior consent, in order to proceed for the collection and subsequent processing of the data. In case of need, consent will be explicitly requested, so as to make it possible to grant it for all or just for certain processing.

6.1 Purposes for which consent is not necessary

Browsing data

These data are only used to obtain anonymous statistical information on site usage and to check its correct functioning, and are deleted immediately after processing. Data may be used to ascertain responsibility in the event of hypothetical computer crimes damaging the website: except for this eventuality, data on web contacts are not stored for more than seven days.

Personal details voluntarily provided by users and processed as a result of service requests

Such data will only be used for the purpose and for the time strictly necessary to perform the service or provision requested, and will be disclosed to third parties only if this is necessary for that purpose, such as office clerks, couriers for the shipment of products requested, etc.

Processing of information relating to traffic data

They do not identify you personally and are used on an aggregate and never customized basis, in order to analyze user behavior with a view to understand how visitors use the website and to measure the interest found in each website's page. This allows to enhance Site Content, to simplify its consultation and to tailor advertisements.

6.2 Purposes for which consent is required

Processing of traffic data for purposes relative to the marketing of electronic communications services

The data will be processed for the time and extent necessary for the delivery of the service required.

Processing of data stored on the terminal equipment of a subscriber or user for legitimate purposes. It is data needed for technical storage, used for the time strictly necessary for the transmission of communications or to provide a specific service personally requested by the subscriber or the user (cookies).

The processing is needed for:

  • managing e-commerce, so as to make user navigation increasingly easier, fast, efficient and personalized in the various activities that are carried out on the site, such as orders (e.g. “shopping cart”), joining a mailing-list, technical support, etc. ...)
  • management of Internet surfing through limited access areas, which require users to sign up, with a combination of username and password, in order to be admitted for navigating the website (by sending a cookie containing a code indicating which pages the visitor is allowed to view - which will be recognized at each subsequent visit - surfers are avoided the burden to re-enter username and password each time they access a new page);

7. METHOD PROCESSING

Data processing is automated through the use of tools and procedures that guarantee security and confidentiality of data, even during the use of more technologically advanced media, such as the internet.

Processing may include all operations or set of operations for the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, deletion and destruction of data, according to art. 4, paragraph 1, lett. a, and required for the processing in question, including disclosure and diffusion towards the subjects, as specified in the relevant section of this document.

These data, in addition, shall be:

  • 1. processed lawfully and fairly;
  • 2. collected and stored for specific, explicit and legitimate purposes, and used in other processing operations in terms not incompatible with such purposes;
  • 3. accurate and updated, if necessary;
  • 4. adequate, relevant and not excessive for the purposes for which they are collected or subsequently processed;
  • 5. kept in a form allowing data identification, for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed; according to art. 11 Legislative Decree no. 196/03.

Specific security measures are observed to prevent loss of data, illegal or incorrect use and unauthorized access.

8. PERSONAL DATA SECURITY

Personal data, possibly collected on the website, are protected from unauthorized access, use or disclosure. These data can be accessed only by our staff in charge with their own authentication credentials; the necessary security procedures were applied, in order to protect data from violations by unauthorized personnel, both locally and on the network. All personal data provided to us are indeed stored in a safe and controlled environment. To this end, physical, electronic and organizational processes were provided, in order to safeguard and secure the information gathered, such as use of firewalls, anti-viruses and protection through encryption via SSH and HTTPS connections.

9. GUARANTEES FOR SUBSCRIBERS AND/OR USERS AND STORAGE OF TRAFFIC DATA

Particular attention is paid to the safety of provided services, making sure to safeguard:

  • the integrity of traffic data;
  • the integrity of electronic communications.

Such guarantees are provided by the above procedures as well as by advanced electronic equipment and a constant and continuous system monitoring. Moreover, whenever there are risky circumstances, all customers and, where possible, users shall be informed about the existence of particular risks of network security breach. Such disclosure shall also be sent to the Guarantor, as provided for by paragraph 3 of art. 32.

10. INFORMATION SHARING

The personal information collected on the network are not sold, traded or rented to third parties. Should there be a need for it, you shall be asked for consent. Personal data may be communicated and/or disclosed as specified in section “communication and disclosure.”

11. OBLIGATION OR FACULTY TO PROVIDE DATA

Except as specified for browsing data, the user is free to provide personal data that may be required for browsing our website. Their absence may involve the impossibility to process the request.

12. COMMUNICATION AND DISCLOSURE

No data from the web service is communicated or disclosed. It may, however, be the necessity to rely on outsiders, in order to fulfill your request (e.g. other consultants, couriers, etc.), in which case such data may be communicated to these individuals, in order to to fulfill the request.

Moreover, these data can be viewed by persons appointed and responsible for the company's internal processing.

13. YOUR RIGHTS

The subjects whom personal data refer to have the right at any time to obtain confirmation of the existence or otherwise of such data as well as to know the relevant contents and origin, to verify their accuracy or to request their integration, updating or rectification under art.7 of Legislative Decree no. 196/03.

According to the above article, one has the right to request deletion, transformation into anonymous form or blocking of data that were processed illegally as well as to object:

  • for legitimate reasons to the processing of one’s own personal data, although relevant to collection purposes;
  • in any case, to the processing of one's own personal data for the purposes of sending advertising or direct selling material, or for carrying out market research or commercial communication.

In order to exercise these rights, you may contact the person in charge, appointed by us pursuant to Article 13 f) of Legislative Decree no. 196/03, by sending a written communication via e-mail info@compribene.it, available at the company's head office.

Below is an excerpt from Art. 7 Legislative Decree no. 196/03, to remind you that you may exercise towards us the following rights:

Art. 7 (Right of access to personal data and other rights)

  • 1. You have the right to obtain confirmation of the existence or absence of personal data concerning you, even if not yet stored, as well as their communication in a comprehensible form.
  • 2. You have the right to obtain information about:
    • 1. the source of personal data;
    • 2. the purposes and methods of processing;
    • 3. the logic applied in case of processing carried out with the aid of electronic means;
    • 4. the identification details of the owner, people in charge and appointed representative under Article 5, paragraph 2;
    • 5. the subjects or categories of subjects - whom personal data may be communicated to or who may learn about them as appointed representative within the Italian territory - managers or appointees.
  • 3. You have the right to obtain:
    • 1. the updating, rectification or, when interested, the integration of data;
    • 2. the cancellation, anonymization or blocking of data processed unlawfully, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
    • 3. certification that the operations in letters a) and b) have been notified, also as regards their content, to those whom the data were communicated or disclosed to, except in cases where such fulfillment proves either impossible or involves the use of manifestly disproportionate means compared to the protected right.
  • 4. You have the right to object, wholly or partly:
    • 1. for legitimate reasons to the processing of personal data concerning you, although relevant for collection purposes;
    • 2. the processing of personal data for the purposes of sending advertising or direct selling