Privacy Policy

pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“EU Regulation”) and Legislative Decree 30.06.2003, n. 196, as amended and integrated by Legislative Decree 10.08.2018, n. 101 (“Personal Data Protection Code” or “Privacy Code”)

In accordance with the EU Regulation, this page describes the methods for processing the personal data of users who consult the Casillo S.p.A. – Società Benefit (hereinafter the “Company”) website, accessible electronically at the following addresses: www.molinocasillo.com. This information does not concern other sites, pages, or online services reachable via hypertext links that may be published on the site but refer to resources external to the Casillo S.p.A. – Società Benefit domain.

Data Controller and Processor
The Data Controller is Casillo S.p.A. – Società Benefit, in the person of its legal representative, with registered office in Corato (BA) at Via Sant’Elia Z.I.
The Data Processor can be identified at the Company’s structures where the relevant lists are deposited, by contacting the privacy representative.

Data Protection Officer
The Company has appointed a Data Protection Officer (DPO), who can be reached at the following address: liviotenerellidpo@gmail.com

Legal Basis for Processing
The legal bases that make the processing lawful are:

• the execution of contractual or pre-contractual activities adopted at the request of the data subject or to which the data subject is a party (GDPR Art. 6, paragraph 1, letter b);
• regarding marketing activities, the acquisition of specific consent from the data subject for the processing of the requested data (GDPR Art. 6, paragraph 1, letter a).

 

Types of data processed – navigation data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters relating to the user’s operating system and computer environment.

Purposes of processing

• The acquired data are processed for the execution of pre-contractual and/or contractual activities carried out at the request of the data subject in their exclusive interest, for the supply of products requested by them.
• Navigation data, necessary for the use of web services (through the use of sites, apps, and similar), are also processed for the purpose of monitoring the correct functioning of the services offered.
• Data necessary for commercial communication activities are also requested, for the presentation of proposals, activities, and offers, and for the possible collection of information related to customer satisfaction, carried out either by Casillo S.p.A. – Società Benefit as an independent Data Controller, or possibly by third parties, as external Data Processors or independent Controllers, by virtue of possible specific agreements.

 

Data communicated by the user
The optional, explicit, and voluntary sending of messages to the Company’s contact addresses, as well as the completion and forwarding of the forms present on the site, entail the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications.

Data retention period and right to erasure (i.e. right to be forgotten)
For the purposes referred to in point 1, the Data Controller processes and stores the personal data of data subjects for as long as the registration remains active and for a further period of 3 (three) years, for the execution of inherent and subsequent requirements, for compliance with applicable legal and regulatory obligations, as well as for its own or third-party defensive purposes, without prejudice to any extension in case of legitimate needs. In the case of limited access to contingent activities related to current promotions, without any registration obligation, the data will be processed for the time necessary to process the requests made and stored for a minimum period of 60 (sixty) days, to allow for any form of protection for the parties. Navigation data do not persist for more than 7 (seven) days and are deleted immediately after their aggregation (except for any need for the investigation of crimes by the judicial authority). For the purposes referred to in point 3, the Data Controller processes and stores personal data for a minimum period of 3 (three) years, for the execution of inherent and subsequent requirements, for compliance with applicable legal and regulatory obligations, as well as for its own or third-party defensive purposes. At the end of the retention period, personal data referring to the data subjects will be deleted or stored in a form that does not allow the identification of the data subject (e.g., irreversible anonymization), unless consent for their further processing is renewed.

Cookies and other tracking systems
The relevant information for cookies is provided in a specific module upon the first access to the site. This module contains the reference information and requests.

Rights of Data Subjects
Data subjects have the right to obtain from the Company, in the cases provided for, access to personal data, updating, rectification, integration, as well as erasure of the same, transformation into anonymous form, or restriction of processing concerning them, or to object to processing (Articles 15 et seq. of the EU Regulation). For any requests and/or instances concerning the exercise of data subject rights, send an email to the following address: liviotenerellidpo@gmail.com

Right to Lodge a Complaint
Data subjects who believe that the processing of personal data referring to them carried out through this site occurs in violation of the provisions of the EU Regulation have the right to lodge a complaint with the Data Protection Authority (Garante), as provided for by Art. 77 of the Regulation itself, or to take appropriate judicial action (Art. 79 of the EU Regulation).