The purpose of this document is to inform the natural person (hereinafter “Data Subject“) regarding the processing of his/her personal data (hereinafter “Personal Data“) collected by the data controller, Calinira communication di Heidi Frank, VAT number IT04243730985, e-mail address privacy@nourishmentfortransformation.eu, (hereinafter “Data Controller“), through the application Nourishmentfortransformation.eu (hereinafter “Application“).
Changes and updates will be binding as soon as they are published on the Application. In case of non-acceptance of the changes made to the Privacy Policy, the Data Subject is required to cease using this Application and may request the Owner to delete his/her Personal Data.
1. Categories of Personal Data processed
The Data Controller processes the following types of Personal Data provided voluntarily by the Data Subject:
- Contact data: name, surname, address, e-mail, telephone, images, authentication credentials, any additional information sent by the Data Subject, etc.
- Tax and payment data: tax code, VAT number, credit card details, bank account details, etc.
The Data Controller processes the following types of Personal Data collected in an automated manner:
- Technical Data: Personal Data produced by the devices, applications, tools and protocols used, such as, for example, information about the device used, IP addresses, browser type, Internet service provider (ISP) type. Such Personal Data may leave traces which, in particular when combined with unique identifiers and other information received from servers, can be used to create profiles of individuals
- Navigation and use data of the Application: such as, for example, pages visited, number of clicks, actions performed, duration of sessions, etc.
Failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation or if they constitute a necessary requirement for the conclusion of the contract with the Data Controller, will make it impossible for the Data Controller to establish or continue the relationship with the Data Subject.
The Data Subject who communicates to the Data Controller Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
2. Cookies and Similar Technologies
The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect Personal Data about the pages, links visited, and other actions that occur when the Data Subject uses the Application. They are stored and then transmitted to the next visit of the Data Subject. You can view the complete Cookie Policy at the following address: https://nourishmentfortransformation.eu/cookies-policy/
3. Legal basis and purpose of the processing
The processing of Personal Data is necessary:
- for the performance of the contract with the Data Subject, namely:
- fulfilment of any obligation deriving from the pre-contractual or contractual relationship with the Data Subject
- registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, access and be identified also through external platforms
- support and contact with the Data Subject: to respond to the Data Subject’s requests
- Payment management: to manage payments by credit card, bank transfer or other means
- by legal obligation and precisely:
- the fulfilment of any obligation provided for by current laws, laws and regulations, in particular, in tax and fiscal matters
- on the basis of the legitimate interest of the Data Controller, to:
- marketing purposes via e-mail of the Data Controller’s products and/or services to directly sell the Data Controller’s products or services using the e-mail provided by the Data Subject in the context of the sale of a product or service similar to the one being sold
- management, optimization and monitoring of the technical infrastructure: to identify and solve any technical problems, to improve the performance of the Application, to manage and organize information in an IT system (e.g. servers, databases, etc.)
- security and anti-fraud: to ensure the security of the Data Controller’s assets, infrastructures and networks
- statistics with anonymous data: to carry out statistical analyses on aggregated and anonymous data to analyse the behaviour of the Data Subject, to improve the products and/or services provided by the Data Controller and to better meet the expectations of the Data Subject
- on the basis of the consent of the Data Subject, for:
- retargeting and remarketing: to reach the Data Subject who has already visited or has shown interest in the products and/or services offered by the Application using his/her Personal Data with a personalized advertisement. The Data Subject may opt-out by visiting the Network Advertising Initiative page
- marketing purposes of the Data Controller’s products and/or services: to send information or commercial and/or promotional materials, to carry out direct sales of the Data Controller’s products and/or services or to carry out market research using automated and traditional methods
On the basis of the legitimate interest of the Data Controller, the Application allows interactions with external platforms or social networks whose processing of Personal Data is governed by the respective privacy policies to which please refer. The interactions and information acquired by this Application are in any case subject to the privacy settings that the Data Subject has chosen on such platforms or social networks. This information – in the absence of specific consent to the processing for other purposes – is used for the sole purpose of allowing the use of the Application and providing the information and services requested.
The Personal Data of the Data Subject may also be used by the Data Controller to protect itself in court before the competent courts.
4. Methods of processing and recipients of Personal Data
The processing of Personal Data is carried out using paper and computer tools with organizational methods and logics strictly related to the purposes indicated and through the adoption of adequate security measures.
Personal Data are processed exclusively by:
- persons authorised by the Data Controller who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
- subjects who operate autonomously as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes referred to in this policy (e.g., business partners, consultants, IT companies, service providers, hosting providers);
- subjects or entities to whom it is mandatory to communicate Personal Data by legal obligation or by order of the authorities.
The entities listed above are required to use appropriate safeguards to protect Personal Data and may only access those necessary to perform the tasks assigned to them.
Personal Data will not be disseminated indiscriminately in any way.
5. Place
If necessary, Personal Data may be transferred to entities located outside the territory of the European Economic Area (EEA). Whenever Personal Data is transferred outside the EEA, the Data Controller will take all appropriate and necessary contractual measures to ensure an adequate level of protection of Personal Data, including – but not limited to agreements based on standard contractual clauses for the transfer of data outside the EEA, approved by the European Commission. To request information on the specific safeguards adopted, the Data Subject may contact the Data Controller at the following e-mail address privacy@nourishmentfortransformation.eu.
6. Personal Data Retention Period
Personal Data will be kept for the period of time necessary to fulfil the purposes for which they were collected, in particular:
- for purposes related to the execution of the contract between the Data Controller and the Data Subject, they will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of ten years. In the case of litigation, for the entire duration of the same, until the deadlines for appeal have been exhausted
- for purposes related to the legitimate interest of the Data Controller, will be kept until such interest is fulfilled
- for the fulfilment of a legal obligation, by order of an authority and for protection in court, will be kept in compliance with the deadlines provided for by such obligations, regulations and in any case until the expiry of the limitation period provided for by the regulations in force
- for purposes based on the consent of the Data Subject, they will be kept until the consent is revoked
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.
7. Rights of the Data Subject
Data Subjects may exercise certain rights with reference to the Personal Data processed by the Data Controller. In particular, the Data Subject has the right to:
- be informed about the processing of your Personal Data
- withdraw your consent at any time
- restrict the processing of your Personal Data
- object to the processing of your Personal Data
- access your Personal Data
- verify and request the rectification of your Personal Data
- obtain the restriction of the processing of your Personal Data
- obtain the erasure of your Personal Data
- transfer your Personal Data to another controller
- lodge a complaint with the supervisory authority for the protection of their Personal Data and/or take legal action.
To exercise their rights, Data Subjects may address a request to the following e-mail address privacy@nourishmentfortransformation.eu. Requests will be taken care of by the Data Controller immediately and processed as soon as possible, in any case within 30 days.
Last updated: 26/05/2024