Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS CONSULTING THE CRIK CROK S.R.L. WEBSITES

PURSUANT TO ARTICLE 13 OF THE (EU) 2016/679 REGULATION 

WHY THIS INFORMATION

This page explains to all users which personal data of individuals, whether identified or identifiable, are processed during browsing and consultation and how they are processed on the sites reachable at the web addresses:

www.crikcrok.it

This information does not pertain to other sites, pages or online services that can be reached through hypertext links that may be posted on the sites but refer to resources outside the domains listed above.

DATA CONTROLLER

The data controller is CRIK CROK S.r.l. (hereinafter also only “Data Controller” and/or “CRIK CROK”), VAT and tax code 13436531001; registered office in Strada Statale Pontina Km 27,650, 00071 Pomezia (RM); telephone. 06/9106911 (a.p.s.); ordinary email privacy@icafoods.it; pec icafoodssrl@legalmail.it.

LEGAL BASIS OF PROCESSING

Personal data will be processed on the basis of your consent, which is deemed to be expressed by clicking on the appropriate banner that appears at the bottom of the page, or otherwise by browsing, using and/or consulting the site. Consent is given through the banner at the bottom of the page, or through use or consultation of the site, as a concluding behavior. Consent is deemed to be given if you intend to use one of the indicated email addresses or by filling out the appropriate form. Providing data and thus consenting to the collection and processing of data is optional, the User can deny consent, and can revoke a consent already provided at any time (via the banner at the bottom of the page or the browser settings for cookies, or the Contact link). However, denying consent may result in the inability to deliver some services and the site browsing experience would be compromised. Technical data collected for purposes of site security, abuse prevention and statistics are also processed according to the legitimate interests of the data controller for the proper operation of the site and for the protection of CRIK CROK S.r.l. If the user does not grant consent to the processing of the data, he or she will still be able to explore the contents of the website but may not be able to take advantage of any services and/or functions offered by the website (e.g.: community, form filling, comment posting, etc.).

TYPES OF DATA PROCESSED AND PURPOSES OF THE PROCESSING

Navigation data

The computer systems and software procedures used to operate this site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Specifically: – internet protocol (IP) address;

• browser type;
• Parameters of the device used to connect to the site;
• Internet service provider (ISP) name;
• Date and time of visit;
• Visitor’s web page of origin (referral) and exit;
• Domain names of computers and terminals used by users;
• Other parameters related to the user’s operating system and computing environment.

The above data, which are necessary for the use of web services, are also processed for the following purposes:

• Obtaining statistical information and analysis, in aggregate form only, on the use of the services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
• Monitoring the proper functioning of the services offered;
• The IP address is used for security purposes only and is not cross-referenced with any other data

Browsing data do not persist for more than 30 days (except for any need for the investigation of crimes by the judicial authority).

Data communicated by the user

The optional, explicit and voluntary sending of messages to the contact addresses indicated on THIS page, private messages sent by users to institutional profiles/pages on social media (where this option is provided), as well as the completion and submission of forms that may be present on the site, imply the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications.

Newsletter subscription data (see Privacy Policy regarding the Newsletter).

Data submitted via contact form.

Cookies and other tracking systems

This site makes use of cookies, text files that are recorded on the user’s terminal or that allow access to information on the user’s terminal: this information is used to properly manage the site (Technical cookies), but also to improve the browsing experience (Performance cookies).

By using our site, you consent to our use of cookies in accordance with our Extended Cookie Usage Policy that you can read “HERE.

TO WHOM DATA MAY BE TRANSFERED

The data may be transferred to some third parties who perform specific tasks, complementary to those of the site, for the execution of security checks or optimization of the site, or for the provision of a specific service requested by Users (e.g. newsletters, comments posting, form filling), or following a legitimate request by the judicial authority only in the cases provided by law.

The third parties that are Data Processors have access only to the personal data that are necessary to perform their tasks, and cannot use the data for other purposes and are bound to the instructions given by the Data Controller, specifically the Difnet Srls, for the following activities: web hosting, mail server and data storage. Google Ireland Limited (“Google”), regarding the visit tracking service using the Google Analytics tool. More information about this service can be found HERE and HERE.

We also inform you that other third parties who act as autonomous data controllers may become aware of Users’ data, also using the data for purposes other than and in addition to those of this site. For example, Facebook through the fanpage, and generally social networks that use the data conveyed through social plugins for advertising and marketing purposes. Autonomous data controllers are bound by and personally accountable to European and national data protection regulations.

The personal data collected are also processed by CRIK CROK S.r.l. personnel, which acts on the basis of specific instructions given regarding the purposes and methods of such processing.

WHERE DATA ARE PROCESSED

The data collected by the site are processed at the Data Controller’s premises, and at the datacenters (in France) of the web hosting, OVH Srl, which is responsible for processing the data on behalf of the Data Controller and is located in the European Economic Area and acts in accordance with European standards.

In relation to data processed by Google and any other social networks outside Europe, we also inform you that the transfer is permitted under specific decisions of the European Union and the Data Protection Authority, in particular:

• Privacy Shield: http://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016D1250
• Personal Data Protection Authority: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5306161 – U.S. Department of Commerce https://www.privacyshield.gov/welcome).

HOW LONG WE KEEP PERSONAL DATA

The data provided by the user are retained for as long as it is necessary for the user to continue to use the functionality of the site.

More specifically:

• in relation to cookies please refer to the specific policy HERE
• data provided by sending emails or filling out the form are kept for the time necessary to handle the user’s request. They are subsequently deleted or anonymized.

SAFETY MEASURES

We process visitors’ data lawfully and fairly, taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data. We are committed to protecting the security of your personal information while being sent, using Secure Sockets Layer (SSL) software, which encrypts information in transit. The processing is carried out using computer and/or electronic means, according to organisational methods and based on a rationale strictly related to the specified purposes. In addition to the Owner’s duly authorized and trained employees, in some cases, categories of external data processors involved in the organization of the site (such as third-party technical service providers, hosting providers) may have access to the data.

DATA SUBJECT RIGHTS

The data subject may exercise the following rights:

• Right of access: to request confirmation that a processing of data concerning him or her is taking place, and to receive information on the manner and purpose of the processing, as well as the right to receive copies of the data provided within reasonable limits;
• Right to withdraw the consent given at any time without the need to give reasons, but without prejudice to the processing carried out up to that time;
• Right to request the updating, rectification, supplementation of incomplete or inaccurate data;

• Right to object in whole or in part to the processing carried out on the basis of the legitimate interests of the owner, unless there is a legitimate reason to continue the processing, such as the exercise of rights in court;
• Right to object to the processing of personal data for marketing or commercial communication purposes;
• Right to the deletion of data (even after consent withdrawal), if no longer necessary for the purposes of the owner, in case of consent withdrawal, objection to processing, processing in violation of the law, or if there is a legal obligation to delete; 
• Right to limitation, i.e., to obtain the blocking of processing in case of violation of the prerequisites of lawfulness, but also if the data subject requests the rectification of data (pending rectification) or objects to their processing (pending the owner’s decision), in which case the data will not be processed except for the purpose of their storage;
• Right to data portability, i.e. in cases of consent-based processing, the right to receive or transmit to another named data controller at the sole cost of any support, your data provided to the Data Controller, in a structured, machine-readable form and in a format commonly used by an electronic device.

The relevant petition (exercise of rights template prepared by the Guarantor) can be submitted through any of the above contacts.

RIGHT TO COMPLAINT

Data subjects who believe that the processing of personal data relating to them, carried out through this site is in violation of the provisions of the Regulations have the right to lodge a complaint with:

– Data Protection Authority: Piazza Venezia, 11, IT-00187, Rome, email: rpd@gpdp.it 

Complaint template by the Guarantor); 

– the appropriate judicial venues.