- you visit our website www.pasticceriaquadrifoglio.com/ita/en or use our app;
- you purchase any products or services from us;
- you otherwise enter into a contract with us;
- you contact us by email, letter, social media or SMS, via a contact form, etc.;
- you sign up for particular offers (e.g. competitions) and our newsletter;
- you have any other dealings with us involving any other processing of data in relation to our products and services.
Data Controller: Pasticceria Quadrifoglio srl (di seguito "PQ"), Via Morandi, 25 - Campogalliano (MO) 41011.
If you have any questions relating to data protection, please send them to the following address so that we can answer your concerns as quickly as possible:
Telephone: +39 059 527156
The Data Protection Officer of PQ can be contacted at firstname.lastname@example.org.
a) If you visit the website
If you visit our website www.pasticceriaquadrifoglio.com/ita/en,
the browser used on your device automatically sends information to our website’s server. This information is stored temporarily in a so-called “log file”.
We anonymise or erase this information once it is no longer relevant for the purposes pursued, which depending upon the type of data may occur after up to 24 months (for preferences relating to products and services). This period may be longer where necessary or essential on a technical level for the purpose of securing evidence or compliance with statutory or contractual requirements.
We process the following data whenever you visit our website:
- IP address of the requesting terminal;
- information concerning your device, its operating system and language settings
- information concerning your internet provider
- the content accessed, or the logs in which usage of our systems is recorded
- the date and time of access to the website along with your approximate location
- information concerning the content and files in the user account accessed
- any other information arising in relation to usage of the user account, such as e.g. the transmission of the access code by push message for the purpose of logging in to your user account through the website
The data referred to above are processed by us for the following purposes:
- ensuring a seamless connection to the website;
- ensuring an optimal user experience on our website;
- assessing system security and stability
- other administrative purposes.
The legal basis for this is point (f) of Article 6(1) GDPR. Our legitimate interest in processing your personal data results from the purposes mentioned above.
b) On social media platforms
If you communicate with us or comment on or share content via social media and our related social media profiles (e.g. Facebook, Instagram, Twitter, Snapchat, Pinterest, TikTok, YouTube, WhatsApp, Linkedin or Xing), we collect information, which we use in particular in order to communicate with you, for marketing purposes and for statistical assessment. Please note that, whenever you visit our social media pages, the provider of the respective platform will also collect and use data itself (e.g. concerning user behaviour), where appropriate alongside other data known to it (e.g. for marketing purposes or for the purpose of personalising platform content).
We use the data that you enter when accessing our contributions on social media platforms for the following purposes:
- to share your data on our social media pages, where this function is offered by the social media platform concerned;
- to communicate with you via the social media platform;
- to hold competitions (see Section g) below).
The legal basis for data processing by us is your consent (point (a) of Article 6(1) GDPR), the performance of a contract (point (b) of Article 6(1) GDPR) or the protection of legitimate interests (point (f) of Article 6(1) GDPR). The legitimate interest is justified by our interest in public relations work and communication.
We automatically erase your personal data after three years, unless a longer legal retention requirement applies. If this is the case, we shall erase your personal data after this legal retention requirement has expired.
The following erasure period according to letter g) applies to data that we use specifically for competitions.
On our website we offer the opportunity to use “social media plugins” (e.g. of Facebook, Instagram, LinkedIn) in order to incorporate the functions of these providers into our website. These plugins are disabled as the default setting. After you have activated them (e.g. by clicking on the button), the respective provider will be able to establish that you have visited our website. If you have an account with the social media provider concerned, it may allocate this information to you, and as a result track your usage of online content.
As a general rule, we are responsible jointly alongside the respective provider for the sharing of data that the provider collects using plugins or comparable functions (although not for any further processing by the provider). Where possible, we have concluded a specific addendum with the provider concerned. You can submit requests for information and other data subject enquiries relating to our joint responsibility directly to the provider concerned.
c) When signing up for our electronic newsletter
If you have provided your express consent in accordance with point (a) of Article 6(1) GDPR, we use your email address to send our electronic newsletter to you at regular intervals, or to arrange for it to be sent on our behalf. All we need in order for you to be able to receive the electronic newsletter is your email address.
You can unsubscribe from the newsletter at any time by clicking on the link at the end of each newsletter. Alternatively, you can send an email to Info.IT@emmi.com if do not wish to receive the newsletter any longer.
d) If you request the sending of information by post
If you request the sending of information by post, we shall use your postal address in order to send you the information desired at regular intervals by post, or to arrange for it to be sent to you. In order to receive information by post it is sufficient to provide your name and a postal address.
The legal basis for processing is either our legitimate interest in accordance with point (f) of Article 6(1) GDPR or your express consent in accordance with point (a) of Article 6(1) GDPR.
You can unsubscribe from the newsletter at any time, for instance by sending an email to email@example.com, using the contact form on our website or sending a letter or postcard to the sender’s address as indicated in the information sent out.
e) By using our contact form
The website contains a contact form, which can be used to submit any questions. Depending upon the person to whom the enquiry is addressed, a valid email address, your first name, surname and address including post code and town/city and a telephone number must be provided so that we can know who has submitted the enquiry and answer it efficiently. You can provide additional information on a voluntary basis.
The processing of data for the purposes of contact with us (and our answer) is based on our legitimate interest in accordance with point (f) of Article 6(1) GDPR or communicating with you and answering your enquiries.
The personal data collected by us in the contact form are automatically erased after the enquiry submitted by you has been dealt with, or otherwise at the latest after six months.
f) Usage of our live chat
With our live chat we offer you the opportunity to talk directly to us. In order to do so, it is necessary to provide an email address so that we can get in touch with you at a later stage.
The duration and time of the call are stored for statistical purposes. A transcript of the chat is stored after anonymisation for quality assurance purposes.
Data processing for the purposes of communication with you is based on our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
From time to time we hold competitions, contests or other similar advertising initiatives. Depending upon the type of competition, contest or advertising initiative, we may ask to receive the following personal information in order to hold them:
- Title, surname, first name;
- Date of birth;
- Contact information (email address and mobile telephone number)
- Where appropriate, other information based on our legitimate interest
The legal basis for the processing of these data is point (b) of Article 6(1) GDPR (performance of a contract). The data are erased after the competition or initiative has ended. If we use your data for marketing purposes (email, newsletter etc.) or other purposes, this processing occurs on the basis of your prior consent in accordance with point (a) of Article 6(1) GDPR. In such cases, the data are retained for these purposes in accordance with Section b) above. We shall only share your personal data with a third party for the purpose of their own usage within the ambit of a competition or other initiative with your express consent or if this is necessary in order to hold the competition.
h) Communication and maintaining customer contacts
We also process your personal data for communication purposes, which means establishing contact with you and maintaining that contact. This includes answering enquiries and contacting you with any follow-up questions, for instance by email. For this purpose we process in particular your communication and master data (e.g. name, address, email address, etc.). We also process your personal data for the purpose of maintaining customer contacts and for marketing purposes, so that you can obtain targeted information tailored to your personal interests and preferences, e.g. through the newsletter and personalised advertising. For this purpose we process in particular technical data, master data and communication data, as well as behavioural data. The legal basis for the processing of these data is point (b) of Article 6(1) GDPR (performance of a contract), our legitimate interest in accordance with point (f) of Article 6(1) GDPR and where applicable your consent in accordance with point (a) of Article 6(1) GDPR.
i) Provision and improvement of our services
If you use purchase our products and services, we process data in order to take steps prior to entering into a contract, for the performance of the respective contract and in order to provide any follow-up services. We use these data as we are unable to perform contracts without them. We also process your data in order to improve our services and for product development purposes. The legal basis for the processing of these data is point (b) of Article 6(1) GDPR (performance of a contract), our legitimate interest in accordance with point (f) of Article 6(1) GDPR and where applicable your consent in accordance with point (a) of Article 6(1) GDPR.
j) Corporate management
We also process your data for corporate management purposes, including business organisation and corporate development, other internal processes and administrative purposes (e.g. management of master data, accounting and archival), education and training purposes and the preparation for and implementation of purchases and sales of business units, companies or parts of companies and other corporate transactions and the related transfer of personal data, as well as business management measures and the protection of other legitimate interests. The processing of these data is based on our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
k) Upholding of rights.
We process personal data under certain circumstances also to assert claims judicially, in court or out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims (upholding of rights). The processing of these data is based on our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
l) Security purposes
We may also process your data to safeguard domiciliary rights and other measures for IT, building and system safety and to protect our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings). The processing of these data is based on our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
m) Other purposes
We reserve the right to process your personal data for other purposes. However, we shall inform you accordingly and, where appropriate, obtain your consent in accordance with point (a) of Article 6(1) GDPR.
When providing our services we work with external service providers, which process your personal data on our behalf. These may include recipients from the following categories:
- IT service providers for data hosting services
- marketing service providers in relation to marketing activities (e.g. competitions, marketing campaigns, analytical cookies)
- customer communication service providers
Where any service provider processes personal data as an outsourced data processor, it is obliged to process personal data exclusively in accordance with our instructions and to put in place measures to ensure data security.
Data may also be shared with other recipients, e.g. courts and authorities within the ambit of proceedings or under the terms of legal disclosure and cooperation obligations, to buyers of companies and assets, to financing companies in the event of securitisation and to debt collection companies.
In specific individual cases it is possible that we may share personal data with other third parties also for their own purposes, e.g. if you have consented to this or if we are obliged or entitled under law to share them.
.In addition, we only share your personal data within the Emmi Group and/or with third parties if:
- you have provided your express consent;
- it is necessary for the performance of a contract with you;
- the processing of your data is required to comply with a statutory obligation;
- processing is necessary in order to protect our legitimate interests or those of a third party, unless there is any reason to assume that you have any overriding interest dictating otherwise.
Where necessary for the purposes mentioned above, we also transmit your data to recipients situated outside the European Economic Area (EEA). Please note that, under certain circumstances, the level of data protection in these third countries may not be comparable to that available in the EU or the EEA, and it thus cannot be fully excluded that your data may be passed on to state authorities in the third country without reasonable opportunities to enforce rights.
We ensure that data are only transmitted to third countries where adequate protection for your personal data is guaranteed. This means that we only share your data if the EU Commission has issued an adequacy decision for the respective third country (Article 45 GDPR), if appropriate safeguards have been put in place to protect your personal data (Article 46 GDPR) or if it is permitted by law (Article 49 GDPR).
Adequate safeguards within the meaning of Article 46 GDPR include the standard contractual clauses published by the EU Commission. For further information concerning the standard contractual clauses, which we use as a basis for the transmission of your personal data to third countries, please contact the authorities mentioned in Section one.
However, depending upon the purpose of these cookies we may ask for your express consent in accordance with point (a) of Article 6(1) GDPR before using them. You can access your current settings by clicking on the button. You can also configure your browser so that it blocks or provides incorrect information to particular types of cookies or alternative technologies, or erases any cookies previously saved. You can also incorporate a software add-on into your browser that blocks third party tracking. Further information can be found on the help pages of your browser (generally under the heading “Privacy”) or on the third party websites mentioned below.
We use the following types of cookie (including other technologies):
- Necessary cookies:
Necessary cookies are essential for the proper operation of the website or of particular functions. They make it easier for you to use the website. For instance, they help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. They also ensure that you can navigate between pages without losing information that has been entered into a form and whilst enabling you to remain logged in. These cookies are only stored temporarily (“session cookies”). Session cookies are automatically deleted when you leave our website. If you disable them, the site may not work properly. Other cookies are necessary in order to enable the server to store options or information (entered by you) after the end of a session (i.e. a visit to a website), if you use these functions (e.g. language settings, consents, automatic login functions etc.). These cookies have an expiry date of up to 12 months. The legal basis for this is our legitimate interest in accordance with point (f) of Article 6(1) GDPR in providing you with all functions on our website. You can find a link above with a detailed list of all essential cookies and their respective expiry dates.
- Performance cookies:
- Marketing cookies:
We and our advertising partners have an interest in structuring advertising in as targeted a manner as possible, i.e. we only display advertising messages to the people we would actually like to address. We have listed our advertising partners below. For this purpose – if you have consented – we and our advertising partners save cookies that can record the content accessed or the contracts concluded. This enables us to optimise our content (see Section 6), and enables both us and our advertising partners to display advertising on our website, although also on other websites that display advertising placed by us or by our advertising partners (see Section 7) that in our view may be of interest for you. The legal basis for these cookies is your consent in accordance with point (a) of Article 6(1) GDPR. If you consent to the usage of these cookies, corresponding advertising will be displayed to you. If you do not consent to the usage of these cookies, you will not be displayed fewer adverts but rather generically selected adverts. You can withdraw your consent at any time via the cookie settings. Depending upon the circumstances, marketing cookies have an expiry date of between a couple of days and 12 months. You can find a link above with a detailed list of all marketing cookies and their specific expiry dates.
- content personalisation
- displaying personalised adverts and offers
- displaying adverts on third party websites and measuring their success, i.e. whether you respond to the adverts (remarketing)
- saving settings between visits
- identifying whether and how we can improve our website
- collecting statistical data concerning the number of users and their usage habits as well as improving the website’s speed and performance
- We may process your contact data in order to display advertising to you on the platforms of third party providers.
We may also use similar technologies, such as “pixel tags” or “fingerprints” in order to store data in your browser. Pixel tags refer to small, normally invisible images or pieces of program code loaded by a server that transmit particular information to the server operator, e.g. whether and when a website has been visited. Fingerprints refer to information collected during your visit to our website concerning the configuration of your end device or your browser that make it possible to distinguish between your end device and other devices.
a) How can cookies and similar technologies be disabled?
When visiting our website, you have the option of enabling or disabling particular categories of cookies. You can configure your browser’s settings so as to block particular cookies or similar technologies or to erase any cookies and other data previously saved in the browser. You can also expand your browser with software (known as a “plugin”) that blocks tracking by certain third parties. You can find out more on the help pages of your browser (generally under the heading “Privacy”). Please note that our website may potentially no longer work completely if you block cookies and similar technologies.
b) Partner and third party cookies on our website
We avail ourselves of third party services so that we can assess and improve the user-friendliness of the website and online advertising campaigns. Third party providers may also be situated outside Switzerland and the EU/EEA, provided that protection for your personal data has been adequately secured. For example, we use analytical services that enable us to optimise and personalise our website. The corresponding third party providers can log website usage and cross-reference their records with other information obtained from other websites. This enables them to track user behaviour across multiple websites and end devices, so that they can provide us with statistical assessments on this basis. Providers may also use this information for their own purposes, e.g. for personalised advertising on their own websites or other websites. If a user has an account with the provider, the provider is able to allocate the usage data to the data subject.
Two of the most important third party providers are Google and Meta. Further information concerning them is provided below. Other third party providers generally process personal data and other data in a similar manner.
- Meta Pixel, an analytical tool of Meta Platforms Irland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This enables us to manage adverts placed with Meta and the partners of Meta in such a manner that they are only displayed to users for whom the adverts are likely to be of interest. We can also measure the efficacy of these adverts for statistical and market research purposes. We are jointly responsible alongside Meta for the sharing of data that Meta receives as a result, for the display of personalised advertising, for improving advert display and for personalising content. These data are stored on servers situated in the EU/EEA and the USA. Users are invited to submit any requests for access and other enquiries directly to Meta. Further information concerning data protection at Meta and the corresponding settings options can be found here.
Necessary cookies are necessary for the functioning of the website or for certain features. They make the use of our website more pleasant for you. For example, they help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. They also ensure that you can move between pages without losing information that was entered in a form and that you stay logged in. These cookies exist temporarily only («session cookies»). The session cookies are automatically deleted after leaving our pages. If you block them, the website may not work properly. Other cookies are necessary for the server to store options or information (which you have entered) beyond a session (i.e. a visit to the website) if you use this function (for example language settings, consents, automatic login functionality, etc.). These cookies have an expiration date of up to 12 months. The legal basis for such cookies is our legitimate interest according to Art. 6 (1)(f) GDPR to provide you with all functions of our website. Please find above a link with the detailed list of all necessary cookies and their expiration period.
We shall only retain your data for as long as is necessary in order to fulfil the above-mentioned purposes. Please refer to the above sections for the specific retention periods. We are also subject to various legal retention and documentation requirements, which may require retention for a longer period of time. On account of these retention and documentation requirements, we are obliged to retain your data for up to ten years.
You have the right:
- to withdraw your consent at any time to the processing of your personal data. This means that we will not be able to continue processing any data in future on the basis of your consent;
- to obtain information concerning your personal data that are being processed by us. You can request in particular information concerning the following issues: the purposes of processing, the categories of personal data concerned, the categories of recipient to whom your personal data have been disclosed, and the envisaged period for which the personal data will be stored; the existence and source of personal data, where the personal data are not collected by us, and the existence of automated decision-making, including profiling and where applicable meaningful information about the these data;
- without undue delay to obtain the rectification of inaccurate data or to have incomplete data stored by us completed;
- to obtain the erasure or destruction of your personal data stored by us, unless any such processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- to obtain the restriction of processing of your personal data, if the accuracy of the data is disputed by you or if processing is unlawful but you object to their erasure or if we no longer require the data but you require them for the establishment, exercise or defence of legal claims or you have objected to processing;
- to obtain the personal data that you have provided to us in a structured, commonly used and machine-readable format or to obtain the transfer of those data to another data controller; and
- to lodge a complaint with a supervisory authority. As a general rule, you can contact the supervisory authority of your habitual residence or place of work, or alternatively in Switzerland. For Italy: Garante per la Protezione dei Dati Personali, Piazza Venezia n. 11, I - 00187 Roma. E-mail: firstname.lastname@example.org / T: + 39 06 69 6771. However, we would appreciate it if we could address your concern before you contact the competent supervisory authority, and therefore ask that you contact us in the first instance.
Please note that these rights are subject to legal prerequisites and restrictions in accordance with Article 23 GDPR, and thus may not be available in full under all circumstances. Specifically, we may have to continue to process your personal data in order to perform under a contract concluded with you, to uphold our own legitimate interests, such as the establishment, exercise or defence of legal claims, or in order to comply with legal obligations. Where permitted by law, in particular in order to protect the rights and freedoms of other data subjects and to protect legitimate interests, we may therefore refuse to answer a request made by a data subject either in full or in part (e.g. by redacting particular content relating to third parties or our own business secrets).
If your personal data are processed on the basis of our legitimate interests, you have the right to object to this processing on grounds relating to your particular situation. If you decide to object to the processing of your personal data, we shall stop processing the personal data concerned unless we are able to identify compelling legitimate grounds for processing that override your interests, rights and freedoms or unless processing is necessary for the establishment, exercise or defence of legal claims.
You also have the right to object at any time to the processing of personal data concerning you for the purposes of marketing; this also applies in relation to profiling, where related to any such marketing. If you decide to object to processing for the purposes of marketing, we shall stop processing the personal data concerning you for these purposes.
If you would like to exercise your right to object, please send an email to email@example.com.
We operate the widely used Transport Layer Security (TLS) technology on our website in conjunction with the highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. If any individual page from our website is transmitted in encrypted form, you can recognise this from the symbol of a locked padlock on your browser’s status bar.
In addition, we take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised third-party access. Our security measures are being continually improved in line with technological developments.