Ricette di Gidgimo

PRIVACY

A. Who we are and why we are providing you with this document?

BORDERMIND, a corporate group composed of companies subject to management and coordination activities pursuant to Article 2359 of the Italian Civil Code, has long considered the protection of personal data of its current and/or potential clients and users to be of fundamental importance. We guarantee that the processing of personal data, carried out in any form, whether automated or manual, occurs in full compliance with the protections and rights recognized by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of natural persons regarding the processing of personal data and the free movement of such data (hereinafter referred to as the “Regulation”) and other applicable laws regarding personal data protection.

The term “personal data” refers to the definition contained in Article 4, point 1) of the Regulation, namely, “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific elements of that person’s physical, physiological, genetic, mental, economic, cultural, or social identity” (hereinafter referred to as “Personal Data”).

The Regulation states that before proceeding with the processing of Personal Data—understood, according to the related definition contained in Article 4, point 2) of the Regulation, as “any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison or interconnection, restriction, erasure, or destruction” (hereinafter referred to as “Processing”)—it is necessary that the individual to whom such Personal Data belongs is informed about the reasons for which such data is requested and how it will be used.

In this regard, this document aims to provide you, in a simple and intuitive manner, with all the useful and necessary information so that you can provide your Personal Data knowingly and informedly, and at any time, request and obtain clarifications and/or corrections.

This information notice has therefore been prepared based on the principle of transparency and all the elements required by Article 13 of the Regulation, and is organized into individual sections (hereinafter referred to as “Sections” and individually as “Section”), each of which addresses a specific topic to make your reading quicker, easier, and more comprehensible (hereinafter referred to as the “Information Notice”).

This Information Notice is accompanied by a specific consent form as required by Article 7 of the Regulation.

B. Who will process your Personal Data?

The company that will process your Personal Data for the primary purpose outlined in Section D of this Privacy Notice and that, therefore, will act as the data controller according to the definition provided in Article 4, point 7) of the Regulation, “the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is:

BORDERMIND S.R.L., with its registered office at RO, 020335, Bucharest Sector 2, 9-9A Dimitrie Pompeiu Boulevard, Building 14, registered with the Romanian Companies Registry, Tax Code and VAT number RO40335510
(hereinafter referred to as the “Data Controller”).

For certain processing activities, as identified in the subsequent Section E, the following companies will act alongside the Data Controller as joint controllers, meaning “two or more companies that jointly determine the purposes and means of the processing,” as defined by Article 26 of the Regulation:

(hereinafter referred to collectively with the Data Controller as the “Joint Controllers”).

The Joint Controllers have entered into a joint control agreement, in accordance with Article 26 of the Regulation, by which they have committed to:

Jointly determine certain purposes and methods for processing your Personal Data;
Jointly determine, clearly and transparently, the procedures for providing you with timely responses should you wish to exercise your rights, as provided by Articles 15, 16, 17, 18, and 21 of the Regulation, as well as in cases of portability of Personal Data as specified in Article 20 of the Regulation, further detailed in Section I of this Privacy Notice;
Jointly draft this Privacy Notice in the sections of common interest, indicating all the information required by the Regulation.

C. Who can you contact?

You can contact the Data Controller and/or the Joint Controllers through the following channels:

By writing to the Privacy Office of BORDERMIND S.R.L., RO, 020335, Bucharest Sector 2, 9-9A Dimitrie Pompeiu Boulevard, Building 14;
By sending an email to Bordermind.italy@gmail.com, addressed to the attention of the Privacy Office of BORDERMIND;
By calling the phone number +39 0214796433 and asking for the Privacy Office of BORDERMIND.

Additionally, to facilitate communication between you, as the data subject, meaning the “identified or identifiable natural person” to whom the Personal Data refers as per Article 4, point 1) of the Regulation (hereinafter referred to as the “Data Subject”), and the Data Controller and/or the Joint Controllers, the Regulation provides for the appointment of a supervisory and support figure in certain specific cases. Among various duties, this individual will also act as a point of contact with the Data Subject.

D. For what primary purpose will your Personal Data be processed?

The websites of the Data Controller for which this Privacy Notice is issued are those listed in the BORDERMIND Privacy Policy, available at https://gidgimo.eu/ita/privacy/ (hereinafter referred to as the “Websites”). To allow you to register on the Websites, if registration is possible, and/or to send information requests using contact forms and/or subscribe to the newsletter service, the Data Controller needs to collect certain Personal Data, as requested within the registration form on the Websites.

The processing of your Personal Data will be carried out by the Data Controller to enable you to access your profile, participate in initiatives promoted through the Websites, receive newsletters, send information requests, and use all other services offered from time to time by each of the Websites you have registered on and/or are browsing. The processing of your Personal Data will be legally based on the contractual relationship that will be established between you and the Data Controller following your acceptance of the terms and conditions of the Websites.

Additionally, the Data Controller may process your Personal Data to comply with legal obligations and respond to requests from competent authorities. In this case, the processing of your Personal Data will be based on the fulfillment of legal obligations to which the Data Controller is subject.

The Data Controller may also communicate or otherwise process your Personal Data in the context of extraordinary transactions, transfers of contracts, businesses, or business units, reorganizations, and corporate restructurings, in order to conclude and manage such transactions or to fulfill its contractual obligations arising from them. In this case, the processing of your Personal Data will be legally based on the legitimate interest of the Data Controller to carry out such transactions.

Moreover, the Data Controller may process your Personal Data to establish, exercise, and defend its rights in legal proceedings. This processing will be legally based on the legitimate interest of the Data Controller to protect its rights.

To allow the Data Controller to perform the processing activities for the purposes mentioned above, it will be necessary to provide the Personal Data marked with the symbol *. Without even one of the required data, it will not be possible to process your Personal Data, and consequently, you will not be able to complete your registration on the Websites and/or benefit from the services provided by them that require the provision of Personal Data. The Personal Data that will be requested from you for the purposes mentioned above are those listed in the registration and/or contact form, such as, but not limited to: name, surname, username, date of birth, domicile/residence address, email address, landline and/or mobile phone numbers, tax code, gender.

If you decide to access the Websites using your social profile (e.g., Facebook, Google, Twitter profile), where applicable, the collection of your Personal Data will be carried out by the Data Controller from third parties, that is, from the social platform you used to access the Websites. In this case, you can view this Privacy Notice in the Privacy section of each of the Websites (e.g., Privacy section of https://gidgimo.eu/ita/ etc.).

E. Additional Purposes

The Data Controller, together with the Joint Controllers, may request additional Personal Data from you, such as, for example, data relating to tastes, preferences, habits, needs, and consumption choices. Providing this Personal Data is optional, and not providing it will not affect your registration on the Websites or your ability to submit requests or use the services offered by the Websites.

With your express, free, and unequivocal consent in accordance with Article 6, paragraph 1, point (a) of the Regulation, or, as specified below, based on legitimate interest, the Joint Controllers may process your Personal Data for the following purposes:

Direct marketing purposes: This refers to the desire of the Joint Controllers to carry out promotional and/or marketing activities directed towards you. This category includes all activities undertaken to promote products or services sold and/or provided by the Joint Controllers based on their legitimate interest in pursuing their business objectives.
Indirect marketing purposes: This refers to the desire of the Joint Controllers to carry out promotional and/or marketing activities on behalf of third parties. This category includes all activities undertaken to promote products or services sold and/or provided by third parties with whom the Joint Controllers maintain legal relationships, without any communication of your data.
Profiling purposes: This refers to the desire of the Joint Controllers to profile you, i.e., assess your tastes, preferences, and consumption habits, also in connection with market surveys and statistical analyses. This category includes any automated processing of Personal Data to evaluate specific personal aspects, such as, for example, professional performance, economic situation, personal preferences, interests, reliability, behavior, location, or movements.

The processing of your Personal Data for the purposes mentioned in points (ii) and (iii) cannot take place without obtaining your consent, which must meet the conditions of Article 7 of the Regulation, thereby determining the lawfulness of the processing of your Personal Data.

Regarding the direct marketing purpose mentioned in point (i), it should be noted that, under Article 6, paragraph 1, point (f) of the Regulation, the Joint Controllers may carry out this activity based on their legitimate interest, regardless of your consent, and until you object to such processing. This is further explained in Recital 47 of the Regulation, where it is “considered a legitimate interest to process personal data for direct marketing purposes.” This will also be possible following evaluations carried out by the Joint Controllers regarding any potential and possible predominance of your interests, rights, and fundamental freedoms that require the protection of Personal Data over their legitimate interest in sending direct marketing communications.

The methods of contact for direct, indirect, and profiling marketing activities, as outlined in points (i), (ii), and (iii), may include both automated methods (email) and traditional methods (where permitted, operator-assisted calls, postal mail). In any case, as further detailed in Sections H and I, you may object to the processing and/or withdraw your consent, even partially, for example, by consenting only to traditional contact methods.

Regarding contact methods that use your phone numbers, please note that marketing activities by the Joint Controllers will be carried out after verifying your potential registration in the Register of Objections, as established by the D.P.R. of September 7, 2010, No. 178, and subsequent amendments.

F. To whom may your Personal Data be disclosed?

Your Personal Data may be disclosed to specific entities considered recipients of such Personal Data. Indeed, Article 4, point 9) of the Regulation, defines a “recipient” of Personal Data as “a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether or not it is a third party” (hereinafter referred to as “Recipients”).

In this regard, to correctly perform all necessary processing activities to pursue the purposes outlined in this Privacy Notice, the following Recipients may process your Personal Data:

Third parties who carry out part of the processing activities and/or activities related and instrumental to them on behalf of the Data Controller or the Joint Controllers. These parties have been appointed as Data Processors, defined individually as, under Article 4, point 8) of the Regulation, “a natural or legal person, public authority, agency, or another body that processes Personal Data on behalf of the Data Controller” (hereinafter referred to as “Data Processor”);
Individual persons, employees, and/or collaborators of the Data Controller or the Joint Controllers, who have been entrusted with specific and/or multiple processing activities related to your Personal Data. These individuals have received specific instructions regarding security and the correct use of Personal Data and are referred to, under Article 4, point 10) of the Regulation, as “persons authorized to process Personal Data under the direct authority of the Data Controller or the Data Processor” (hereinafter referred to as “Authorized Persons”);
Third parties that carry out processing activities and/or related and instrumental activities as independent Data Controllers, including but not limited to consulting firms, freelancers, banks, insurance companies, third-party companies, and/or companies belonging to BORDERMIND;
Where required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public entities or the judicial authority without being classified as Recipients. Indeed, under Article 4, point 9) of the Regulation, “public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as Recipients.”

G. How long will your Personal Data be processed?

One of the principles applicable to the processing of your Personal Data concerns the limitation of the retention period, governed by Article 5, paragraph 1, point (e) of the Regulation, which states: “Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; Personal Data may be stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to the implementation of appropriate technical and organizational measures required by this Regulation to safeguard the rights and freedoms of the data subject.”

In light of this principle, your Personal Data will be processed by the Data Controller only for the time necessary to achieve the purposes outlined in Section D of this Privacy Notice. Specifically, your Personal Data will be retained for the minimum time required, as indicated in Recital 39 of the Regulation, which is up to ten years after the termination of the contractual relationships between you and the Data Controller, unless a longer retention period is imposed or allowed by legal regulations, as also provided by Recital 65 of the Regulation.

With respect to the processing activities carried out to achieve the purposes outlined in Section E of this Privacy Notice, the Joint Controllers may lawfully process your Personal Data until you communicate, in one of the methods provided in this Privacy Notice, your intention to revoke consent for one or all of the purposes for which it was requested and/or to object to the processing. Any revocation of consent or exercise of the right to object will effectively require the Joint Controllers to cease the processing of your Personal Data for those purposes.

H. Is it possible to revoke the consent provided, and how?

As provided by the Regulation, if you have given your consent for the processing of your Personal Data for one or more of the purposes requested, you may revoke it at any time, in whole or in part, without affecting the lawfulness of the processing based on the consent given before revocation.

In addition to the above and for simplicity, if you are receiving marketing emails from the Joint Controllers that are no longer of interest to you, it will be sufficient to click the unsubscribe button at the bottom of these emails to stop receiving further communications, including through other contact channels for which your consent was obtained (SMS, MMS, postal mail, fax, telephone calls).

I. What are your rights?

As provided by the Regulation, you can exercise the following rights at any time with respect to the Data Controller and/or Joint Controllers:

Right of access: Under Article 15, paragraph 1 of the Regulation, you have the right to obtain confirmation from the Data Controller as to whether your Personal Data is being processed, and, if so, to access your Personal Data and the following information: a) the purposes of the processing; b) the categories of Personal Data concerned; c) the Recipients or categories of Recipients to whom your Personal Data has been or will be disclosed, especially if these Recipients are in third countries or international organizations; d) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request rectification or erasure of Personal Data, restriction of processing, or to object to processing; f) the right to lodge a complaint with a supervisory authority; g) where Personal Data is not collected from you, any available information as to its source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing. You can find all this information in this Privacy Notice, which will always be available in the Privacy section of each of the websites.
Right to rectification: Under Article 16 of the Regulation, you have the right to obtain rectification of any inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to erasure (“right to be forgotten”): Under Article 17, paragraph 1 of the Regulation, you have the right to obtain the erasure of your Personal Data without undue delay, and the Data Controller is obliged to erase your Personal Data when any of the following grounds apply: a) the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; b) you withdraw the consent on which the processing is based and there is no other legal ground for the processing; c) you object to the processing under Article 21, paragraphs 1 or 2 of the Regulation, and there are no overriding legitimate grounds for processing; d) your Personal Data has been unlawfully processed; e) the Personal Data must be erased to comply with a legal obligation under European Union or Member State law. In some cases, as provided by Article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to proceed with the erasure of your Personal Data where the processing is necessary, for example, for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, scientific or historical research, or for the establishment, exercise, or defense of legal claims.
Right to restriction of processing: Under Article 18 of the Regulation, you have the right to obtain the restriction of processing where one of the following applies: a) you contest the accuracy of your Personal Data (the restriction will last for the time necessary for the Data Controller to verify the accuracy of such Personal Data); b) the processing is unlawful, and you oppose the erasure of your Personal Data and request instead the restriction of its use; c) although the Data Controller no longer needs the Personal Data for processing purposes, it is required by you for the establishment, exercise, or defense of legal claims; d) you have objected to processing under Article 21, paragraph 1 of the Regulation, and are awaiting the verification of whether the legitimate grounds of the Data Controller override your own. In case of restriction, your Personal Data will be processed, with the exception of storage, only with your consent or for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest. We will inform you, in any case, before this restriction is lifted.
Right to data portability: Under Article 20, paragraph 1 of the Regulation, you have the right to request and receive all your Personal Data processed by the Data Controller and/or Joint Controllers in a structured, commonly used, and machine-readable format, or to request its transmission to another data controller without hindrance. In this case, it is your responsibility to provide us with all the exact details of the new data controller to whom you wish to transfer your Personal Data, providing us with written authorization.
Right to object: Under Article 21 of the Regulation, you have the right to object, at any time, to the processing of your Personal Data a) if it is being processed for direct marketing purposes, including profiling related to such direct marketing, or b) for reasons related to your particular situation, if your Personal Data is processed based on the legitimate interests of the Data Controller or third parties, unless there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

To exercise all of your rights as identified above, you just need to contact the Data Controller and/or Joint Controllers using the methods indicated in Section C of this Privacy Notice.

In addition, you have the right to lodge a complaint with a supervisory authority: without prejudice to your right to pursue other administrative or judicial remedies, if you believe that the processing of your Personal Data by the Data Controller and/or Joint Controllers violates the Regulation and/or applicable law, you can lodge a complaint with the Data Protection Authority or other competent supervisory authority.

J. Where will your Personal Data be processed?

Your Personal Data will be processed by the Data Controller and/or Joint Controllers within the territory of the European Union.

Should it be necessary, for technical and/or operational reasons, to use entities located outside the European Union, we inform you that such entities, if they process Personal Data on behalf of the Data Controller and/or Joint Controllers, will be appointed as Data Processors in accordance with Article 28 of the Regulation, and the transfer of your Personal Data to such entities, limited to the performance of specific processing activities, will be governed in accordance with Chapter V of the Regulation. All necessary precautions will be taken to ensure the highest level of protection for your Personal Data, with such transfers being based on: (a) adequacy decisions for third countries issued by the European Commission; (b) standard contractual clauses issued by the European Commission; or (c) the adoption of binding corporate rules.

In any case, you may request more details from the Data Controller and/or Joint Controllers if your Personal Data has been processed outside the European Union, asking for evidence of the specific safeguards adopted.