Il Nocciolaio Dei Fratelli Bianco pays the utmost attention to the confidentiality, protection, and security of personal data relating to the people with whom it comes into contact.
As a User of this Website, you are, therefore, invited to visit all the sections of this document in advance. This document describes how the Website is managed in relation to the processing of personal data of the people who use it.
The User is the person who uses the site, be it a natural person or a person who operates in the name and on behalf of legal entities by providing personal data.
This document also serves to provide information pursuant to art. 12 and 13 of EU Regulation 2016/679 and the applicable national legislation on the processing of personal data (Legislative Decree 196/2003 updated to Legislative Decree 101/2018 and subsequent amendments), to all those who interact with the web services of Il Nocciolaio, accessible electronically at www.ilnocciolaio.it, and exclusively for the data collected through this Website.
This information is provided and is only valid on this Website and not for other websites that may be consulted by the User through links on the Website; Il Nocciolaio has no control over these websites or the procedures they apply for the respect of data privacy and, therefore, we suggest consulting the privacy rules of all the subjects with whom you come into contact before communicating personal information.
Information pursuant to art. 13, para. 1
Data Controller and contact information
Il Nocciolaio informs you that your personal data will be processed:
- pursuant to Articles 12 and 13 of EU Regulation no. 679/2016 (General Data Protection Regulation, hereinafter referred to as "GDPR" for brevity) and the applicable national legislation on the processing of personal data, by specifically authorised subjects, limited to the purposes and with the methods that will be specified below with reference the functionality of the web portal www.ilnocciolaio.it.
Data Protection Officer contact details
The activity carried out for the purposes referred to in this statement by Il Nocciolaio does not fall within the hypotheses provided for by art. 37 of the EU Reg. no. 679/2016.
Object, purpose of the processing
Il Nocciolaio, as Data Controller, informs you that it will process your personal data (if you are a natural person or if you are natural persons operating in the name and on behalf of clients who are legal persons) in particular, your common personal data, that is your name, surname, email address, telephone number, company name, registered office, VAT number, IP addresses or domain names.
Your data, as described above, will be processed in the ways and the forms prescribed by the GDPR, for the performance of the features of the Website.
The User assumes responsibility for the personal data of third parties published or shared via the Website, and guarantees that he/she has the right to disclose or disseminate such data, releasing the Data Controller from any liability to third parties.
In particular, the personal data you have provided to the Data Controller will be processed for the following purposes:
A) Legal obligations.
To fulfil any type of obligation contemplated and envisaged by current laws, regulations, correlated standards and commercial uses, in particular, in fiscal/tax matters;
B) Execution of a contract or pre-contractual measures.
To fulfil and execute the contract and to complete any action aimed at fulfilling the mutual obligations arising from the contractual relationship; for the fulfilment of specific requests from the User before the conclusion of the final contract with the User. To follow up on the specific requests for quotes made by you to the Data Controller through the Website by means of the specific "add to quote" functionality, after registering on the portal, a service rendered to VAT holders, or by means of specifications requests via email or other communication channels.
C) Registration on the portal.
With direct registration (Login) and authentication, the User allows the system to identify him/her and give him/her access to dedicated services, including requesting cost estimates through the automatic service.
D) Request management.
To follow up on specific requests for information made by you to the Data Controller through the Website and its communication tools (filling in the contact form, request information and other communication tools such as by telephone, email, fax).
To send commercial communications and various notices concerning the sector in which the Data Controller operates, with specific consent provided by you by selecting the relevant box; to send newsletters, commercial proposals, report advertising events, send promotional communications for similar services, manage direct relationships and company/customer-user contacts, via email and, therefore, for direct marketing activities, with a specific consent given by you by selecting the relevant box.
It should be noted that the processing of data given in general will be carried out, even following automatic collection during navigation, for the sole purpose of verification and control of access to the Website. This also applies to any technical cookies, to be understood as session cookies, functionality cookies or analytics cookies that meet the requirements specified by the Guarantor. In any case, for these analytics cookies, the Website, also in compliance with the clarifications of the Guarantor, has provided for the anonymisation of the IP addresses and the data processing amendment; the collection and use of the aforementioned browsing data (without prejudice to the anonymisation of the IP addresses) allows for the monitoring of the Website's performance and allows us to improve the service offered, offering the User a better browsing experience.
Personal Data processed: Cookies; Usage Data.
Personal Data processed: Cookies; Usage Data.
This information is effective only with reference to the aforementioned web portal www.ilnocciolaio.it, but not with reference to the services provided by Facebook / other social networks or to other and different portals or websites that may be consulted via the links contained therein, of the which Il Nocciolaio is in no way Data Controller and, as a result, we invite you to read the privacy policies of the respective platforms. The Data Controller informs you that if a service for interacting with social networks is installed, then it may still collect traffic data for the pages it is installed on, even if the Users do not use the service.
Legal basis for data processing
Apart from that specified for the navigation data, any communication of the personal data specified above from you directed to the Data Controller has as a basis for the lawfulness of the processing.
- For the purposes referred to in point A) the legal basis falls under art. 6, para. 1, letter c) of the GDPR).
- For the purposes referred to in point B), C) the legal basis falls under art. 6, para. 1, letter b) of the GDPR, concerning the execution of a contract of which the User is a party or the execution of pre-contractual measures adopted at the request of the same (such as the request for quotes through the automatic system) or to follow up on specific requests from you addressed to the Data Controller.
The communication of data to the company which occurs for this purpose is a necessary requirement for the establishment and execution of the contractual relationship of which you are a participant with the stipulation of the contract itself, or to receive the requested estimate, in particular with reference to all specific services connected to the establishment and correct execution of the aforementioned contractual relationship.
- For the purposes referred to in point F) the legal basis falls under art. 6 para. 1, letter f) of the GDPR, the data processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties. However, it should be noted that, as mentioned above, the information generated by the cookies as you use the Website (including the IP address, which indicates its identification on the internet) is not transmitted to Google as this Website is equipped with tools that reduce the identifying power of cookies.
Recipients and categories of recipients of the collected data and data transfer
Il Nocciolaio will process the Users' data in compliance with the personal data protection obligations set out in the legislation. The information acquired in the exercise of the activity will not be used by the company or third parties to obtain any personal advantage; the Data Controller will ensure that the duty of confidentiality is also respected by its trainees, employees, and collaborators.
In particular, in relation to the purposes indicated above, the data may be disclosed to the following persons and/or categories of persons indicated below or may be disclosed to companies and/or persons, who provide services, including external services, on behalf of the Data Controller. Among these, we indicate for greater clarity, by way of example but not exhaustively: subjects - internal or external to the company - that provide computerised and telematic services for the management of the information system used by the Data Controller and the telecommunications networks (including email and the electronic management of web portals and internet sites - hosting), subjects that in the eventuality that the Data Controller reserves the right to appoint the person responsible for the processing; suppliers, sales agents, carriers, transport companies; financial administrations and other companies or public bodies in compliance with regulatory obligations; competent authorities and/or Supervisory Bodies to fulfil legal obligations; consulting companies and firms; law companies and firms for the protection of contractual rights; subjects that carry out control, revision, and certification of the activities carried out by the Data Controller who act as external data processing managers pursuant to art. 28 of the GDPR, or in total autonomy as separate Data Controllers.
This Website may also share some of the data collected with localised services both intra-EU and non-EU (in the latter case it will be exclusively those subject to the Privacy Shield protocol). The transfer is authorised based on specific decisions of the European Union and the Guarantor, in particular Decision 1250/2016 (Privacy Shield - here the Policy of the Italian Data Protection Authority), hence no further consent is required. In particular, the following are indicated:
Google Analytics with anonymised IP (Google Inc.) Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses personal data collected for the purpose of tracking and analysing the use of this online space, creating reports and sharing them with other services developed by Google.
Information pursuant to art. 13, para. 2
Data retention period
Data is processed and stored for the time required for the purposes for which it was collected.
We point out that, in compliance with the principles of lawfulness, limitation of purposes and the conservation and minimisation of data, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed, or for the entire duration of the fulfilment of the aforementioned purposes.
- The data collected for tax/administrative obligations will be kept for the time necessary to fulfil the aforementioned purposes and in accordance with the provisions of the law, and in any case for a period not exceeding that dictated by civil law.
- Personal data collected for purposes related to the execution of a contract or pre-contractual measures, including preventive, between the Data Controller and a User will be retained until the execution of the contract is complete.
- Personal Data collected for purposes related to the User's consent; the Data Controller can keep Personal Data:
for a period of time not exceeding the achievement of the purposes for which it is collected, therefore, until the requests made by the Users are processed or until his/her consent is revoked.
Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be erased. The right to access, annul and rectify Personal Data and the right to portability of data can, therefore, no longer be exercised after this period has ended.
- Right to Access and Rectification
Pursuant to art. 15 of the GDPR, in your capacity as a User, you have the right to obtain from the Data Controller confirmation of the existence or otherwise of processing of personal data concerning you, to obtain access to them and to all the information referred to in the same art. 15, paragraph 1, letters (a) to (h), by issuing a copy of the data processed in a structured format, in common use, readable by an automatic and interoperable device.
Pursuant to art. 16 of the GDPR, in your capacity as a User, you have the right to obtain from the Data Controller the correction and/or integration of the data being processed if they are not updated and/or accurate and/or complete.
- Right to cancellation and Right to Limitation
Pursuant to art. 17 of the GDPR, in your capacity as a User, you have the right to obtain, without undue delay, from the Data Controller, exclusively in the cases referred to in art. 17, paragraph 1, letters from (a) to (f), of the GDPR, the deletion of data concerning you - with the exception of the hypotheses specifically provided for by art. 17, paragraph 3.
Pursuant to art. 18 paragraph 1, letters from (a) to (d), of the GDPR, in your capacity as a User, you have the right to request and obtain from the Data Controller, the limitation of the processing of your personal data, or that such data are not subjected to further treatments and can no longer be modified. The Data Controller ensures that the limitation of the processing is implemented through appropriate technical devices that guarantee its inaccessibility and the impossibility to modify the data.
- Right to portability
Pursuant to art. 20 of the GDPR, in your capacity as a User, you have the right to receive from the Data Controller personal data concerning you, which is processed by automated means, in a structured format, commonly used and readable by an automatic device. You also have the right to transmit such data to another Data Controller, or to obtain from the Data Controller, where technically feasible, the direct transmission of such data to another Data Controller specifically identified.
- Right to Object
Pursuant to art. 21 of the GDPR, in your capacity as a User, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data in accordance with Article 6, paragraph 1, letters e) or f), including profiling on the basis of those provisions. The Data Controller shall no longer process personal data unless the Data Controller demonstrates compelling legitimate grounds for its processing, which override your interests, rights, and freedoms or for the establishment, exercise or defence of legal claims.
- revocation rights
Pursuant to art. 6 para. 1 let. a) you have given your consent to the processing of your data for the purposes specified above and, therefore, your express consent is purely optional and not mandatory, having no other consequence, if not the impossibility for the owner to properly perform the aforementioned direct communication services. And, in any case, the consent you may have provided may be revoked by you at any time, with immediate effect on the aforementioned business activities and services. It should be noted that this revocation will not affect the lawfulness of the processing based on the consent given prior to the revocation.
- Right to lodge a complaint
Pursuant to art. 77 of the GDPR, as well as art. 140 bis of Legislative Decree 196/2003 updated to Legislative Decree 101/2018, in your capacity as a User, you have the right to lodge a complaint with the Guarantor for the protection of personal data, www.garanteprivacy.it, according to the methods indicated in the aforementioned articles, or to appeal to the judicial authority.
How to exercise your rights
The Data Controller will confirm the receipt of your request and provide you with information on the action taken, with reference to the exercise of your rights under articles 15 to 22 of the GDPR, within 1 (one) month from receipt of the request. If necessary, and taking into account the complexity and the number of requests, the Data Controller may extend this term to 2 (two) months, subject to a reasoned communication to be sent within 1 (one) month from receipt of the request.
The Data Controller will communicate any correction, cancellation or restriction of opposition to all recipients, as identified by art. 4, paragraph 1, no. 9 of the GDPR, to whom such data have been transmitted, unless this proves impossible and/or involves a disproportionate effort.
In the event that the Data Controller fails to comply with your request within the period of 1 (one) month from receipt of the request, the latter will inform you of the reasons for the non-compliance, henceforth informing you of your right to make a complaint to the Supervisory Authority (Guarantor for the protection of personal data), as specified in accordance with art. 13, paragraph 2, letter (d) and governed by articles 77 et seq. of the GDPR.
Consequences of failure to communicate your data
The User is free to provide his/her personal data. The provision of data is optional or necessary depending on the specific purpose for which the data is processed. Failure to provide data will make it impossible to obtain the service requested or to use the services of the Data Controller.
- With regard to the purposes referred to in point A) above, data processing is necessary.
- With regard to the purposes referred to in point B) above, the processing of data is necessary for the establishment and execution of the contractual relationship of which you are a party with the signing of the contract itself or pre-contractual measures, in particular with reference to all the specific services connected to the establishment and correct execution of the aforementioned contractual relationship. Failure to communicate your data will make it impossible for the Data Controller to proceed with the contract or, in any case, with the pre-contractual measures and, therefore, with the establishment and execution of the same commercial contractual relationship.
- With regard to the purposes referred to in point C) above, data processing is necessary for the purposes of executing the terms governing the use of the Platform. In other words, in order to register as a User of the Platform and obtain an automatic quote, we need to process your data. Otherwise, registration and your use of the services would be impossible.
- With regard to the purposes referred to in point D) above, the data processing is necessary to follow up on your requests. Failure to communicate your data will make it impossible for the Data Controller to process your requests.
- With regard to the purposes referred to in point E) above, data processing is optional. In case of failure to communicate this data, marketing mailing lists, commercial information, etc. will not be carried out.
- With regard to the purposes referred to in point F) above, the processing of data is necessary because it is a legitimate interest of the Data Controller. However, the Website is equipped with data anonymisation systems.
- With regard to the purposes referred to in point G) above, data processing is optional. In case of refusal by the User, unnecessary cookies will be blocked.
Automated decision-making and profiling
The Data Controller informs you that, for the purposes of processing your personal data, it does not make use of automated decision-making processes, namely those aimed at making decisions based solely on technological means based on predetermined criteria (i.e. without human involvement), or carrying out profiling activities, that is those aimed at using your personal data to analyse or predict aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or travel etc.
Method of processing
The Processing of the personal data that you communicate is carried out through the operations indicated in art. 4, paragraph 2) of the GDPR and specifically the: "collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation, and destruction of data".
The personal information that you provide is processed automatically for the time strictly necessary to achieve the purposes for which it was collected, with technical and organisational procedures adopted to prevent the loss of data, its illegal or incorrect use and unauthorised access, and so, therefore, to guarantee a level of security appropriate to the risk pursuant to art. 32 of the GDPR, by persons specifically authorised, in compliance with the provisions of art. 29 of the GDPR, or employees and/or collaborators of the Data Controller in their capacity as authorised entities and/or system administrators, who can carry out consultation, use, processing, comparison and any other suitable operations in compliance with the legal provisions necessary to guarantee, inter alia, the confidentiality and security of data as well as the accuracy, updating and relevance of the data in accordance with the stated purposes and methods.
It should be noted, in particular, that the personal data you provide will be processed only at the registered office of the Data Controller, unless otherwise specified, and will not be disseminated, and, pursuant to art. 13, paragraph 1, letter (e), it may only be processed by authorised parties and/or by external processors (in the case of individual professionals and/or complex professional associations), among which the hosting company and/or by technical personnel in charge of the management and/or maintenance of the Website is explicitly listed, but only and exclusively for the purposes expressly and specifically indicated above.
The User's Personal Data may be used by the Data Controller for defence in court or in the preparatory stages of possible legal action, in the event of abuse or violations committed by the User. The User also declares that he/she is aware that the Data Controller may be required to disclose such information upon request by the public authorities.
Document updated on 30/04/2020
1. What is the purpose of this notice?
2. Using technology to acquire information stored in the terminal equipment of the Users ("Cookies Notice")
We have prepared the following Cookies Policy to describe the types of cookies and other technology used on our website and our platform and to describe the reasons and conditions for the use of these cookies. Please note that we cannot offer our Services without sending some of our cookies and/or similar technologies to your device. Therefore you authorise us to use "Il Nocciolaio" cookies when you use our Website and our Services. However, you can avoid some cookies by configuring the settings of your browser or refusing third-parties directly, as specified in detail below.
3. What are cookies?
4. The Collection and Use of Data
What data do they collect?
As with all Websites, this Website also utilises log files in which information garnered from User's visits is automatically collected and stored. The information collected could include the following:
- Internet Protocol (IP) address;
- type of browser and device parameters used to connect to the Website;
- name of the Internet Service Provider (ISP);
- date and time of the visit;
- the web page of origin of the visitor (referral) and exit;
- the number of clicks, where applicable.
The information listed here is processed automatically and collected in an exclusively aggregated form in order to verify the correct functioning of the Website, as well as for security reasons.
Cookies for navigation, security, etc., which contribute to the functioning of the website, for example, they give you the opportunity to navigate between pages or access protected areas. If these cookies are blocked, the website cannot function properly.
Cookies for functionality, location, etc., which allow you to store information that changes the behaviour or appearance of the website (preferred language, the geographical area in which you are located). If these cookies are blocked, the browsing experience is not compromised.
Statistical/analytic cookies, first-party or third-party with IP masking, without data cross-referencing (the purpose of which are similar to technical cookies), serves to collect information and generate statistics on the use of the website to understand how visitors interact.
Third-party statistical/analytic cookies without IP masking, with data crossing, are used to collect information, generate usage statistics, with possible identification and tracking of the website user, in order to understand how visitors interact.
Profiling, advertising, tracking or conversion cookies for the selection of advertising based on what is relevant for a user (personalised ads). Profiling cookies are designed to create users' profiles and are used in order to send advertising messages in line with the preferences shown by the users browsing the internet.
5. Classification of Cookies
For the origin:
Technical Cookies and Third Party Cookies
For the duration:
Session cookies and persistent cookies
Our website can send session and persistent cookies to your device. While the difference between a Technical cookie and a third-party cookie concerns the person who controls the initial sending of the cookie on your device, the difference between a session cookie and a persistent cookie regards the different period of time for which a cookie operates. Session cookies are cookies that typically last until you close your internet browser. When your browser session ends, the cookie expires. Persistent cookies, as the name itself indicates, are constant cookies and continue to operate after you close your browser. This allows faster and easier access to our website. For example, a persistent cookie that our website reads from your device is the language chosen for navigation. After the cookie is sent, you can be automatically directed to the website in the chosen language when you access the Website in the future.
6. The main cookies used by the website www.ilnocciolaio.it
Our website can send you cookies and similar technologies in different ways and for different purposes. Typically, these purposes include:
• to simplify your use of our website and our services;
• to monitor, analyse and improve the functioning and efficiency of our Website and our Services;
Preliminarily it should be noted that this website is equipped with tools that reduce the identifying power of Cookies and therefore, the third party does not cross-reference the information collected with other information it already possesses.
Website cookies are cookies sent by the "Il Nocciolaio" servers to allow the use of the Website. These cookies are generally kept on your browser and do not expire at the end of your session. User tracking cookies are Technical cookies that track user ID and settings when visiting and using the Website. We consider these cookies useful for the operation of our website and we can send them to your device to improve the use of our website and our services.
However, it should be noted that this website is equipped with tools that reduce the identifying power of Cookies and therefore, the third party does not cross-reference the information collected with other information it already possesses.
Google Analytics and Google Maps cookies
We use Google Analytics, a web analytics service provided by Google that sends cookies to your device. The information generated by the cookie upon your use of the Website (including the IP address, which indicates your identification on the internet) is not transmitted to Google as this site is equipped with tools that reduce the identifying power of cookies and, in any case, any data that is transmitted is stored by Google on servers in the United States. Google uses this information to evaluate your use of the website, to prepare reports on website activity for website operators, and to provide other services related to website activity and Internet use. Google may also transfer this information to third parties if required by law or if third parties process this information on behalf of Google. Google does not associate your IP address with any other data that Google possesses because this website, as mentioned above, is equipped with tools that reduce the identification power of analytical cookies. Google is the relevant Data Controller.
For more information on Google Analytics, see the Google Analytics Cookie Usage page on Websites:
For more information on Google Maps, see the Google on Websites page:
These cookies allow us and third parties to anonymously identify what users consider popular, allowing a more personalised and relevant selection of advertisements to be displayed when surfing the internet. These cookies allow you to build an overall picture, always in an anonymous form, of the preferences of individuals based on how they surfed the internet, in order to provide more relevant advertising. Our website makes use of the Google Analytics Remarketing features, these features allow you to show advertisements based on the User's personal interests, identified through an analysis of the User's behaviour on the web, be it on a mobile device or other devices. As required by current privacy legislation, prior consent is needed to install these cookies, used by google.com for advertising on the web. They are stored in browsers under the doubleclick.net domain and are used to show more relevant ads.
For convenience and further transparency, the web addresses of the pages containing information on how to manage "third party" cookies are shown below:
IDE and is stored in browsers under the Doubleclick domain: a Third Party cookie, see the reference information on this point, https://www.google.com/policies/technologies/cookies/
Third-party cookies in general
The presence of these plugins could, therefore, involve the transmission of cookies to and from all the websites managed by these "third parties".
LIST of the main cookies used on our website
Third-party tracking cookies (Google Analytics) used for the analysis of visits.
technical cookies for the proper functioning of the website
To measure the effectiveness of online marketing campaigns:
Google advertising cookies used to monitor users and for the targeting of ads
To measure the effectiveness of online marketing campaigns.
Stores the preferences and user information every time they visit web pages that contain Google services.
The User can decide whether to accept cookies using the settings on their browser.
Warning: the total or partial disabling of technical cookies may compromise the use of the site features reserved for registered users. Nonetheless, public contents can still be used when cookies are completely disabled.
Disabling "third-party" cookies does not affect the browsing experience in any way.
As specified above, we are unable to offer you our Services without the "Il Nocciolaio" cookies. If you do not wish to receive third-party cookies on your device, many of these offer the possibility of excluding them from being sent.
How to disable cookies from the main browsers?
Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. Cookies stored on the hard drive of your device can still be deleted, and you can disable cookies by following the instructions provided by the main browsers.
To do this, access the "Preferences" of your browser. For information on how to change the cookie settings, select the browser you are using below:
- Internet Explorer
- cookies with data compiled by the User (session ID), for the duration of a session or persistent cookies limited to a few hours in some cases;
- authentication cookies, used for authenticated services, for the duration of a session;
- security cookies focused on users, used to detect abuses of authentication, for a limited persistent duration;
- session cookies for media players, such as cookies for "flash" readers, for the duration of a session;
- session cookies for load balancing, for the duration of a session;
- persistent cookies for customising the user interface, for the duration of a session (or a little longer);
- cookies for content-sharing through social plugins of third parties, for members of a social network who have logged on.
8. Rights of the Data Subject
Pursuant to EU Regulation 2016/679 ("GDPR"), data subjects have the right, at any time, to obtain confirmation of the existence or otherwise of this data and to know its content and origin, verify its accuracy or request its integration, updating or rectification.
Furthermore, data subjects have the right to request the deletion, restriction of processing, portability of data and to lodge a complaint with the supervisory authority and to oppose in any case, for legitimate reasons, to the data processing (Articles 17 et seq. of the GDPR).
"Il Nocciolaio" reserves the right to make changes to the Website, to this Cookies Notice published anywhere on the Website, at any time. Upon consultation, the User must always refer to the published text as the applicable version.
The changes will be effective once they are published on the Website. Continued use of the Website by users, following a change, will be considered as acceptance of such changes.
All users can check, by accessing the Website, the latest version of the Cookies Notice, at any time, as updated from time to time by “Il Nocciolaio”.
Document updated on 30/04/2020