Information request form – Processing

of personal data

Pursuant to Regulation (EU) 2016/679, this page describes the methods of processing of

personal data communicated by the person concerned through the “Contacts” form present on

all pages of the website www.cdrfoodlab.com.

This information does not concern other sites, pages or online services that can be reached via

hypertext links that may be published on our website.

Data controller

The data controller is CDR s.r.l. with headquarters in Via degli Artigiani, 6 – 50055 Ginestra

Fiorentina (FI).

E-mail cdr@cdr-mediared.it

Data protection officer

CDR s.r.l does not require the figure of the Data Protection Manager pursuant to art. 37 of

the EU Regulation 679/2016.

Purpose, legal basis and mandatory or optional nature of the processing

The Personal Data provided by the interested party by completing the “Contact” form will be

processed by the Data Controller for the purpose of managing requests (merely for example to

respond to requests for information, etc.).

The personal data subject to processing is solely that provided by the data subject when

sending messages via the Form.

The provision of personal data (company, first name, surname, mobile number, e-mail and

message) is optional. In the absence of such transfer, the Data Controller will not be able to

respond to the requests received.

Regarding the use of cookies by the Site, please refer to the “Cookie Policy” accessible via the

“Privacy” link in all sections of the Site.

Types of data processed and purpose of processing

Data communicated by the user

The personal data provided directly by the interested party, by filling in the “Contacts” form,

involves acquisition of the same data.

Personal data processing method

The data collected is processed using IT tools and only on a residual basis using paper-based

methods.

For the processing of data related to the services of the website the Data Controller uses

servers located within the European territory and IT systems located at the Data Controller’s

headquarters. Its transfer abroad is not envisaged.

Adequate technical and organisational measures are taken to guarantee an adequate level of

security and the prevent the loss of data, illicit or incorrect uses and unauthorised accesses.

The data provided directly by the interested party is kept for the entire duration of the

contractual relationship and according to legal obligations.

Data recipients

Your data may be communicated to, or may become known to, the employees or collaborators

of our company, expressly designated by us as “authorised to process” and /or appointed as

“external processing manager” (e.g. the provider of the web platform development and

maintenance services).

Rights of interested parties.

Interested parties have the right to obtain from Conceria Tempesti Spa access to personal

data in the cases provided for, and also the correction or deletion of the same or the limitation

of the processing that concerns them or to object to the processing and portability of data

(arts. 15 and following of the Regulation).

Requests should be sent to cdr@cdr-mediared.it

Right to complain

Interested parties who believe that the processing of personal data referring to them carried

out through this site is in violation of the provisions of the Regulation may lodge a complaint

with the Guarantor, as provided for by art. 77 of the same Regulation, or take the appropriate

legal action (art. 79 of the Regulation).

Marketing/Profiling Cookies

Privacy Disclaimer

This page describes how the website www.cdrfoodlab.com owned by CDR S.r.l. as Data

Controller is managed in relation to the processing of personal data of users who consult it

and as such represents a Privacy Disclaimer.

The Data Controller takes very seriously the protection and protection of the personal data of

its users. The processing is based on the principles of correctness, lawfulness, transparency

and protection of confidentiality in compliance with Legislative Decree 196/2003 and with the

European Regulation 2016/679 (hereafter GDPR 2016/679).

1. Data Controller

The data controller is CDR srl, with headquarters in Via degli Artigiani, 6 – Ginestra Fiorentina

50055 Lastra a Signa – Florence

2. Data processing address

The processings linked to the services of this website take place at the headquarters of CDR

srl and are only handled by the technical staff in charge of processing. The server that hosts

www.cdrfoodlab.com, owned by CDR S.r.l., is located in housing at Aste Giudiziarie Inlinea

S.p.A., with registered office at via delle Grazie 5, 57125, Livorno. No data deriving from the

web service is disseminated. The personal data provided by users who sent requests is used

only to perform the service or provision requested.

3. Types of data processed

Browsing data

During normal operation, the IT systems and software procedures involved in operation of this

portal collect certain personal data, the transmission of which is implicit in the use of Internet

communication protocols.

This is information that is not collected to be associated with identified interested parties but

which, by its very nature, could, through processing and association with data held by third

parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users

who connect to the website, the addresses in the Uniform Resource Identifier (URI) notation

of the requested resources, the time of the request, the method used to submit the request to

the server, the size of the file obtained in response, the numerical code indicating the status of

the response given by the server (success, error, etc.) and other parameters relating to the

operating system and to the user’s IT environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the

use of the website and to check its correct functioning and is deleted immediately after

processing. The data could be used to ascertain responsibility in case of hypothetical computer

crimes against the website.

Our website uses cookies. By browsing our websites and accepting the terms of this

disclaimer, you are consenting to the use of cookies in accordance with the terms and

conditions of the information itself.

What are cookies

Cookies are small data files that the websites visited by the user send to their terminal or

device, where they can be deleted at the end of each work session or stored to be re-

transmitted to the same websites upon subsequent visit of the same user. Cookies allow a

website to recognise the user’s device, to track their browsing through the different pages of

the website and to identify users who visit the website again.

There are different types of cookies:

Technical cookies that include:

 Browsing and session cookies that guarantee normal browsing on the website (e.g.

they allow authentication for access to restricted areas);

 Functionality cookies that make browsing easier for the user by storing the choices

made, e.g. language chosen);

 Analytical cookies that are used to process aggregate statistical analysis on how users

browse the website, the number of pages visited, the number of clicks made on a

page, etc.

Profiling cookies that allow the creation of profiles related to the tastes, choices and

propensities expressed by the user during browsing and which are subsequently used to send

advertising messages in line with their preferences.

The profiling cookies used on this website are exclusively those of third parties

Third-Party Cookies

In the course of browsing the website, users may receive cookies from different websites or

from web servers (so-called “third-party” cookies) on their terminals: this happens because

the website may contain elements such as, for example, images, maps, sounds and specific

links to web pages of other domains that reside on servers other than the one on which the

requested page is located. In other words, these cookies are set directly by managers of

websites or servers other than those of the website.

These cookies can be sent to the user’s browser by third-party companies directly from their

websites which can be accessed by browsing from the Foodlab Website. In such cases,

Foodlab is not involved in the operation of these cookies, the sending of which is the

responsibility of such third-party companies. This is in fact clarified by the Privacy Guarantor:

“The obligation to inform the user about the use of cookies and to possibly acquire prior

consent lies with the operator of the website that uses them, as the data controller. If a

website also allows the transmission of “third-party” cookies, the information and the

acquisition of consent are normally the responsibility of the third party. The user must be

adequately informed, albeit with the simplified procedures provided for by law, when

accessing the website that allows the storage of third-party cookies, or when accessing the

contents provided by third parties and in any event before cookies are downloaded onto their

terminal”.

Precisely for the purpose of transparency of the information requested from the operators of

the “first-party website” (i.e. the website as managed by Foodlab”) where “third-party

cookies” operate, we inform you that the following third-party cookies are operational on the

website:

Google Analytics

Thus website uses Google Analytics, a web analysis service provided by Google Inc.

(“Google”). Google Analytics uses cookies which are text files placed on your computer to

allow the website to analyse how users use the website. The information generated by the

cookies about your use of the website (including your anonymous IP address) will be

transmitted to and stored by Google on servers in the United States. Google will use this

information for the purpose of examining your use of the website, compiling reports on

website activity for website operators and providing other services relating to website activity

and Internet usage. Google may also transfer this information to third parties where required

to do so by law or where such third parties process the information on Google’s behalf. Google

will not associate your IP address with any other data held by Google.

This cookie is not a tool that we own. For further information it is therefore possible to consult

the information provided by Google at the following address:

https://policies.google.com/privacy

If you would prefer Google Analytics not to use the data collected in any way, you can:

use anonymous browsing (Do Not Track potion) from your browser. To learn how to activate

the option on the main search engines click on the browser that uses Internet Explorer,

Google Chrome, Mozzilla Firefox or Apple Safari.

You can refuse to use cookies by selecting the appropriate settings on your browser, but doing

so may impede the ability to use all the functions of this website. By browsing the pages of

the website, you are consenting to the processing of data by Google in the manner and for the

purposes set out above.

You can prevent Google from detecting a cookie that is generated and linked to its use of this

website (including your IP address) by downloading and installing this browser

plugin: https://tools.google.com/dlpage/gaoptout?hl=en

Embedded Contents

cdrfoodlab.com sometimes uses YouTube videos, social media content on Twitter, Facebook,

Google+, LinkedIn and, in general, elements based on the possible embeddable content of

other platforms. cdrfoodlab.com cannot control cookies that these third-party websites provide

and for this reason it is advisable to obtain information directly from each third party to ensure

greater control over these cookies. Below are a number of links that are useful for the privacy

cookies of the cited third parties:

 Facebook https://www.facebook.com/help/cookies/

 Twitter https://twitter.com/privacy?lang=en

 Youtube https://www.google.it/intl/it/policies/privacy/

 Google+ https://www.google.com/policies/technologies/types

 LinkedIn https://www.linkedin.com/legal/privacy-policy

Cookie Block/Management

It is possible to configure your browser to accept all cookies, to reject them all or to be

notified when the cookie is set. Each browser is different and so it is advisable to check the

procedures in the browser guide to change your cookie preferences.

E.g.:

Delete/disable cookies with Firefox: http://support.mozilla.com/it/kb/Eliminare%20i%20cookie

Delete/disable cookies with Edge: https://support.microsoft.com/it-it/help/4027947/windows-

delete-cookies

Delete/disable cookies with Chrome:

http://support.google.com/chrome/bin/answer.py?hl=it&answer=95647

Data provided voluntarily

Apart from what is specified for the browsing data necessary to implement the computer and

data protocols, the provision of personal data by users is free and optional, although

functional to the provision of certain services: in these cases, therefore, the failure to provide

data may compromise or make it impossible to provide the service.

Personal data that voluntarily interacts with the website, conferred for the obtaining of certain

services (registration with the website, registration for events/competitions with prizes,

requests for information, the sending of e-mails) is only used to perform the service or

provision requested and is only communicated to third parties if this is strictly necessary for

implementation of the service.

The provision of data for direct marketing and/or profiling purposes is optional and the user is

free to provide their consent for such processing.

This consent may be revoked at any time by going to the website and clicking on the

appropriate link in the foot of the “Cookie Policy” website.

For the processing of personal data that consists of sending e-mail newsletters as well as

informative material relating to the services offered by the data controller, consent can be

revoked by clicking on the link “Unsubscribe” at the bottom of each e-mail.

Children under 16 may not provide personal data. The Data Controller will not in no way be

responsible for any false statements that may be provided by a minor and, in any case, if the

former ascertains the falsity of the statements, any personal data of any material acquired will

immediately be deleted. The Data Controller will provide, to the subject holding parental

authority or to the legal guardian, requests concerning the personal data of minors.

4. Aims of the processing and purposes of technical

session cookies.

The data provided voluntarily by users of the website is processed for the following purposes:

 to respond to the request for offer and information from the user

 to subscribe to the newsletter

 to process statistics anonymously

 subject to explicit user consent, to perform direct marketing and/or profiling activities

with automated tools

 to comply with legal obligations and with the provisions of the competent Authorities.

5. Mode of expression of consent

The consent to the processing of personal data through non-technical cookies can be

expressed by clicking on a specific box contained within a banner.

6.Mode of processing and retention

The processing will be carried out in an automated and/or manual mode, with methods and

tools, in compliance with the security measures set forth in art. 32 of the GDPR 2016/679 and

in Italian Legislative Decree 196/2003, by specifically authorised subjects, in compliance with

the provisions of art. 29 of the GDPR 2016/679.

In compliance with the principles of lawfulness, purpose limitation and data minimisation,

pursuant to art. 5 of the GDPR 2016/679, the retention period of personal data is established

for a period of time not exceeding the achievement of the purposes for which it is collected

and processed and in compliance with the times prescribed by law and, however, as long as

the interested party decides not to cancel the services offered by the data controller.

7. Retention period of personal data

The personal data processed and stored for all the purposes referred to in this statement is

processed and stored for a period not exceeding 12 months starting from the date of the

individual collection; the Data Controller reserves the right, in any case, to request that the

interested party renews their consent to the processing and/or verifies the consents already

expressed.

8. Place of processing

Personal data will be processed at the legal and operational headquarters of the Data

Controller

9. Communication and dissemination of personal

data

Personal data may be communicated to:

 Couriers, shippers or third parties in charge of any packaging, shipping and/or delivery

of any material requested through the website;

 Companies, consultants, professionals, natural/legal persons, if communication is

necessary or functional to the correct fulfilment of contractual obligations assumed as

well as of the legal requirements.

 Companies that offer information company services, including, in particular, those that

offer hosting services.

 All those subjects who have access to personal data under regulatory or administrative

provisions.

 No personal data will be processed without the user’s prior consent.

10. Data transfer

The Data Controller does not transfer data to third countries

11.Revocation of consent

With reference to art. 23 of Legislative Decree 196/2003 and to art. 6 of the GDPR 679/2016,

the interested party can withdraw their consent at any time.

12. Rights of the interested party

At any time the user may exercise, pursuant to art. 7 of the privacy code and to arts 15-22 of

the GDPR 2016/67, the right to:

a. Request confirmation of the existence or not of personal data;

b. Obtain information regarding the purposes of the processing, the categories of personal

data, the recipients or categories of recipients to whom the data was or will be communicated

and, when possible, the retention period;

c. Obtain data correction and deletion;

d. Obtain processing limitation;

e. Obtain data portability, i.e. to receive it from a data controller, in a structure format,

commonly used and readable by an automatic device, and to transmit it to another data

controller without hindrance;

f. Oppose the processing any time and also in the case of processing for direct marketing

and/or profiling purposes;

g. Oppose an automated decision-making process concerning individuals, including profiling;

h. Right to propose a complaint to the relevant Supervisory Authority.

The user may exercise their rights by writing to the Data Controller at the following address:

CDR srl, with headquarters at Via degli Artigiani, 6 – Ginestra Fiorentina – 50055 Lastra a

Signa (Florence)

Telephone: +39 055 871 431

Fax: +39 055871422 E-mail: privacy@cdr-mediared.it

Modifications to this Privacy Policy

The Data Controller reserves the right to make changes to this privacy disclosure at any time

by giving notice to Users on this page. Please, therefore, consult this page often, using as a

reference the date of last modification indicated at the bottom.

Last update: 28.07.2021