Privacy Policy

Expired

Info Hits: 75

About the company and the site

Introduction

This is the privacy policy for https://sicilianfoodshop.com

The data controller on this site is

Bloweb agency by Mariano Macaluso

via primo Carnera, 2 - Capaci

This email address is being protected from spambots. You need JavaScript enabled to view it.

3408247952

Data Protection Office

You can contact our data protection officer at: This email address is being protected from spambots. You need JavaScript enabled to view it.

The protection of your personal data is of particular concern to us. We treat the personal data provided by you in the context of the use of our website and services confidentially and in accordance with the applicable data protection laws and this privacy policy.

Below, we inform you in detail about which personal data we collect, for what purposes it is used, with whom we share the data and what privacy rights you may be entitled to

Definitions

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Legal basis means a lawful ground for processing data under applicable privacy laws.

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or by reference, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The terms personal data and personal information have been used interchangeably in this Privacy Policy.

The Privacy Policy refers to the current policy designed to inform you about how our website collects, stores, protects, processes, discloses and maintains your personal data.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, including controllers and processors.

Sensitive personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Service providers are entities to whom data is disclosed and the data processing is carried out by the service provider on our behalf in accordance with the provisions of the data processing contract/agreement signed with them.

Scope

Under most privacy laws, a controller is the entity that determines the purposes and means of the processing of personal data. A processor, on the other hand, processes personal data on behalf of the controller. This Privacy Policy applies when we are the controller of your personal data, meaning we determine the purposes and means of the processing of your personal data for our own purposes (unless a different privacy policy is displayed when we collect your personal data).

We act as a data controller for the purposes of the personal information you provide when using our website. For example, when you visit our website, interact with our representative, register for a webinar, or sign up to receive marketing communications. We are the data controller for the activities mentioned in the data processing activities mentioned in this Privacy Policy. It is important to note that this Privacy Policy does not cover how we process personal information on behalf of our clients.

If you are a data subject using or have used our product or service in another domain controlled by another organization or your personal data has been collected and processed by an organization using our services and you have questions or concerns about the personal data held about you, please direct your request to the relevant organization. This is because we cannot respond directly to your request as your personal data is owned by the relevant organization and in that case we do not control the processing of your personal data. As data processors, we process this personal data under our contract with our customer and under relevant privacy laws, we are not free to independently take any action regarding the personal data we collect, process or hold on their behalf without their permission and instructions. This Privacy Policy does not apply to third-party websites, services or applications, even if accessible through our Services.

Data processing activities

We collect some personal information to provide specific services and features on our website.

The following sections describe the different data processing activities we carry out on our website. The information reflects in particular the purposes of the processing, which personal data we process for this purpose and the legal basis for the processing.

Informational use of our site

a) If you visit our website for informational purposes only, i.e. you browse our website without providing any specific personal data, we will process the following information about you. The information may include a limited amount of personal data:

IP address
Referrer URL
Browser information
Device information
Data and time of the user request
ADVERTISING_IDENTIFIER
Geographic coordinates
Access time

This information is processed to enable you to use our website (e.g. by adapting our website to the needs of your device or browser).

The legal basis for this data processing is the performance of the contract, Art. 6 para. 1 sentence 1 lit. b GDPR, as we need the information for the effective provision of our website and to provide you with the services of our website at your request. Without the processing of the above-mentioned personal data, we will not be able to carry out the communication on the network and provide you with the functions required by our website.

We retain this personal data for 2 years.

Users can create a user account on sicilianfoodshop.com

a) You have the option to register for a user account on our website. During registration, we will process the following personal data about you:

First name
Last name
Email address
Address
Payment information

b) The lawfulness of this data processing is "performance of the contract" stems from Art. 6 para. 1 sentence 1 lit. b GDPR. The processing is necessary for the effective provision and administration of your user account. Without providing the data required for registration, it is not possible to create a user account on our website.

We store your personal data as long as you do not have a user account with us.

c) Users can contact you to request deletion.

Users can contact you via the contact form

You can contact us using the contact details provided on the website. If you contact us, we will process the content of your request, your name, your email address or telephone number, if applicable, our answers and all information that you voluntarily provide to us in the context of the request in order to be able to adequately handle your request.

You can also contact us via the contact form on our website. In this case, we collect the following personal data:

We will process this data as well as the content of your request, our answers and all information that you voluntarily provide to us in the context of the request in order to be able to adequately handle your request.

The lawfulness of this data processing is "legitimate interests" (results from Art. 6 para. 1 sentence 1 lit. b, f GDPR), as this data processing is necessary to ensure proper contact and the provision of customer service. This provision of adequate customer service is our legitimate interest that requires us to process your personal data.

We will retain your data for as long as it is necessary to properly process your request. It will then be deleted, unless a longer retention is required or justified by law.

The retention period for personal data processed for the processing of your request is:
2 years
It will then be deleted, unless a longer retention is required or justified by law.

You have the right to object to processing based on our legitimate interests. As a consequence of any valid objection, we will no longer process your data unless we have sufficiently compelling and legitimate grounds for the processing.

Users can subscribe to a newsletter

a) You can register for our newsletter on our website. During the registration process, we collect the following personal data:

First name
Surname
Email address

We process this data to provide you with the newsletter. The data processing is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). The consent is voluntary. You can revoke your consent at any time without giving reasons with effect for the future. To do so, simply click on the "Unsubscribe" link included in each newsletter or send us an e-mail.

b) We will store your data for as long as you are subscribed to the newsletter. Afterwards, they will be deleted, unless longer storage is required or justified by law. After you have unsubscribed from the newsletter, we will retain the information strictly necessary to ensure that we respect your newsletter subscription preferences in the future.

c) The retention period of personal data is: for as long as necessary for the purpose

Subsequently, it will be deleted, unless a longer retention is required or justified by law.

The website provides a blog

Our website includes a blog in which we regularly publish posts. You can comment on the effect on our blog. In this case, we will process the following personal data about you:

We process this data to enable you to participate in the blog. Therefore, the processing is necessary to provide this service. The legal basis for this data processing is the performance of the contract (Art. 6 para. 1 sentence 1 lit. b GDPR). Without the processing of your data, we cannot enable you to participate in the blog.
When you post a comment, the following information will be visible to other users of our website:
You must create a user account to post on our website.
You can post comments on the blog without a user account.
Please note that once you publish a post on your website, you will not be able to delete it.
The retention period of personal data is: 2 years.

Subsequently, it will be deleted, unless longer storage is required or justified by law.

No processing of personal data of minors

We do not knowingly collect or solicit personal data from anyone under the age of 16. The Website is not directed to children under the age of 16. If we learn that we have collected personal data from a child under 16 without parental consent, we will delete that information as quickly as possible. If you believe we might have personal data from or about a child under 16, please contact us using the contact details set out in this policy.

No processing of sensitive personal data

We do not knowingly collect or process sensitive personal data.

No processing of personal data relating to criminal convictions and offences

We do not knowingly collect or process personal data relating to criminal convictions and offences.

No processing for automated individual decision-making including profiling

We do not knowingly collect or process personal data for automated individual decision-making, including profiling.

Cookie

Use of Cookies and other Web Technologies

Cookies and similar tracking technologies are small text files placed on your computer or mobile device (terminal equipment) to collect, store and use information about you when you visit our website. Similar tracking technologies may include local storage objects or flash cookies, software development kits, pixel trackers or device fingerprinting technologies. This website uses cookies and similar tracking technologies (“cookies”). There are different types of cookies:

Cookies can be classified as first-party or third-party cookies. A cookie set by our website, i.e. the host domain, is a first-party cookie. For the first-party cookie, we are the controller of the personal data. A third-party cookie is one set by a different domain, i.e. a domain other than the one you can see in the address bar. Such cookies may be related to advertising or social media plug-ins enabled for the website.

We place both session cookies and persistent cookies on your device. The session cookie expires at the end of a browsing session. Persistent cookies persist beyond the end of your browsing session and retain personal information. Retention periods for persistent cookies are listed with them.

This website uses essential and non-essential cookies.

Essential Cookies

Essential cookies include technical cookies whose sole purpose is to carry out the transmission of a communication over a network, for example to identify communication endpoints. Essential cookies include cookies with the ability to route information over the network, exchange data elements in the expected order and detect transmission errors or data losses. Essential cookies also include cookies, which are strictly necessary to provide the service or functionality explicitly requested by the user when visiting our website. Essential cookies do not simply integrate the functionality of our website, but are actually strictly necessary to provide you with the service explicitly requested by you and without essential cookies, the service requested by the user cannot be provided. Essential cookies will always remain activated.

Non-essential cookies

For the use of non-essential cookies on this website, we need your consent if you are a protected data subject under an opt-in privacy regulation (privacy regulations that require us to obtain your consent for the use of non-essential cookies, for example if provided by the European Union). You have the right to refuse the use of non-essential cookies and to withdraw your consent once given at any time by updating your cookie preferences via the Manage Cookie Preferences .

For data subjects in opt-out jurisdictions, we assume your consent to the use of non-essential cookies unless you opt-out of non-essential cookies. You can unsubscribe at any time.

Data Sharing

Condivisione delle informazioni personali con i fornitori dSharing personal information with service providersi servizi

We do not interact with service providers for the processing of personal data in relation to the site and/or the functions/services of the website.

Third party recipients of your personal data

There are no recipients of the data located in countries outside the European Union and do not have access to personal data from a country outside the European Union.

International data transfer

No recipients of the data (service providers or third-party recipients) are located in countries outside the European Union and/or the recipients of the data access the personal data from a country outside the European Union.

Data Privacy Framework

This DPF Statement supplements and should be read in conjunction with our general privacy notice, which outlines the categories of personal data collected and processed by us, the purposes for such collection and processing, and the third parties with whom the personal data is shared along with the purposes.

Our organization complies with the EU-US Data Privacy Framework (EU-US) DPF), the UK extension to the EU-US DPF, and the Swiss-US Data Protection Framework (Swiss-US) DPF as set forth by the U.S. Department of Commerce. Our organization has certified to the U.S. Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US) DPF Principles with respect to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK extension to the EU-US DPF. Our organization has certified to the U.S. Department of Commerce that it adheres to the Swiss-US Data Protection Framework Principles (Swiss-US DPF Principles) regarding the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is a conflict between the terms of this privacy notice and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles will govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, visit https://www.dataprivacyframework.gov/.

Our organization lists the following U.S. entities or affiliates in its self-certification that also adhere to the DPF Principles:

In accordance with the EU-US DPF, the UK extension to the EU-US DPF, and the Swiss-US DPF, our organization is committed to resolving complaints about the DPF Principles about our collection and use of your personal information. Individuals from the affected regions who have questions or complaints about our handling of personal data received in reliance on the EU-US DPF, the UK extension to the EU-US DPF and Switzerland-US DPF should first contact us at the following contact details:

Postal address: Via Primo Carnera, 2 / Capaci - Palermo

Contact number: +393408247952

Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

Link to the complaints portal: https://sicilianfoodshop.com

Such individuals may also contact al, in relation to their requests or complaints.

In addition, in accordance with EU Data Protection Authorities (DPAs) and the UK Information Commissioner's Office (ICO), the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), our organisation is committed to cooperate with and comply with the advice of the European Data Protection Authorities will act as a relevant independent redress mechanism for HR data, but not for non-HR data covered by our organisation's self-certification in respect of unresolved complaints regarding our handling of HR data received in reliance on EU Data Protection Authorities (DPAs) and the UK Information Commissioner's Office (ICO), the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) in the context of the employment relationship.

If your complaint cannot be resolved through the channels specified above, under certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means. For more information, see this DPF webpage: https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2 .

Individuals whose personal data is covered by the scope of this DPF have the right to access their personal data processed by us and to further correct, amend or delete such information where it is inaccurate or has been processed in breach of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.

In addition, our organisation offers individuals the following specified means to limit the use and disclosure of their personal data.

Opt-in or opt-out buttons.

The Federal Trade Commission and the U.S. Department of Transportation each have jurisdiction over our organization's compliance with the EU-US DPF, the UK extension to the EU-US DPF, and the Swiss-US DPF

Please also note that we may be required to disclose personal data in response to lawful requests by authorities, including to meet national public safety or law enforcement requirements.

Additionally, to the extent specified in the DPF, our organization may be liable if a third party engaged by us to process personal data on our behalf carries out the processing inconsistently with our obligations under the DPF, unless our organization establishes that it is not responsible for the matter giving rise to the damage.

UK DPA

Operando a livello globale, possiamo trasferire dati personali dal Regno Unito agli Stati Uniti e ad altri Paesi, compresi i dati personali che riceviamo da persone residenti nel Regno Unito o da coloro che sono protetti dal Data Protection Act 2018 del Regno Unito e visitano il nostro sito Web e/o che possono utilizzare i nostri servizi o interagire in altro modo con noi. Quando effettuiamo tali trasferimenti di dati personali, ci affidiamo ai seguenti meccanismi di trasferimento:

Adequacy decision for the transfer of personal data to the European Economic Area countries, the EFTA States and any country covered by an adequacy decision of the European Commission as of 31 December 2020.
Standard data protection clauses for data transfers to non-adequate jurisdictions such as the United States are complemented by additional safeguards to protect personal data.
In the absence of adequacy decisions and standard data protection clauses, we implement appropriate safeguards depending on the circumstances that ensure the protection of the rights and freedoms of individuals with respect to their personal data.

We also conduct transfer risk assessments to determine the level of protection afforded to data subjects protected by the UK Data Protection Act 2018 by the receiving entity and continuously monitor the circumstances surrounding such transfers to ensure that they maintain, in practice, a level of protection essentially equivalent to that afforded by the UK Data Protection Act 2018.

Data retention

How long do we retain your personal data?

Unless otherwise stated in this privacy policy, we only store your personal data for as long as is necessary for the respective purpose. We will then delete your data, unless we are legally permitted or obliged to store it further.

We ensure that the period for which your personal data is stored by us is limited to a strict minimum, reasonably necessary and proportionate to achieve the purposes for which the personal information was collected. The following criteria help us determine the data retention periods for the respective data processing purposes:

The category of personal data,
The relevant purpose of data processing,
Regardless of whether the data is needed longer than the purposes for which it was collected or otherwise processed,
If personal data is typically deleted on specific schedules,
The terms of the contract entered into with you, if any,
Revocation of consent in case of data processing activity based on consent,
If you have objected to the processing of your data,
Personal data may continue to be processed if there is a current or legal interest in retaining the information, for example to establish, assert or defend a legal claim and not a hypothetical future interest,
Personal data may be stored for longer periods if processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. In such cases, appropriate technical and organizational measures will be implemented to protect the personal data and the rights and freedoms of the user,
Any legal requirement to retain personal data and whether or not there is a law enforcement order not to delete personal data and the retention of data is necessary to submit to law enforcement in response to a subpoena, order or warrant issued by the court or the personal data is necessary for us to comply with our legal obligations, and
Regardless of whether the personal data is in anonymous or aggregate form.

Please refer to the Data Processing Activities section to learn the exact retention period for different categories of personal data and/or different processing purposes.

Data Security

How we protect your personal dataersonali

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

Your rights

Depending on the circumstances, you may have the right to exercise some or all of the following rights:

1. Obtain confirmation as to whether or not personal data concerning you are being processed and access to a copy of the personal data undergoing processing.

1. request (i) access to and/or duplicates of your personal data held by us, (ii) receive the personal data you have provided to us, in a structured, commonly used and machine-readable format and (iii) to transmit those personal data to another controller without hindrance from us; technically feasible, you will have the right to have the personal data transmitted directly from us to another controller;

2. request rectification, erasure or restriction of your personal data;

3. Where the data processing is based on your consent, refuse to provide it and — without any impact on data processing activities that took place before such withdrawal — withdraw your consent to the processing of your personal data at any time;

4. take legal action in relation to any potential violation of your rights regarding the processing of your personal data, as well as lodge complaints with the competent data protection authorities;

5. not be subject to any automated decision-making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of evaluating various personal aspects) which produce legal effects on you or similarly affect you.

Furthermore, you may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including objection to direct marketing and automated individual decision-making, including profiling. In this case, please provide us with information about your particular situation. After assessing the facts presented by you, we will stop processing your personal data or present you with our compelling legitimate grounds for continued processing.

To enable efficient processing of requests relating to the above rights or any questions or complaints regarding our data processing, please use the data subject rights portal.

You also have the right to lodge a complaint with the supervisory authority in your country.

Updates to this Policy

From time to time, request this Privacy Policy. If we change our Privacy Policy, we will post the revised version here, with an updated revision date. You agree to periodically visit these pages to learn about and review such revisions. If we make material changes to our Privacy Policy, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our websites or by sending you a notification. By continuing to use our website after such revisions become effective, you accept and agree to the revisions and abide by them.

This Privacy Policy was last updated on May 20, 2024