Buongourmet Limited (“T.O.S. S.r.l.s.”) is committed to protecting the privacy of users of this website (the “Website“) and will do everything in its power to ensure that users’ Personal Data is treated with respect to their fundamental rights and freedoms as well as personal dignity, with particular reference to confidentiality.
We may require users to provide certain personal information and details in order to provide our services, and we would therefore like to explain the procedures and ways in which we handle data supplied to us.
In general, any information and data which you provide, or which is otherwise gathered by us in the context of the Website, will be used by T.O.S. S.r.l.s. in compliance with Regulation (EU) 2016/679 (“GDPR“).
This means, in particular, that any Personal Data processing carried out by T.O.S. S.r.l.s. will respect the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity and confidentiality.
The Data Controller regarding all Personal Data processing operations carried out through the Website is T.O.S. S.r.l.s., with registered offices at 889 Greenford Road, Greenford, Middlesex UB6 0HE.
T.O.S. S.r.l.s. has appointed a local coordinator for privacy/Data Protection Officer (DPO). To get in touch with him/her for any information regarding the processing of Personal Data by T.O.S. S.r.l.s., including a list of its data processors, please contact: firstname.lastname@example.org.
What information do we collect from you?
As you use the Website and, in particular, as you provide information and upload files to the Website in order to access the Website’s services, T.O.S. S.r.l.s. may collect and process information related to you as an individual and which allows you to be identified, either directly or together with additional information (“Personal Data“). This information can be collected by T.O.S. S.r.l.s. both when you choose to provide it (e.g., when you request any services provided by T.O.S. S.r.l.s. over the Website) or simply by analyzing your behavior on the Website.
Data voluntarily provided by users
When creating an account on the Website, you will be asked to provide certain Personal Data such as contact details (e.g. your name, email address, telephone number, country of residence and physical address) and marketing preferences, for the purposes listed below.
Where the Website allows you to register through your personal profile in social media (Social Login) with your prior and revocable consent, we may access the same limited information included in such profile, related to your name, age, location, likes, interests, contacts and images.
The Website’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation, whose transmission is automatic when using Internet communication protocols.
Although T.O.S. S.r.l.s. does not collect this information in order to associate it to specific users, it is still possible that, by their nature and through processing and association with further data held by third parties, such data may permit to identify user, either directly via that information or by using other information collected. As such, this information must also be considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, information about your activities on our Website (for instance, the pages you visit, the goods you view), the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), details on the device (for instance, your computer, tablet or smartphone) which you use to access our Website and so on, by means of cookies and other technologies which allow this tracking.
Such data shall only be used by T.O.S. S.r.l.s. for anonymous, statistical purposes about the use of the Website, without associating them to any identifier of the users, to ensure its correct operation and identify any faults and/or abuse of the Website. This data may also be used for the purposes of investigating liabilities in the event of information crimes committed against the Website.
The processing of data shall be made by such procedures, technical and electronic means, which are suitable to protect the confidentiality and security of data and consists of collection, recording, organization, storage, consultation, elaboration, alteration, selection, retrieval, alignment, use, combination, block, communication, dissemination, erasure, and destruction of data, including a combination of two or more of such activities
Why do we process this information? Purposes of processing and legal grounds
T.O.S. S.r.l.s. intends to use your Personal Data, collected through the Website, for the following purposes:
- To provide answers or services you request, including allowing the creation of an account, to receive information from T.O.S. S.r.l.s. and sending you alerts by means of push notifications; to verify your identity and assist you, in case you lose or forget your login/password details for any of T.O.S. S.r.l.s. registration services; to allow you to create and maintain a registered user profile, to process transactions and enrolments you request, to contact you when necessary and respond to your requests and enquiries, including emails; to process card payments and to provide any other services which you may request; to send you newsletters you have subscribed to as a service (containing only informative content); to finalize purchase orders and deliver products bought on the Website and to provide any other services which you may request (“Service Provision“).
No consent is required for the processing of data for the purposes since such processing is necessary to provide the services requested and, therefore, for the performance of an agreement to which you are a party or for the implementation of measures requested by you prior to entering into an agreement (GDPR art. 6,1b). It is not mandatory for you to give T.O.S. S.r.l.s. your Personal Data for these purposes; however, if you do not, T.O.S. S.r.l.s. will not be able to provide any services to you.
- For marketing, promotional and publicity purposes, including to carry out direct marketing, as well as to carry out studies, research, market statistics or surveys, via e-mail, SMS, push notifications, pop-up banners, instant messaging, phone calls by an operator, T.O.S. S.r.l.s. official social media pages, regarding T.O.S. S.r.l.s. products and services (“Marketing“), and to send you offers, promotions or other information about our goods and services. Processing for these purposes is based on your consent. It is never mandatory for you to give consent to T.O.S. S.r.l.s. for the use of your Personal Data for these purpose, and you will suffer no consequence if you choose not to give it (aside from not being able to receive further marketing communications from T.O.S. S.r.l.s.). Any consent given may also be withdrawn at a later stage.
- For future marketing, promotional and publicity purposes, by sending you direct e-mail marketing communication regarding products and services provided by T.O.S. S.r.l.s. which are identical or similar to those you have previously requested through the use of the Website (“Soft Spam“). Processing for these purposes is based on T.O.S. S.r.l.s. legitimate interest in sending you direct e-mail marketing communication regarding products and services provided by T.O.S. S.r.l.s. and which are identical or similar to those you have previously purchased through the Website. You can block these communications, and you will suffer no consequence if you do so (aside from not being able to receive further communications from T.O.S. S.r.l.s.), by objecting through the unsubscribe link provided at the bottom of all such communications.
- To create your user profile (individual and/or aggregate profiles) on our Website, by collecting and analyzing information on the preferences you select and choices you make on the Website as well as on your general activities on the Website, through the use of profiling cookies (“Profiling“). This information will be used to personalize the Services provided through the Website, where possible, to suit your preferences and choices, as well as to serve you with information and advertisements which may be relevant to you and your interests, to propose customized offers that may be of your interest, to give you information about other websites/services which T.O.S. S.r.l.s. believes you may be interested in. All algorithms involved in this processing are regularly tested, to ensure the processing’s fairness and control for bias. Processing for this purpose is based on your consent, collected by means of the cookie pop-up banner and/or a specific tick box. It is never mandatory for you to give consent to T.O.S. S.r.l.s. for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to (aside from not being able to benefit from greater personalization of your user experience regarding the Website). Any consent given may also be withdrawn at a later stage, either by modifying your device settings or contacting T.O.S. S.r.l.s. at the address mentioned above.
- For compliance with laws which impose upon T.O.S. S.r.l.s. the collection and/or further processing of certain kinds of Personal Data, including regulations on contests in case users participate to contests or prizes on our Website (“Compliance”). When you provide any Personal Data to T.O.S. S.r.l.s., T.O.S. S.r.l.s. o must process it in accordance with the applicable laws, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations. No consent is required for the processing of data for this purpose since such processing is necessary to comply with a legal obligation (GDPR, art. 6, 1a).
- To prevent and detect any misuse of the Website, or any fraudulent activities carried out through the Website (“Misuse/Fraud“). Processing for this purpose is necessary to pursue T.O.S. S.r.l.s. legitimate interests in preventing and detecting fraudulent activities or misuse of the Website (for potentially criminal purposes).
- To analyze and improve our service provision, enhance the Website, evaluate the effectiveness of T.O.S. S.r.l.s. marketing activities and services, perform statistical and demographics analyses on T.O.S. S.r.l.s. corporate clients and registered users (“Analytics“).
Processing for this purpose is necessary to pursue T.O.S. S.r.l.s. legitimate interests in the development and administration of the Website and to improve the services provided on the Website.
Users shall not be required to provide Personal Data to browse public pages of the Website. The provision of Personal Data for the purposes mentioned above is optional, however, failure to provide required data (indicated as such in the registration form, as applicable) may prevent users from completing registration or availing of related services.
Who will be able to access your Personal Data?
In the framework of its activity and for the purposes specified above, your Personal Data may be shared with the following entities (“Recipients“):
- Other companies within the T.O.S. S.r.l.s. for internal administrative purposes; and
- Duly appointed data processors, providing specific processing or accessory services (e.g. storing data, sending out messages for us, web hosting, contests’ management, consumer service, IT services regarding the Website operation, emailing) on T.O.S. S.r.l.s. behalf and under its instructions, whose data protection maturity has been checked by T.O.S. S.r.l.s. before entering into the required data processing agreement. The full updated list of appointed as data processors, which may include other companies within the T.O.S. S.r.l.s., is available from our data protection officer;
- Selected individuals authorized by T.O.S. S.r.l.s. to process Personal Data needed to carry out activities strictly related to the provision of the services through the Website (e.g. technical maintenance of network equipment and electronic communications networks), who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of T.O.S. S.r.l.s.);
- Public entities, bodies or authorities, in accordance with the applicable law or binding orders of those entities, bodies or authorities. We may also disclose your Personal Data when we believe in good faith that disclosure is necessary to protect your safety or the safety of others, investigate fraud, or respond to a government request.
Personal data shall not be disclosed nor transferred to third parties, except in the event of extraordinary corporate transactions, when Personal Data may be assigned or contributed to third party purchasers/lessees or assigns.
Personal Data may be transferred to other countries of the European Union where the premises or the servers of T.O.S. S.r.l.s. or of any of its suppliers are located.
Personal Data shall not be transferred outside the territory of the European Union.
In order to comply with laws protecting children’s online privacy, T.O.S. S.r.l.s. does not knowingly collect any Personal Data from children under 16. T.O.S. S.r.l.s. takes children’s privacy seriously. As such, we would recommend that a parent or guardian assist and guide any children under 16 which may intend to browse the Website or access the services provided by T.O.S. S.r.l.s.. Children under age 16 should not use T.O.S. S.r.l.s. Website or services. In the event that T.O.S. S.r.l.s. learns that it has inadvertently collected Personal Data from a child under the age of 16, T.O.S. S.r.l.s. will promptly delete such information.
If parents/guardians would like to prevent a minor from accessing the Website, programs are easily available which enable control over access to the Internet or specific websites.
Security of Personal Data
All Personal Data collected and processed through the Website will be stored and processed so as to minimize the risk of destruction, loss (including accidental loss), unauthorized access / use or incompatible use with the initial purpose of collection. This is achieved by the technical and organizational security measures put in place by T.O.S. S.r.l.s..
Retention of Personal Data
Generally, T.O.S. S.r.l.s. will keep your Personal Data only for as long as strictly necessary, according to the reason for which it was collected:
- Personal Data processed for Service Provision will be kept by T.O.S. S.r.l.s. for the period deemed strictly necessary to fulfil such purposes. Information will, however, be kept for longer if we need it to address any claims regarding the services or to protect T.O.S. S.r.l.s. interests related to potential liability related to the Service Provision.
- Personal Data processed for Marketing and Profiling will be kept by T.O.S. S.r.l.s. from the moment you give consent until the latter is withdrawn. Where it is not withdrawn, consent will be asked to be renewed at fixed intervals of 24 months. Once consent is withdrawn (or not given, following a renewal request), Personal Data will no longer be used for these purposes, although it may still be kept by Ferrero as it may be necessary to protect T.O.S. S.r.l.s. interests related to potential liability related to this processing. Personal Data processed for Soft Spam will be kept by T.O.S. S.r.l.s. from the moment where it is provided by you to T.O.S. S.r.l.s. until you object to this processing. Once you have objected, Personal Data will no longer be used for these purposes, although it may still be kept by T.O.S. S.r.l.s., in particular as may be necessary to protect T.O.S. S.r.l.s. interests related to potential liability related to this processing.
- Personal Data processed for Compliance will be kept by T.O.S. S.r.l.s. for the period required by the specific legal obligations for which the Personal Data was processed.
- Personal Data processed for preventing Misuse/Fraud and Analytics will be kept by T.O.S. S.r.l.s. for as long as deemed strictly necessary to fulfil the purposes for which it was collected.
After such periods, all data shall be deleted or anonymized, except that data we are required by law to keep for a longer period.
What are your rights? How can you exercise them?
As a data subject, you are entitled to exercise the following rights, at any time:
- Obtain confirmation as to the existence of your Personal Data being processed by T.O.S. S.r.l.s., access and obtain copy of such data;
- Update, modify and/or rectify your Personal Data where it may be inaccurate or incomplete;
- Obtain erasure of your Personal Data where you feel that the processing is unnecessary or otherwise unlawful, render Personal Data anonymous, block data whose processing is unlawful or set limits to the processing;
- Object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent T.O.S. S.r.l.s. from processing your Personal Data for a given purpose;
- Object to processing of Personal Data that is made for the purposes of sending advertising material, carrying out direct sales, market researches or for commercial communication;
- Withdraw your consent to processing (for Marketing and Profiling), where your consent serves as the legal basis for processing – this will not affect the lawfulness of processing carried out prior to your withdrawal.
- Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, or that the processing is unnecessary or unlawful, as well as where you have objected to the processing;
- Portability – you have the right to obtain a copy of the Personal Data you provided to T.O.S. S.r.l.s. in a structured, commonly used and machine-readable format, as well as to request the transmission of those Personal Data to another data controller;
- Please note that most of the Personal Data you provide to T.O.S. S.r.l.s. can be changed at any time, including your e-mail preferences, by accessing, where applicable, your user profile created on the Website.
When requesting services via the Website, you may have selected one or more means of communication via which Personal Data processing for Marketing purposes may be carried out (e.g., phone, SMS, email, mail, social media). You may withdraw your consent to this processing for all selected means of communication, or you can choose to block specific means only (e.g., if you only withdraw consent for SMS marketing communications, you will not receive further communications via SMS, but may continue to receive them via e-mail), by means of your user profile created on the Website, where applicable.
You can also withdraw consent for Marketing (for communications received via e-mail) by selecting the appropriate link included at the bottom of every marketing message.
Consent for Profiling carried out by cookies may be withdrawn at any time. Where consent for Profiling was given via a specific tick box, you may withdraw this consent by changing your preferences, at any time, within your user profile created on the Website, where applicable.
At any time, you shall be entitled to exercise the rights established by the law in force, by addressing the relevant request to our Privacy Department at our registered address, as detailed above, or email address: email@example.com.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Finally, you are entitled to file complaints with to your local EU Data Protection Authority or to the data protection authority of the United Kingdom, the Information Commissioner’s Office (ICO) at https://ico.org.uk/, or Republic of Ireland Data Protection Commission at https://www.dataprotection.ie/docs/Home/4.htm if you believe that we have handled your information in an unlawful manner.