Privacy Statement
Information pursuant to article 13 of the European Regulation 2016/679 GDPR
The navigation data are deleted immediately after their aggregation (except for any need for the detection of crimes by the judicial authority).
The subjects belonging to the above categories will operate, in some cases, as separate data controllers, in other cases, as data processors specifically appointed by the Data Controller pursuant to Article 28 of the GDPR. In any case, the communication of your data to the third parties identified above is understood to be based on the legitimate prevailing interest of the Data Controller, insofar as it is necessary for the pursuit of the aforementioned purposes.
Right of rectification - article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and / or the integration of incomplete personal data;
The right to erasure does not apply to the extent that processing is necessary for the fulfillment of a legal obligation or for performing of a task in the public interest or for the assessment, exercise or defense of a right in court.
Right to data portability - Article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Owner and the right to transmit them to another holder without impediments, if the treatment is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data is transmitted directly by the Data Controller to another data controller if this is technically possible; |
Information pursuant to article 13 of the European Regulation 2016/679 GDPR
With this document ("Information"), the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data when consulting the website www.merulana.it and on the rights that the Regulation (EU) 2016/679 recognizes them relating to the protection of individuals with regard to the processing of personal data, as well as to the free movement of such data ("GDPR").
This information relates exclusively to the processing of personal data conducted through the website www.merulana.it.
This information does not concern the processing of personal data conducted through any third party websites, pages or online services, which can be reached by the interested party through hypertext links that may be present on the Site. This treatment remains subject to the privacy policy provided by the operator of the related third party site; therefore, interested parties are invited to read these documents before browsing third party sites.
By consulting the sites listed above, data relating to identified or identifiable natural persons may be processed.
The owner of the processing of personal data managed through the site is Compagnia del Buon Gusto S.r. l., with registered office in Via Massimi 154 - 00136 Roma - e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it..
Types of data processed, purpose and nature of the treatment, legal basis and consequences of a refusal
Site navigation
During their normal operation, the IT systems and software procedures used to operate this Site acquire some personal data whose transmission is implicit in the use of Internet communication protocols. It follows that any theoretical refusal to provide such data would imply the impossibility of consulting the Site.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI / URL (Uniform Resource Identifier / Locator) notation of the requested resources, the time of the request, the method used in the submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
- check the correct functioning of the services offered.
The navigation data are deleted immediately after their aggregation (except for any need for the detection of crimes by the judicial authority).
The legal basis for the processing of your data for this purpose is the fulfillment of your request, pursuant to Article 6, first paragraph, letter b), of the GDPR, to be considered implicit due to the simple access to the Site; therefore, your consent is not necessary to authorize the treatment.
Cookies and other tracking systems
Cookies are not used for user profiling, nor are other tracking methods used. Instead, session cookies (non-persistent) are used strictly limited to what is necessary for the safe and efficient navigation of the Site. The storage of session cookies in terminals or browsers is under the control of the user, where on the servers , at the end of the HTTP sessions, the information relating to cookies remains recorded in the service logs, with in any case limited retention times starting from the generation or update.
How your personal data will be processed
The processing of your personal data will take place, in compliance with the provisions of the GDPR, using IT and telematic tools, for the purposes indicated and, in any case, with suitable methods to guarantee their security and confidentiality in compliance with the provisions of Article 32 of the GDPR.
To which subjects your personal data may be communicated and who can learn about them
For the pursuit of the purposes described above, your personal data will be communicated to employees, external consultants and collaborators of the Data Controller who will operate as persons authorized to process personal data, specifically appointed as data processors.
Furthermore, for the pursuit of the aforementioned purposes, your personal data may be processed by the following third parties:
- IT system management service providers;
- technical assistance service providers;
- other service providers.
The subjects belonging to the above categories will operate, in some cases, as separate data controllers, in other cases, as data processors specifically appointed by the Data Controller pursuant to Article 28 of the GDPR. In any case, the communication of your data to the third parties identified above is understood to be based on the legitimate prevailing interest of the Data Controller, insofar as it is necessary for the pursuit of the aforementioned purposes.
At any time you can ask for the list of data processors by contacting the Data Controller.
Your personal data will not be disclosed to the public.
Furthermore, the Data Controller does not intend to carry out any type of transfer of your personal data to non-European countries.
What rights do you have as an interested party
In relation to the treatments described in this Information, you can exercise the rights listed in this section, sanctioned by Articles 15 to 21 of the GDPR. In particular:
Right of access - Article 15 of the GDPR: right to obtain confirmation that personal data processing is or is not being processed and, in this case, obtain access to your personal data - including a copy of the same - and communication , among others, the following information:
- purpose of the treatment
- categories of personal data processed
- recipients to whom they have been or will be communicated
- data retention period or the criteria used
- rights of the interested party (rectification, cancellation of personal data, limitation of processing and right to object to processing
- right to send a complaint
- right to receive information on the origin of my personal data if they have not been collected from the interested party
- the existence of an automated decision-making process, including profiling;
Right of rectification - article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and / or the integration of incomplete personal data;
Right to erasure (right to be forgotten) - Article 17 GDPR: right to obtain, without undue delay, the erasure of personal data concerning you, when:
- the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- You have revoked your consent and there is no other legal basis for the processing;
- You have successfully opposed the processing of personal data;
- the data have been unlawfully processed;
- the data must be erased to fulfill a legal obligation;
- personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1, GDPR.
The right to erasure does not apply to the extent that processing is necessary for the fulfillment of a legal obligation or for performing of a task in the public interest or for the assessment, exercise or defense of a right in court.
Right to limitation of treatment - Article 18 GDPR: right to obtain the limitation of treatment, when:
- the interested party disputes the accuracy of the personal data;
- data processing is illegal and the interested party opposes the cancellation of personal data and instead requests that their use be limited;
- personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
- the interested party opposed the treatment pending verification of the possible prevalence of the legitimate reasons of the data controller over those of the interested party.
Right to data portability - Article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Owner and the right to transmit them to another holder without impediments, if the treatment is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data is transmitted directly by the Data Controller to another data controller if this is technically possible;
Right to object - Article 21 GDPR: right to object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing;
Right to lodge a complaint - to the competent authority on personal data, by sending the complaint to the Guarantor for the protection of personal data, at Piazza Venezia n. 11 - 00187 Rome; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., or to the supervisory authority of your place of habitual residence, work, or the place where the violation took place.
How you can exercise your rights
The above rights can be exercised by contacting the owner at the above addresses. The exercise of your rights as an interested party is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also for their repetitiveness, the Data Controller may charge you a reasonable expense contribution, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.
Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the interested party.