On this page you can find all the information relating to the management methods of the cerutti-caffe.ch website with reference to the processing of personal data of users who consult it. This information is provided in compliance with the obligations deriving from the European Regulation for the protection of personal data n. 679/2016 (GDPR) and national legislation.
Holder of the treatment
The Data Controller is Massimo Cerutti SA, CHE-106.675.042, with registered office in Via Casate 17, 6883 Novazzano. Email: firstname.lastname@example.org
Nature, methods and purposes of the collected data
Like all websites, this site also makes use of log files in which information collected in an automated manner is stored during user visits. The information collected is as follows: IP addresses of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, type of browser and device parameters used to connect to the site.
The aforementioned information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site. For security purposes (spam filters, firewalls, virus detection), the automatically recorded data could be used, in accordance with the laws in force on the subject, in order to block attempts to damage the site itself or damage other users, or in any case activities harmful or constituting a crime. These data are never used for the identification or profiling of the user, but only for the purpose of protecting the site and its users.
The legal basis that legitimizes the processing of such data is the legitimate overriding interest of the Data Controller.
Data provided voluntarily by the user
Any explicit and voluntary sending of personal data on this Site entails the subsequent acquisition of the sender's email address, necessary to respond to requests, as well as any other personal data provided. Failure to provide them may make it impossible to obtain what is requested.
The legal basis that legitimizes the processing of such data is the consent freely provided by the interested party, which can be revoked at any time using the contact details of the Data Controller.
The ways in which the user can send personal data are:
Contact forms: the data are used solely and exclusively for the purpose of responding to the request, are transmitted via an encrypted connection, are not saved on the database, are never communicated to third parties or disseminated and are kept for the time strictly necessary to carry out the specified activities.
Purchase of a product: in this case the data, transmitted via an encrypted connection, are used in order to perfect and make possible the contract with the purchasing user. The data remains stored in the database, in a manner suitable to guarantee its integrity, security and confidentiality (such as the use of firewalls, antivirus systems, data backups, encrypted connection to the Site), until they are deleted upon request by the user. to the Data Controller, by ordinary or electronic mail. Any personal data collected are not subject to any disclosure.
Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the user can, according to the methods and within the limits established by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him (right of access)
- know its origin
- receive intelligible communication
- have information about the logic, methods and purposes of the processing
- request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected
- in cases of consent-based processing, receive only the cost of any support, its data provided to the owner, in a structured and readable form by a data processor and in a format commonly used by an electronic device
- the right to lodge a complaint with the supervisory authority
- as well as, more generally, to exercise all the rights that are recognized by the current provisions of the law.
Requests should be addressed to the Data Controller.
Personal data breach notification
In the event that the user's data are compromised, the Data Controller will inform the user and the supervisory authorities within 72 hours by email with information on the extent of the violation, the data concerned, any impacts on the Service and the plan. action with measures aimed at securing data, and limiting any adverse effects on personal data.
"Personal data breach" means security breaches that lead to accidental or illegal destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored or otherwise processed in connection with the provision of the Service.
Information on cookies
A cookie is a small text file that is stored by the computer when a website is visited by a user. The text stores information that the site is able to read when it is consulted at a later time. Some of these cookies are necessary for the proper functioning of the site, others are useful to the visitor because they are able to safely store certain settings and preferences, others are used to collect statistical data on the activity of the Site.
Types of cookies used by this site
Cookies strictly necessary for the site to function
The GDPR n. 679/2016 establishes that cookies can be stored on the user's device only if strictly necessary for the functioning of the Site. These cookies are installed directly from the Site and consent is not required for them. The Site cannot function properly without these cookies.
- THE session cookies they are essential in order to distinguish between connected users and are useful to prevent a requested functionality from being provided to the wrong user, as well as for security purposes to prevent cyber attacks on the site. Session cookies do not contain personal data and last only for the current session, i.e. until the browser is closed.
- THE functionality cookies used are strictly necessary for the use of the Site, in particular they are connected to an express request for functionality by the user, for example the saving of preferences regarding cookies.
Third party cookies:
The Site also acts as an intermediary for third-party cookies, used for statistical and / or marketing purposes, to be able to provide additional services and features to visitors and to improve the use of the Site. The Site has no control over third party cookies, which are entirely managed by third parties, except for the consent to their use which is at the user's discretion. Detailed information on the use of these cookies and their purposes are provided directly by the third parties on the pages indicated below.
The caffe-cerutti.ch site does not use profiling cookies.
Transfer of data to non-EU and non-Swiss countries
The Site may share some of the data collected with services located outside the European Union and Switzerland, such as Google Analytics and Google Maps. The transfer is authorized on the basis of specific so-called agreements Privacy Shield between the EU-US and Switzerland-US, so no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
The user gives his consent to the use of third-party cookies ("unnecessary") indicated above by clicking on the "Accept" button placed inside the banner at the bottom of the page bearing the first information ("short information") in about cookies.
When the user sends or withdraws his consent to the use of unnecessary cookies by the Site, the following data will be automatically recorded by the IT system of the Site itself:
- The user's IP address anonymously (the last three digits are converted to “000”).
- The date and time of consent.
- The URL from which consent was sent.
- A random, anonymous key value.
- The status of the user's consent, which constitutes proof of consent.
The key and the status of the consent are also saved on the user's browser with a first-party cookie, called "ckStat", so that the Site can automatically read and respect the user's consent on the occasion of subsequent requests for the page and future user sessions for up to 12 months. The key is used as proof of consent and to verify that the status of the consent saved in the user's browser is unchanged from the original consent sent to the Site.
Your current status
Accept all cookies (necessary, not necessary)
Instructions for disabling cookies can be found on the following web pages: