Information provided pursuant to EU Reg. 2016/679 (hereinafter GDPR)

1.1 Subject of the Processing
1.2 Purpose and Legal Basis of the Processing
1.3 Processing Methods and Retention Period
1.4 Scope of Processing
1.5 Policy Updates

GENERAL PRIVACY POLICY
Information provided pursuant to EU Reg. 2016/679 (hereinafter GDPR)
General Information
Data subjects are informed of the following general profiles, valid for all areas of processing:

  • All data is processed lawfully, fairly, and in a transparent manner in relation to the data subject, in compliance with the general principles set out in Art. 5 of the GDPR;
  • Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access.

References and Rights of Data Subjects
The Data Controller is Tosi Renzo Srl a socio unico, in the person of its pro-tempore legal representative, who may be contacted to exercise all rights provided for by articles 15-21 of the GDPR (right of access, rectification, erasure, restriction, portability, objection), as well as to revoke previously granted consent; in the event of a failure to respond to their requests, data subjects may lodge a complaint with the Supervisory Authority for the protection of personal data (GDPR – Art. 13, paragraph 2, letter d).

Contact Details of the Data Controller
Tosi Renzo Srl a socio unico
Tel: +39 0524 204386 – Email: privacy@pasticceriatosi.it

1.1 Subject of the Processing

The Company processes personal identification data of customers/suppliers (for example, name, surname, company name, personal/fiscal data, address, telephone, e-mail, bank and payment details) and its operational contacts (name, surname, and contact details) acquired and used within the scope of providing/receiving the services.

1.2 Purpose and Legal Basis of the Processing

Data is processed to: • Conclude contractual/professional relationships; • Fulfill pre-contractual, contractual, and tax obligations arising from existing relationships, as well as manage necessary communications related to them; • Comply with obligations provided for by law, regulations, community legislation, or an order from the Authority; • Exercise a legitimate interest as well as a right of the Controller (for example: the right of defense in court, the protection of credit positions; ordinary internal operational, management, and accounting needs). Failure to provide the aforementioned data will make it impossible to establish a relationship with the Controller. Pursuant to Art. 6, paragraphs b, c, f, the aforementioned purposes represent suitable legal bases for the lawfulness of the processing. Should the Company intend to carry out processing for different purposes, specific consent will be requested from the data subjects.

1.3 Processing Methods and Retention Period

The processing of personal data is carried out by means of manual/computerized operations, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Personal data are subject to both paper and electronic and/or automated processing. The Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations.

1.4 Scope of Processing

Data is processed by internal subjects who are regularly authorized and instructed pursuant to Art. 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects operating as Data Processors or independent Data Controllers (consultants, technicians, banking institutions, carriers, etc.).

1.5 Policy Updates

Si segnala che la presente informativa può essere oggetto di revisione periodica, anche in relazione alla normativa ed alla giurisprudenza di riferimento. In caso di variazioni significative verrà data, per un tempo congruo, opportuna evidenza.