Privacy policy

Information pursuant to Articles 13 et seq. of Regulation (EU) No. 679/2016 of 27 April 2016 (GDPR – General Data Protection Regulation) “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”.

By browsing the pages of this website and/or registering for our services, users voluntarily provide BAGLIO DIAR soc. coop. a.r.l., the Data Controller, with their personal data. The personal data submitted will be processed in compliance with the data protection principles set out in Regulation (EU) No. 679/2016 and other applicable laws.

Data Controller
The Data Controller is BAGLIO DIAR soc. coop. a.r.l. (hereinafter also referred to as the “Data Controller”) and can be contacted in writing at: Via Lipari, 13, 91025 Marsala (TP), Sicily, or by email at info@bagliodiar.com.

Types of data processed
Usage and browsing data are processed insofar as the IT systems and software procedures used to operate this website acquire information whose transmission is inherent in the use of Internet communication protocols.
This information is not collected to be associated with identified individuals; however, it could, through processing and association with data held by third parties, allow users to be identified (e.g. IP addresses, domain names of users’ devices, URI addresses of requested resources, request time, method used to submit the request to the server, and other parameters relating to the user’s operating system, browser, and devices). Among the technologies used to collect and store information, cookies play a significant and independent role; users are invited to refer to the specific cookie policy.

Data voluntarily provided by users during registration, subscription to our website and/or contact, and/or data made publicly available by users, are also processed. These may include personal identification data such as name, surname, address, email, phone number, fax, the content of any messages, etc., as well as economic data strictly necessary for the performance of existing or future contractual relationships.
Special categories of data (sensitive or judicial data) as defined by Article 4 and Article 9 of Regulation (EU) 2016/679 are not processed, unless specific legal exceptions apply.

Purpose and legal basis of processing
Personal data collected through registration or subscription to our website are processed to allow access to products, services, and content reserved for registered users.
The legal basis for processing, pursuant to Article 6 of Regulation (EU) 2016/679, includes:

– the data subject’s consent;
– the performance of a contract to which the data subject is a party or pre-contractual measures;
– compliance with a legal obligation;
– the legitimate interests of the Data Controller or third parties, provided these do not override the rights and freedoms of the data subject (e.g. fraud prevention, protection of rights, direct marketing activities).

If the user has given consent, BAGLIO DIAR soc. coop. a.r.l. may also process personal data to:

– provide access to products, services, and content;
– send marketing communications about its own or third-party products and services, including via automated means;
– carry out market research and customer satisfaction surveys;
– analyze user behavior and consumption habits to improve services and tailor commercial offers, including providing aggregated data to third parties through cookie-based tracking systems;
– share data with third parties for marketing purposes, where consent has been given;
– fulfill administrative, accounting, and contractual obligations.

Processing methods
Personal data submitted through registration/subscription forms may be processed using automated tools and paper-based systems.
The Data Controller may also process data in aggregated form, in compliance with applicable regulations, for statistical analysis, service improvement, and marketing planning.
Appropriate security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorized access.
Processing related to web services takes place at the company’s premises and is handled by authorized technical staff.
Data are stored in electronic databases located in Italy and within the European Economic Area (EEA).

Provision of data
Providing data is optional; however, failure to provide mandatory data will prevent proper registration, access to reserved services, and, in the case of purchases, the acceptance and execution of orders.

Recipients of data
Personal data may be accessed by:

– internal administrative staff;
– staff involved in contract execution;
– administrators, accountants, and external consultants.

Data may also be processed by third parties acting as data processors under Article 28 GDPR (e.g. IT service providers, logistics companies, consultants, banks, insurance companies, customer support providers), strictly within the scope necessary to perform their duties and under confidentiality obligations.

Disclosure and dissemination
Personal data will not be disclosed to the public. However, they may be communicated to:

– affiliated or associated companies;
– entities authorized by law or regulations;
– public authorities for institutional purposes.

Data subject rights
Users may exercise their rights under Articles 15–22 GDPR at any time by contacting the Data Controller. These include the right to access, rectify, erase, restrict processing, object, data portability, withdraw consent, and lodge a complaint with the competent supervisory authority.

Data retention
Personal data are retained in accordance with applicable laws and only for as long as necessary to achieve the purposes described above. In particular, administrative data may be retained for at least 10 years as required by law.
Once no longer needed, data will be securely deleted or irreversibly anonymized.

Additional information
This privacy notice may be updated. In case of significant changes or new processing purposes, users will be informed in advance.