According to art. 13 and pursuant to EU Regulation n. 679/2016 (GDPR)
Types of personal data collected and processed
Sushi&Co. collects the personal data of users visiting and consulting the Website, the so-called browsing data. The technological platform by means of which the Website is made available to the user, in fact automatically records certain browsing data – the transmission of which is implicit in the use of Internet communications protocols – such as, for example, the name of the Internet access provider, the source website, the pages visited, the date and duration of each visit, etc. Such information permits access to the Website and the use of certain services, and this information may be utilized in an anonymous and aggregated form for statistical purposes and in order to verify the correct functioning of the Website.
Sushi&Co. does not collect such data in order to associate them with other information about users, and subsequently to identify such users; nevertheless, the data in question, by their very nature, may permit the identification of users following processing and association with other information. Browsing data may thus be used by Sushi&Co. to ascertain whether any liability exists regarding computer crimes committed to the detriment of the Website, or by means of the Website. Without prejudice to such event, the aforementioned browsing data are only stored temporarily, in accordance with applicable law.
Personal data provided voluntarily by the user
Sushi&Co. collects and processes the personal data that the user voluntarily provides when he/she interacts with the Website’s functions and services, such as in the event of filling the contact form in order to have information about the services and the business developed by Sushi&Co. and to receive newsletters and other commercial communications as well as to send spontaneous job applications as well as in case of requests for information or sending communications to Sushi&Co..
Purpose of processing
Sushi&Co. processes the user’s data for the following purposes:
a) operational management of browsing on the Website;
b) management of the Website security;
c) statistical processing;
d) compliance with legal obligations;
e) exercise of rights in judicial proceedings.
The legal basis for these purposes is: for the purposes referred to in points a), b), c) and e) is the legitimate interest of Sushi&Co.; for the purposes referred to in point d) is the execution of legal obligations.
Data retention period
Personal data of users, subject to processing for the purposes indicated above, will be retained for the entire duration of the relationship and, subsequently, for the time in which the Data Controller is subject to conservation obligations for tax purposes or for other purposes provided for by laws or regulations.
The user’s personal data are processed by computer and telematic methods, mainly by electronic and automated means and, and, limited to particular operations, by paper. In accordance with the GDPR, specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.
Persons involved in the processing
The user’s personal data are processed by persons authorized to the processing, in accordance with the provisions of the GDPR.
Furthermore, the data may be disclosed to other third parties such as professionals, consultants and more generally third parties who cooperate with Sushi&Co. for the pursuit of the above purposes, or third parties who have been entrusted with activities in outsourcing.
In any case, Sushi&Co. undertakes to provide such third parties only with the data necessary to carry out the functions and activities entrusted to them and also undertakes to do its utmost to ensure that third parties use the data received only for the purposes indicated by Sushi&Co. and in compliance with the applicable regulations on the processing of personal data.
The user’s personal data may also be disclosed to legitimate recipients in accordance with the law or regulations, for example in the event of requests by the competent public authorities and judicial authorities or, more generally, in the context of judicial proceedings, as well as to protect and defend the Website and the rights of Sushi&Co..
Such parties will process the data as autonomous data controllers or processors, depending on the circumstances.
The updated list of all recipients of data can be requested from the Data Controller cited below at the e-mail address email@example.com
Connection to third-party websites and services
The Website or the messages and communications that Sushi&Co. sends to the user may contain banners, advertising messages and advertisements of third parties or business partners of the Data Controller.
Sushi&Co. therefore invite users to pay attention to adhering to the services offered by third parties and to read the information notices provided by the third party regarding the processing of personal data carried out by the same, in relation to which Sushi&Co. cannot carry out any control, nor be held responsible.
Data controller is Sushi&Co. SRL, with registered office in Florence, Via San Gallo, n. 123.
Data Processing Officer
The Data Protection Officer (DPO) can be contacted at the following e-mail address: firstname.lastname@example.org
Additional Rights for Users in Europe
By contacting the Company via e-mail at the address email@example.com the user may request the Company for access to the data concerning him/her, for their erasure, rectification of inaccurate data, integration of incomplete data, restriction of processing in the cases provided for in Art. 18 of the GDPR, as well as object to processing in cases of legitimate interest of the Company.
Furthermore, where processing is based on consent or contract and is carried out by automated means, the user has the right to receive his personal data in a structured, commonly used and machine-readable format and, if technically feasible, to transmit them to another controller without hindrance.
The user has the right to withdraw at any time his/her consent for marketing and/or profiling purposes, as well as to object to the processing of data for marketing purposes, including profiling related to direct marketing. This is without prejudice to the possibility that the user prefers to be contacted for the above purposes exclusively through traditional means, to object to the receipt of communications through automated means only.
Finally, the user has the right to lodge a complaint with the competent Supervisory Authority in the Member State where he usually resides or works or in the State where the alleged infringement has occurred.
Amendments to this document
Last update: 1 Jan. 2021