< >

Legal notes and privacy

CLAL S.r.l.

Use of Data and Limitation of Liability

The mere reproduction of any of the data and information found on the websites www.clal.it, news.clal.it, teseo.clal.it and CLAL and TESEO apps, made available in any manner, is permitted.

Data processed by CLAL available through reserved access may not be transferred or disseminated in any manner by the user having access. These data may include, for example, but are not limited to, those found in the areas available through reserved access: Dairy World Trade (DWT), Slideshow, Milk Atlas.

In the event that data processed by CLAL on the websites and apps, and/or those processed by third parties, are used, the origin of the data must be stated.

The automated collection of data and information found on the aforementioned websites and apps is strictly forbidden unless express prior authorization has been given by CLAL S.r.l., which must be requested via e-mail at the address .

Any breach of the provisions set out above will be prosecuted before the competent civil and criminal authorities.

Forecasts made by CLAL are the result of the mathematical-statistical processing of data representing the time series, whose future values are to be estimated, as well as other series of data considered adequate to explain the variations in the time series to be forecast.

CLAL (and members of its management team and/or staff, its employees and/or working associates) will not under any circumstances be held liable towards anyone for any damage (including, but not limited to, loss of profit and/or losses, direct or indirect damage of any kind) resulting from the use of these websites and apps, data, information or forecasts found on it (including those originating from third parties), or from opinions and recommendations given (including, for example, but not limited to: Farm-gate milk prices, Italy (Lombardy)).

Even though the sites and apps, data, information and forecasts have been put together with the utmost care, they may contain typing, technical or other errors.

We are constantly changing and improving our services. The data, information and functionalities may be altered or revised and the provision of any information or service may be suspended or permanently interrupted at any time without prior notice.


Privacy

THE PURPOSE BEHIND THIS NOTICE

On this page you will find a description of the methods adopted to run the websites www.clal.it, news.clal.it, teseo.clal.it and the CLAL and TESEO apps, with reference to the processing of personal data of “users” consulting them.
It represents a privacy statement, which has also been drawn up pursuant to art. 13 of Legislative Decree 196/2003 (Code on the Protection of Personal Data) for those interacting with web services originating from the following addresses:

www.clal.it, news.clal.it and teseo.clal.it

and with CLAL and TESEO apps.

The privacy statement was drawn up solely for the websites and apps listed above and not for any other websites or apps consulted by the user via links provided.

Place where data are processed

Processing connected with web services available on these sites and apps takes place at the aforementioned registered office of the company Clal S.r.l. and is dealt with exclusively by staff at the offices instructed to handle data, or by persons instructed to carry out sporadic maintenance operations. No data originating from the web service are transferred or disseminated, apart from in the manner described below.

Types of data processed

Navigation data

The data processing systems and software procedures responsible for running these websites and apps obtain, during normal operations, certain personal data whose transmission is implied when Internet communications protocols are used. This information is not collected to be associated with the subjects concerned, but, by their very nature, may, through processing and association with data kept by third parties, allow the users to be identified.
This category of data includes IP addresses or domain names of computers with which users connect up to the sites and apps, addresses in notation URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method adopted to submit the request to the server, the size of the file obtained in reply, the numeric code indicating the state of the reply given by the server (successfully completed, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used solely for the purpose of obtaining anonymous statistical information on the use of the sites and apps and of ensuring that the sites and apps function correctly. The data may be used to ascertain liability in the event of supposed computer crimes damaging the sites and apps.

Data supplied voluntarily by the user

By consulting these sites and apps, personal data relating to identified or identifiable individuals may in fact be processed. More precisely, it is pointed out that this processing may involve personal data supplied freely by Users who send the Data Controller their information via the addresses found on the websites and apps, such as, for example company e-mail addresses, and/or when filling in forms intended for the collection of information found on the sites and apps. In fact, the discretionary, express and voluntary transmission of electronic mail to the addresses indicated on these sites and apps result in the acquisition of the sender’s address, necessary in order to reply to requests and queries, as well as any other personal data inserted in the message. Specific detailed information on the data processing, furnished in keeping with art. 13 of EU Reg. no. 679/2016, is set out, as each case arises, on the pages containing the forms for the collection of visitors’ data. This information is intended to define the restrictions and purposes applied and methods adopted in the processing of every data collection form and, every visitor can freely give his consent and authorise the collection of data and the subsequent use thereof.
Generally, with regard to data supplied voluntarily by the user, we wish to inform Users that EU Reg. no. 679/2016 and Italian Legislative Decree no. 196/2003 (as subsequently amended and supplemented) safeguard the rights of natural persons in connection with the processing of their personal data. According to this legislation, data must be processed lawfully, fairly and in a transparent manner, safeguarding your privacy and your rights.

In accordance with the aforementioned article 14 EU Reg. no. 679/2016, we provide you with the following information:

The Data Controller may process data by means of automated processes and/or the collection of paper documents.
The User is at liberty to provide his information, by sending it to the Data Controller via the addresses found on the websites (www.clal.it, news.clal.it and teseo.clal.it) and CLAL and TESEO apps, and/or filling in the specific information collection forms found on the sites and apps; in the latter case, failure to confer certain data could, in some circumstances, make it impossible for the activities requested by the User to be dealt with (for example, see “mandatory fields” marked <<*>> on the information collection forms).
The User’s personal data will be processed by subjects specifically instructed by the Data Controller to act as data processors and/or by any subject acting with its authorisation, who has access to personal data; these subjects will process your data only when necessary for the purposes for which they were conferred and solely in the performance of the tasks assigned to them by the Data Controller, undertaking to process exclusively those data necessary for the performance of such tasks and solely for the purpose of carrying out operations necessary for the performance thereof.

Furthermore, personal data may be transferred to third parties whenever this is strictly necessary in order to provide specific services or information requested by the User.

Finally, it is pointed out that the Data Controller may use internal or external IT technicians for occasional maintenance operations, revision or assistance in the event of malfunctioning of the websites and apps.
The transfer of data in the manner described above is strictly connected to the Company’s normal operations carried out in the handling of the working relationship and is strictly necessary for the purposes for which the data were conferred;
c1)   The Data Controller may transfer personal data to another country or to an international organisation; this could happen in case of use of specific IT services that involve a transfer of data to the U.S.A. (the transfer abroad takes place pursuant to art. 46, par. 2, letter c) of EU Reg. 679/2016, by virtue of the provision of Type Data Protection Clauses). In the case of transfers referred to in article 46 or 47, or article 49, paragraph 1, second clause, we inform you that a copy of these guarantees may be requested from the Data Controller by sending a specific request to the addresses indicated in point a) of this information and a copy of these guarantees will be made available at the registered office of the Data Controller.
c2) data will not be transferred to other third parties, unless your express consent is first obtained.
Your personal data will not be disseminated.
Data will be kept for the period strictly necessary to achieve the purposes for which they were conferred; data will be kept in a form that allows the data subject to be identified for a period not exceeding that strictly necessary for the purposes for which they were collected or later processed, following which, unless expressly reconfirmed by the data subject, they will be destroyed, or may always be rendered anonymous.
Should it prove necessary for personal data conferred to be processed for purposes differing from or additional to those described above, the Data Controller will provide you with information regarding the purposes in question and any other relevant details.

Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing, the Data Controller has, both at the time of establishing the means for processing and at the time of the processing itself (referred to as risk analysis - accountability), implemented appropriate technical and organizational measures, which are designed to implement data-protection principles in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of UE Reg. no. 679/2016 and to safeguard the rights of the data subject.

Data will be processed with the implementation of methods and tools that are capable of guaranteeing security (art. 24, 25 and 32 UE Reg. no. 679/2016) and by means of automated processes and non-automated means (paper-based filing), applying all the technical and organizational measures to ensure a level of security appropriate to the risk, and thereby guaranteeing the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
We inform you that data processing is based on the provisions contained in art. 6, paragraph 1, lett. a) EU Reg. no. 679/2016, and the User is at liberty to provide his information, by sending it to the Data Controller via the addresses found on the website (www.clal.it, news.clal.it and teseo.clal.it) and on CLAL and TESEO apps, and/or filling in the specific information collection forms found on the sites and apps; in the latter case, failure to confer certain data could, in some circumstances, make it impossible for the activities requested by the User to be dealt with (for example, see “mandatory fields” marked <<*>> on the information collection forms).

In accordance with art. 28 of EU Reg. no. 679/2016, the Data Controller may use third parties to process data on its behalf, formally appointed as data processors.
In accordance with art. 29 of EU Reg. no. 679/2016, the Data Controller may benefit from the services of anyone who has been authorised by it and/or by the appointed data processor; these subjects will be instructed accordingly.

The Data Controller has not appointed the D.P.O. (art. 37 EU Reg. no. 679/2016 and WP Guidelines, article 29 dated 13.12.2016), as this figure is not required within the structure, seeing that the characteristics of the processing operations in question are not covered by any of the situations envisaged in article 37.

The Data Controller also informs you that:

  • the data subject is entitled to obtain from the Data Controller access to his personal data, their rectification or erasure or the restriction of processing operations regarding him or to object to such processing and he also has the right to portability of the data (art. 15, art. 16, art. 17, art. 18, art. 20 EU Reg. no. 679/2016); by exercising the right of access, the data subject is entitled to obtain confirmation from the data controller as to whether or not his or her personal data are being processed, whilst the right to data portability entitles the data subject to request personal data in a structured, commonly used and machine-readable format, or to transmit those data from the original data controller to another (see WP 242 dated 13.12.2016);
  • the data subject is entitled, when data are processed in the manner envisaged in article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a), to withdraw his consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
  • the data subject is entitled to make a claim to a supervisory authority;
  • the data subject is entitled to be informed, by the Data Controller, who is obliged to take the necessary measures without undue delay, of any personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons (art. 34 UE Reg. no. 679/2016).

The full text of the articles from EU Reg. no. 679/2016 relating to your rights (articles 15 to 22 inclusive) can be consulted at any time at the following link found on the website of the Italian Data Protection Supervisor:

www.garanteprivacy.it

or, alternatively, you can ask for a copy from the Data Controller, sending a message to the addresses indicated above.

Cookies

The www.clal.it, news.clal.it and teseo.clal.it websites use technical and profiling cookies, including third party cookies, to optimise the user’s navigation experience and to handle the services offered by the sites as efficiently as possible, in keeping with your preferences. To find out more or to withhold your consent to all or certain cookies, consult the full privacy statement, clicking HERE.

The Data Controller

The Data Controller is the company CLAL S.r.l., with registered office in (41121) Modena, at Viale Caduti in Guerra, 1, tel. 059/214171, , -

Modifications to the Document

The Data Controller reserves the right to modify this Privacy & Cookies Policy, at any time, notifying the Users on this page. We therefore invite Users to consult this page regularly, taking note of the date of the latest revision stated at the foot.
Whenever revisions or modifications are made to this document, Users must be permitted to comprehend and assess the changes made, by comparing the various versions of the statement that progressively replace each other, as it will always be possible for Users to consult previous versions of the document on the website.
If the User does not accept the modifications made to this privacy notice, he must cease to use these websites and apps and to request the erasure of his personal data by the Data Controller, giving the Data Controller specific notice, at the addresses indicated above.
Unless otherwise specified, this Privacy & Cookies Policy will continue to apply to personal data collected up to that time.
If Users have any questions, comments or requests connected with this privacy notice, they are invited to contact us at the following address:

In any event, we invite Users to report any difficulties they may encounter in viewing this Privacy & Cookies Policy, so that alternative informative methods can be put forward, if necessary.

Previous version of document (until May 2018)

LINK

 

Last revised in November 2019

RIGHTS OF THE DATA SUBJECT
EU Reg. no. 679/2016

Article 15 - Right of access by the data subject (C63, C64)

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    1. the purposes of the processing;
    2. the categories of personal data concerned;
    3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    6. the right to lodge a complaint with a supervisory authority;
    7. where the personal data are not collected from the data subject, any available information as to their source;
    8. the existence of automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Article 16 - Right to rectification (C65)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Article 17 - Right to erasure («right to be forgotten») (C65, C66)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6 paragraph 1, or point (a) of Article 9 paragraph 2, and where there is no other legal ground for the processing;
    3. the data subject objects to the processing pursuant to Article 21 paragraph 1 and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 paragraph 2;
    4. the personal data have been unlawfully processed;
    5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    6. the personal data have been collected in relation to the offer of information society services referred to in Article 8 paragraph 1.
  2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 paragraph 2 as well as Article 9 paragraph 3;
    4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 paragraph 1 in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    5. for the establishment, exercise or defence of legal claims.

Article 18 - Right to restriction of processing (C67)

  1. 1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
    1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
    2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
    4. the data subject has objected to processing pursuant to Article 21 paragraph 1 pending the verification whether the legitimate grounds of the controller override those of the data subject.
  2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing (C31)

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 paragraph 1 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

Article 20 - Right to data portability (C68)

  1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
    1. the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 or on a contract pursuant to point (b) of Article 6 paragraph 1; and
    2. the processing is carried out by automated means.
  2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Article 21 - Right to object (C69, C70)

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 paragraph 1, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Article 22 - Automated individual decision-making relating to natural persons, including profiling (C71, C72)

  1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  2. Paragraph 1 shall not apply if the decision:
    1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
    2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
    3. is based on the data subject's explicit consent.
  3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
  4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9 paragraph 1, unless point (a) or (g) of Article 9 paragraph 2 applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

Article 34 - Communication of a personal data breach to the data subject (C68-C88)

  1. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
  2. The communication to the data subject referred to in paragraph 1 of this Article shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33 paragraph 3.
  3. The communication to the data subject referred to in paragraph 1 shall not be required if any of the following conditions are met:
    1. the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
    2. the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to in paragraph 1 is no longer likely to materialise;
    3. it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
  4. If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions referred to in paragraph 3 are met.