Information on the processing of personal data

Icat Food website

This policy describes the characteristics of the processing of personal data collected through the website http://www.icatfood.it/(the “Website”).

1. Data Controller
The Controller of the processing of users’ personal data collected through the Website (the “Data”) is ICAT Food S.p.A., with registered office in Genoa, Via Palestro 2/5, tax code and VAT number 08860490153 (hereinafter the “Controller”, “ICAT” or the “Company”).

2. Data collection
Data that you provide
Certain areas of the Website require you to communicate your personal data: this is the case, more specifically, of the Website’s “Contacts” section. The provision of such Data (such as, by way of example, identification and contact data, such as your name and surname and your e-mail address) is on a voluntary basis: if you do not wish to provide such Data, you will still be allowed to browse the Website without benefiting from the respective functions.
We invite you not to communicate personal data of third parties to the Data Controller, unless it is necessary (for example, in the case that you do not have your own e-mail address and do not have any other direct contact details): in this case, we remind you that it is your responsibility to fulfil the legal requirements regarding the protection of personal data and, more specifically, to inform third parties of the disclosure of their data.
Data collected automatically by the Website
Whenever you access the Website, our systems automatically record and analyse your access data (such as your provider’s IP address, information on the browser used, pages visited, the website from which you visit us, date, time and duration of each visit). The recorded information does not require any action on your part.

3. Purpose, compulsory nature of provision, legal basis for processing and Data retention period
The Data Controller processes the Data in strict compliance with the applicable data protection legislation and the instructions of the Personal Data Protection Authority.
Responses to contact request
The Data provided by sending a request in the “Contacts” section will be processed in order to allow you to benefit from this service and, therefore, to reply to the requests submitted and, if necessary, to provide you with the assistance requested. The provision of data is required: refusal will make it impossible for the Data Controller to contact you and respond to your request.
This processing has its legal basis in the execution of pre-contractual provisions adopted at the request of the interested party and, more specifically, from the need to follow up a specific request received from said party.
The Data will be stored and processed for up to 12 months from receipt of the last contact request.
Request to receive the newsletter
The Data communicated in the “Contacts” section may also be processed in order to allow you to benefit from the newsletter service and, therefore, to receive the newsletter (which will be sent by e-mail).
The provision of Data for this purpose is optional and entirely at your discretion: however, your refusal will make it impossible for the Data Controller to send you the newsletter.
This processing has its legal basis in the prior consent of the person concerned. You may revoke your consent at any time, by following the procedure indicated in each newsletter or by sending a specific communication to the Data Controller, at the addresses indicated in the section “Your rights”, expressing your wish to unsubscribe from the newsletter service and to delete the Data held by the Data Controller. Withdrawal of consent shall not affect the lawfulness of the processing performed on the basis of the consent given before revocation.
The Data will be stored and processed for up to 24 months after subscription. With one month’s notice, we will ask you whether you wish to continue to receive the newsletter: in case of refusal, the Data will be deleted; in case of consent, it will be kept and processed for an additional period of 24 months.
Compliance with legal obligations and judicial protection
Data may also be processed by the Data Controller in order to fulfil obligations specified by regulations and applicable national and supranational legislation and, if necessary, to ascertain, exercise or defend the Data Controller’s rights in court. The provision of Data, for both purposes, is necessary. The legal basis is, on the one hand, the fulfilment of a legal obligation to which the Controller is subject and, on the other hand, the Controller’s legitimate interest to ascertain, exercise or defend its rights in court. The data will be processed, in the first case, for the duration specified by law (10 years in the case of administrative-accounting fulfilment) and, in the second case, for the entire duration of the legal dispute, until the time limit for appeals has expired.

4. Recipients of the Data
Your Data, in relation to the purposes specified above, will be processed by the Data Controller’s employees, specifically designated as persons authorised to process the Data (such as, by way of example, the persons in charge of the marketing department).

Furthermore, the Data may be communicated to third parties where necessary for the establishment, management, implementation and/or conclusion of the contractual relationship with the Controller. In this case, the third-party recipients of the Data – autonomous data controllers or duly designated as data processors – belong to the following categories:

• external subjects operating as autonomous data controllers such as, by way of example, Authorities and supervisory and control organisations and, in general, to subjects, including private subjects, legitimately entitled to request the data (such as, for example, accounting consultants, legal consultants), Public Authorities that expressly request the data for administrative or institutional purposes, in accordance with the provisions of current national and European regulations;
• parties external to the Company who provide services to said Company and who are relevant to its activities (for example: suppliers of IT services for the management of databases, including those for contacts and e-mails, providers of digital services, and IT consultants who provide technical assistance to the Company, third-party suppliers of web hosting services); these parties have been specifically appointed as data processors and their names are available upon request addressed to the Data Controller.

The full list of data processors is available upon request directed to the addresses shown below in the section “Your Rights”.

5. Place of processing
The Data Controller will not transfer the Data covered by this processing outside the European Union. Should such transfers be deemed necessary, for example in order to store the Data on servers and/or archives located outside the European Union, the Data Controller assures as of now that such operation will take place exclusively with entities established in countries offering a level of protection analogous to that guaranteed within the European Union, or subject to verification of the Standard Contractual Clauses approved by the European Commission pursuant to Art. 46, paragraph 2, letters c) and (d) of the GDPR or of the binding rules for the company referred to in Article 47 of the GDPR or, failing that, by virtue of one of the exceptional measures referred to in Article 49 of the GDPR.

6. Your rights
At any time, you, as a data subject, pursuant to Articles 15-22 of the GDPR, may:

• a) obtain access to the Data;
• b) obtain rectification or erasure or, where applicable, restriction of processing;
• c) exercise the right to object to the processing;
• d) where applicable, receive, in a structured, commonly-used and machine-readable format, the Data provided to the Controller, as well as transmit such Data to another data controller without hindrance from the Controller (the so-called right to data portability);
• e) lodge a complaint with the Data Protection Authority.

The rights listed in points a) – d) may be exercised at any time, by simple request to the Data Controller, to be sent:

• by e-mail, to the address: icatfood@icatfood.it ; or
• by ordinary mail, to the address: Via Palestro 2/5 – 16122 Genova, to the attention of the Privacy Processing Office.

Information updated on 09/06/2021.

In Italy, Icat Food distributes carefully-selected top-quality brands from all over the world.