Privacy Policy

CECAL S.R.L. - PRIVACY POLICY AND PROTECTION OF PERSONAL DATA WITHIN THE MEANING OF ART. 13-14 OF EU REGULATION N. 2016/679 (GDPR)CECAL SRL, VAT 06194790827, Serre district of Forche, snc, 90027, Petralia Sottana (PA), (hereinafter also referred to as "CECAL"), as Data Controller, pursuant to and for the purposes of 'art. 13 D.lgs. 30.6.2003 n. 196 (hereinafter, "Privacy Code") and articles 13-14 EU Regulation n. 2016/679 (hereinafter, "GDPR"), informs you, in your capacity as an interested party (as defined in Article 4 of the Privacy Code and article 4 of the GDPR), that your personal data will be processed in the full compliance with current legislation on the protection of personal data and with the implementation of all security measures, technical and organizational, deemed appropriate for the protection of the aforementioned data.


The data subject of this processing are common, personal and identifying data, such as name, surname, e-mail address, home / residence address, telephone number, profession.For a better understanding, please note that personal data are defined by European legislation in force as "any information concerning an identified or identifiable natural person (" concerned "); an identifiable natural person can be identified, either directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social ".


The processing of your data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and specifically, by way of example: collection, registration, organization, structuring, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison, interconnection, limitation , cancellation, destruction.


The processing of data is aimed solely at carrying out our business to you and to fulfill contractual and legal obligations.As a rule, geo-location or connection data are not collected or processed.Should the said purposes change, it will be the responsibility of the data controller to immediately inform the data subject before proceeding to further processing them.In particular, your data will be processed:to. without your express consent (Article 24 of the Privacy Code and Article 6 of the GDPR) - since the processing in question is necessary to be able to respond to your express request - for the following purposes:fulfill the order requests you have made;allow and manage your order through the websites and;management and processing of statistical surveys on the use of the sites and; maintenance and technical assistance necessary to ensure the correct operation of the sites and services connected to them;improvement of the quality and structure of the sites and, as well as to create new services, features and / or characteristics of the same;process an eventual contact request forwarded by the user by filling in the appropriate form or by email;allow the Owner to exercise his rights in court and repress unlawful conduct;fulfill the obligations of law or regulation.b. Only upon your informed, specific and distinct consent (articles 23 and 130 of the Privacy Code and articles 6 and 7 of the GDPR) - because to carry out the treatment in question it is necessary to acquire your consent - for the following purposes:(i) profiling activities, such as the analysis of consumption habits and choices, mainly dealing with: data entered during registration, data supplied by you during surveys and market research;(ii) send information and promotional communications, including commercial, newsletters, advertising material and / or offers of products and services, including personalized ones, and perform statistical and / or market studies and research using traditional methods of contact (paper mail, calls by operator) that automate (e-mail, fax, sms, mms, call without operator) from Italy or from abroad (also from countries not belonging to the European Community) by CECAL;(iii) send information and promotional communications, including commercial, newsletters, advertising material and / or offers of products and services, including personalized ones, and perform statistical and / or market studies and research using traditional methods of contact (paper mail, calls by operator) that automate (e-mail, fax, sms, MMS, call without operator) from Italy or abroad (also from countries not belonging to the European Union) by entities contractually linked to CECAL that manage the distribution and the sale of its products and services.


The provision of data for the purposes referred to in lett. a) it is necessary; failure to provide the data will prevent the Data Controller from performing the activity requested by the user.The conferment of data and the relative consent to the processing of the same for the purposes referred to in lett. b), points (i), (ii) and (iii), of the previous art. 3 is optional.However, your possible refusal and / or the provision of incorrect and / or incomplete information could prevent the development of profiles, the analysis of your preferences and also prevent the performance of the c.d. marketing activities including the carrying out of studies and statistical and / or market research. Indeed, failure to provide consent, although it will allow the Data Controller to perform the requested activity in the same way, will prevent the latter from identifying the services that are compliant and best suited to your needs.In case of consent, you have the right to revoke it at any time. We remind you that the withdrawal of consent, pursuant to and by effect of art. 7 of the GDPR, can not prejudice the lawfulness of the treatment based on the consent given by you before the revocation.The optional, explicit and voluntary sending of e-mails to the addresses indicated on the websites and, as well as the completion of the forms for sending specific requests involve the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message or form.


Your personal data will be processed using appropriate electronic and / or telematic and / or analogical instruments with logic strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data and with strictly related logics. to the indicated purposes.In fact, the data are mainly processed with electronic and IT tools and stored both on computer media and on paper and on any other type of suitable support, in compliance with the methods set out in Articles. 6, 32 of the GDPR and through the adoption of appropriate security measures designed to prevent data loss, illicit or incorrect use and unauthorized access.CECAL informs the interested parties that any type of automated decision-making process will not be used, meaning "automated decision-making" as provided for by art. 22 of the GDPR, or "a decision based solely on automated processing, including profiling, which produces legal effects that affect it or that significantly affects its person".


The data held by the Data Controller is stored inside computers and archives, accessible only to the Data Controller, protected by access passwords, mechanical locking mechanisms, by external anti-virus and anti-intrusion systems.Any other external systems will further guarantee data retention according to current regulations.At the end of the retention period, the data will be deleted and deleted from any paper and / or IT support in a secure manner and in full compliance with the regulations in force from time to time on personal data protection or will be made anonymous by CECAL for the sole purpose to carry out statistical and / or historical analysis, therefore without any possibility for CECAL and / or third parties to identify data subjects.In accordance with the provisions of art. 5.1 (c) of the Regulations, the information systems and computer programs used by CECAL are configured in such a way as to minimize the use of personal and identifying data; these data are processed only to the extent necessary to achieve the purposes indicated in this statement; the data will be kept for the period of time strictly necessary to achieve the objectives pursued in practice and in any case, the criterion used to determine the retention period is based on compliance with the terms permitted by applicable laws and the principles of minimization of treatment, limitation of conservation and rational management of archives.


undertakes to take all reasonable and reasonable measures to protect any personal information stored from unauthorized use, loss or unauthorized access. To this end, a series of specific technical and organizational measures have been implemented; measures are included to deal with any suspected data breaches.


The data may be made accessible only for the purposes mentioned above to the following subjects:- Data controller in its capacity as responsible / authorized and / or internal manager of the processing and / or system administrator and any additional internal / authorized agents specifically indicated by the Data Controller;- CECAL suppliers who provide services that are connected and functional to the aforementioned purposes. These subjects operate under specific agreements for the processing of data, signed with CECAL pursuant to and for the purposes of art. 29 of the Privacy Code and art. 28 of the GDPR;- CECAL consultants who provide assistance in relation to legal, tax, accounting and organizational aspects. These subjects operate under specific agreements for the processing of data, signed with CECAL pursuant to and for the purposes of art. 29 of the Privacy Code and art. 28 of the GDPR;- third-party companies or other entities that carry out outsourced activities on behalf of the Data Controller (eg email service provider, web agency, advertising agency, webmaster) in their capacity as external data processors pursuant to article 29 of the Code of personal data protection.


The Data Controller processes personal data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.The Data Controller may communicate the data to Supervisory Bodies and / or to Judicial Authorities as well as to all other subjects to whom the communication is mandatory by law for the accomplishment of said purposes. Your data will not be otherwise disseminated and / or disclosed.


The personal data provided may be used only to allow the sending of communications related to the requested service, by e-mail or telephone for initiatives and / or services offered by the site and / or, in the case of specific consent, newsletters containing in-depth information to the main topics related to the services offered.In any case it is understood that a subsequent and possible transfer of data outside the European Union will take place in accordance with the applicable legal provisions - including articles 44, 45 and 46 of the GDPR - as well as the adequacy decisions adopted by the European Commission and also if necessary and in the absence of adequacy decisions, stipulating agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission.With regard to any subsequent transfer of data to companies in the United States, the same will apply to those companies that have joined the so-called "Privacy Shield", in compliance with the decision of the European Commission that has recognized the Agreement called " EU-US Privacy Shield "an adequate level of protection of personal data transferred from the European Union to organizations resident in the United States that self-certify in the system and the subsequent Authorization to transfer data abroad through the agreement called" EU-US Privacy Shield "adopted by the Italian Data Protection Authority on 27 October 2016.Personal data collected through the websites and, may be transferred outside the national territory, solely and exclusively for the execution of the services requested through the same and in compliance with the specific provisions of the Regulation.


The computer systems and the technical and software procedures underlying the operation of the sites and, acquire, during their normal operation, some personal data whose transmission is implicit in the access and operation mechanisms and protocols in use on the Internet.Every time the user connects to the sites and and every time he calls or requests a content, the access data is stored in our systems, in the form of tabular or linear data files.This data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the site. In fact, the computer systems, cookie technology and software procedures used to operate the website acquire, during their normal operation, some data whose transmission is implicit in the use of the Internet. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified as navigators. This category of data includes, for example, the IP addresses or the domain names of the computers used by the users connecting to the site, the pages visited by users within the site, the domain names and the addresses of the websites which the user has accessed the site, the addresses in the notation URI (Uniform Resource Identifier) ​​of the requested resources, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response , the numerical code indicating the status of the response given by the web server, and other parameters related to the type of browser (eg Internet Explorer, Chrome, Firefox ...), operating system (eg Macintosh, Windows) and the computer environment user.At the request of the Authority, the data could be used to ascertain responsibility in the event of hypothetical computer crimes against the sites and or its users .


To improve navigation on the sites and, the owner uses so-called cookies, small text files, generally consisting of letters and numbers, which are stored by the browser users' web on their PC and contain pseudo-anonymized data. Cookies allow a site to recognize users' computers to track visits to multiple pages and identify users who return. There are cookies for technical, analytical and profiling purposes. Cookies are designed to speed up the analysis of traffic on the Internet, facilitate users access to the services offered by the site and provide useful and relevant advertising to visitors. With the use of cookies, personal data are not transmitted or acquired and users' tracking systems are not used. If you do not want the information provided to be collected through the use of cookies, you can implement a simple procedure in your browser that allows you to refuse the function of cookies.The information relating to the offers entered in the sites and will be visible in the searches made in the internal search engine and could be made available to third party search engines as the site allows the indexing of its contents.When using the sites and with the function of detecting the active position, these may collect and process information on the current position of the user. This data is processed anonymously, in a format that does not allow the user to be personally identified.Location services can be activated or deactivated by the user at any time by accessing the settings of their device.


Please note that if the sites and should contain links that refer to websites of third parties, the Data Controller may not exercise any control over the content of such websites or access to the personal data of the visitors of the same.The owners of the aforementioned websites will therefore remain the sole and exclusive owners and controllers of the personal data processing of their users, remaining, the Data Controller, unrelated to this activity as well as any liability, prejudice, cost, which may derive from his failure or incorrect completion.


In your capacity as an interested party, you are entitled to the rights set forth in art. 7 of the Privacy Code and articles 13 and following. of the GDPR, indeed:to. pursuant to and for the purposes of art. 7 of the Privacy Code, the right to obtain confirmation of the existence or not of personal data concerning you and their communication in intelligible form (eg: by electronic or paper copy);b. pursuant to and for the purposes of art. 7 of the Privacy Code, the right to obtain the indication: i) of the categories of data in question; ii) the origin of personal data, the purposes and methods of processing and the retention period or, if not possible, of the criteria used to determine the period; iii) the logic applied in case of treatment carried out with the aid of electronic instruments; iv) of the identification details of the Data Controller, of the data processors and of the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; v) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;c. pursuant to and for the purposes of art. 7 of the Privacy Code, the right to obtain: i) updating, rectification or integration of data; ii) cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; ii) the attestation that the operations referred to in points i) and ii) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment it proves impossible or involves a use of means manifestly disproportionate to the protected right; d. pursuant to and for the purposes of art. 7 of the Privacy Code, the right to object in whole or in part: i) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; ii) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point ii), for direct marketing purposes through automated methods extends to the traditional ones and that in any case the possibility remains open to the interested party to exercise the right of opposition also only partially. Therefore, the interested party may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication;is. pursuant to and for the purposes of art. art. 13 of the GDPR, the right to propose a complaint to a competent authority;f. pursuant to and for the purposes of art. 15 of the GDPR, the right of access to information related to the processing of data, including: the purposes of the processing; the types of personal data processed; the expected time to store personal data or, if not available, the criteria used to determine it; the recipients or categories to which the data were or will be communicated; any transfer of data to third countries; if the data were not collected from the interested party, the information of origin available; the existence of an automated decision-making process, logic applied to the segmentation of users for profiling activities and the importance of such processing for the data subject. g. pursuant to and for the purposes of art. 16 of the GDPR, the right to obtain the correction of inaccurate data and the integration of incomplete data; h. pursuant to and for the purposes of art. 17 of the GDPR, the right to request cancellation and obtain it if there are certain reasons, among which: the data are not necessary in relation to the purposes for which they were collected; personal data has been unlawfully processed; personal data must be deleted as a consequence of a legal obligation established by the law of the European Union or the Member States and which applies to the data controller; the interested party has revoked the consent This right will not be exercisable in case the data are necessary for the management of complaints. the. pursuant to and for the purposes of art. 18 of the GDPR, the right to obtain the limitation of treatment in the case of certain situations, including: the personal data available to CECAL are inaccurate; the interested party does not agree with the use of their data but opposes their cancellation and therefore requires a limitation of their use; CECAL does not need to keep the data but the data subject needs it for any complaints. In case of request for limitation, the data will be processed, except for their conservation, only for certain reasons, including: complaints by the interested party; express consent of the interested party; protection of the rights of other natural or legal persons or for reasons of public interest at the level of the European Union or of a certain Member State. j. pursuant to and for the purposes of art. 20 of the GDPR, the right to receive their data in a structured format, in common and legible and to transmit them to another data controller in the cases provided for by the aforementioned law.
k. pursuant to and for the purposes of art. 21 of the GDPR, the right to object - at any time and for reasons connected to its particular situation - to the processing of personal data, including the processing of data for profiling and direct marketing purposes. In this case CECAL will refrain from further processing the data, subject to the exceptions provided for by the aforementioned legislation.


By filling in the contact form with their data, the user consents to their use to respond to requests for information, quotes, or any other kind indicated by the form header.
Personal data collected: surname, email, telephone number, and various types of data as specified in this statement.


Users who have provided their telephone number may be contacted to provide more information on the requested service or, as a result of consent, for commercial or promotional purposes related to this activity, as well as to satisfy requests for support.


The data controller is CECAL S.R.L., with registered office in Contrada Serre di Forche, s.n.c. - 90027 Petralia Sottana (PA) - in the person of the legal representative pro tempore, Calderaro Leonardo.
The data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located.


To exercise the rights referred to in the previous art. 11), can write to the attention of the Data Controller at the following addresses: CECAL S.R.L., Contrada Serre di Forche, s.n.c. - 90027 Petralia Sottana (PA) - E-mail: - ​​Fax. +39 0921.681059.
The interested party has the right to lodge a complaint with the Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).


Please note that this information will be subject to periodic updates.


This information was updated on 04/10/2018.​