Mod. ICONT – Updated 04/2025

Privacy Policy for the Processing of Personal Data
Pursuant to Article 13 of the EUROPEAN REGULATION No. 679/2016 (GDPR)
Dear Data Subject,
Macelleria Coppiello Giovanni Srl, as the Data Controller pursuant to Article 13 of the European Regulation No. 679/2016 "General Data Protection Regulation (GDPR)" (hereinafter referred to as the EU Regulation), informs you about the processing of your personal data.

According to this regulation, anyone who processes personal data must inform the data subject about the data being processed and the key elements of the processing, which must be carried out lawfully, fairly, and transparently, ensuring confidentiality and protection of the data subject’s rights.

Processing of data means any operation or set of operations performed on personal data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure or destruction.
1. Data Controller
The Data Controller is Macelleria Coppiello Giovanni Srl, based at Via Barbarigo, 16 – 35010 Vigonza (PD), Italy, Tax Code and VAT No. 02002160287. You can contact the Data Controller by phone at +39 049 725596 or by email at amministrazione@coppiello.it.
2. Nature of Data, Purpose and Legal Basis of Processing
Nature of data processed: Only 'common personal data' will be processed, such as company identification data (e.g., name, surname, email, etc.).

Purposes of processing:
A. Respond to your requests through voluntary completion of the contact form on this website;
B. Fulfill legal obligations;
C. Marketing: send you advertising material, direct sales communications, conduct market research and commercial/promotional messages.

Legal basis: For purposes A and B, processing is lawful based on pre-contractual or contractual obligations (Art. 6, para.1, letter b) or legal obligations (Art. 6, para.1, letter c).

For purpose C (marketing), data will be processed only with your explicit, specific, separate, informed, and voluntary consent (Art. 6, para.1, letter a of the GDPR).

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7, para.3 GDPR).

Under Article 21 of the GDPR, the data subject has the right to object at any time to the processing of personal data for direct marketing purposes (including profiling). If you object, your personal data can no longer be processed for these purposes.

**Clarification:** If you consent to point 2C (marketing), please note that the purposes are specifically commercial, advertising, and promotional, including:
1. Sending promotional newsletters and information;
2. Sending commercial messages via mail, email, phone (calls, WhatsApp, SMS, MMS), fax, and other digital channels (e.g., websites, mobile apps);
3. Sending invitations to events and promotional meetings;
4. Sending updates about promotions, technical news, training or support services, and satisfaction surveys.
3. Data Recipients and Processing Methods. Automated Decision-Making and Profiling
Your personal data will be processed fairly, lawfully, and transparently using paper and electronic tools by the authorized staff of the Data Controller or by external entities appointed as Data Processors under Article 28 of the GDPR. These entities will operate under our instructions, ensuring confidentiality and data security, adopting appropriate measures to prevent data loss, unlawful or incorrect use, and unauthorized access.

For brevity, a detailed list of such parties is available at the Data Controller’s office.

Your data will not be disclosed or transferred to third countries or international organizations, nor shared with third parties unless required by law or contract.

According to Articles 13(2)(f) and 14(2)(g) of the GDPR, we inform you that no automated decision-making systems, including profiling, are currently used.
4. Data Retention Period
Your personal data will be stored no longer than necessary to achieve the purposes for which they are processed, in compliance with the data minimization principle under the GDPR. Data may be retained to comply with legal or contractual obligations or until consent is withdrawn by the data subject.

- For purposes 2A and 2B, data will be kept only as long as necessary for those purposes or to fulfill legal/contractual obligations;
- For purpose 2C (marketing), data will be stored for no longer than 24 months from the date of collection.

An annual review will be carried out to assess whether data can be deleted if no longer needed.
5. Data Access (Categories of Recipients)
We also inform you that the collected data will never be disseminated and will not be communicated without your explicit consent, except for necessary communications to public authorities, consultants, or other entities to comply with legal and tax obligations or authorized purposes.

Pursuant to Article 13(1)(e) of the GDPR, we provide the following categories of subjects who may access the data as data processors or authorized persons:
- Members, employees, collaborators, and suppliers of the Data Controller, both in Italy and abroad, acting as authorized users or Data Processors (e.g., commercial, technical, administrative, legal offices; system administrators; external professionals; service providers, etc.);
- External entities responsible for handling user-related activities on behalf of the Data Controller, appointed as Data Processors under Article 28 of the GDPR.

A detailed list of such parties is available at our office.
6 & 7. Data Communication and Transfer
Without the need for your explicit consent (Article 6(1)(b), (c), and (f) of the GDPR), your data may be shared for purposes 2A and 2B with supervisory bodies, judicial authorities, or others where legally required. These entities will process the data as independent controllers.

Personal data are stored on devices located at the Data Controller’s premises or with providers within the European Union. Your data will not be disseminated.

To ensure security, we only use providers offering appropriate technical and organizational safeguards in compliance with GDPR requirements.
8. Consequences of Failure to Provide Data
The personal data referred to in points 2A and 2B are necessary. Without them, we cannot proceed or fulfill legal or contractual obligations.

The data under point 2C (marketing) are optional. Refusal to provide them will have no consequences and will not affect your registration or our ability to fulfill contractual/legal obligations. You may also withdraw your consent at any time without affecting the lawfulness of prior processing.
9. Rights of the Data Subject
As the data subject, you have the following rights under Articles 15 to 22 of the GDPR:
- Right of access: obtain confirmation as to whether personal data concerning you is being processed and access such data;
- Right to be informed about processing purposes, data categories, recipients, storage periods, and data sources if not collected directly;
- Right to rectification of inaccurate data;
- Right to erasure (‘right to be forgotten’);
- Right to restriction of processing;
- Right to data portability;
- Right to object to processing, especially for direct marketing purposes including profiling;
- Right to be informed of the existence of automated decision-making including profiling, and to object;
- Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal;
- Right to lodge a complaint with a supervisory authority (Garante per la Protezione dei Dati Personali).

Note: Some rights may not apply in all cases and depend on the context. For instance, the data controller may lawfully continue processing despite an objection if there are overriding legitimate grounds.
10. Exercising Your Rights
You may exercise your rights at any time, clearly and explicitly, by:
- Sending a registered letter with return receipt to the Data Controller;
- Sending an email to: amministrazione@coppiello.it;
- Or by calling +39 049 725596.
11. Minors
The services and activities provided by the Data Controller are not intended for minors. If personal data of minors are unintentionally collected, they will be deleted promptly upon request or notification.
12. Authorized Staff and Data Processors
In compliance with legal obligations and our commitment to transparency, we inform you that:
- An updated list of authorized personnel is available at the Data Controller’s office;
- A detailed list of Data Processors is also available and can be consulted at our headquarters.