Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS WHO CONSULT THE SITE
pursuant to art. 13 of Regulation (EU) 2016/679 ("GDPR")

VERONESI HOLDING S.p.A. (VAT number 02429770239- Tax code: 04729010019), in the person of its
pro tempore legal representative, with registered office in Quinto di Valpantena (VR) - Via Valpantena
18/g, as data controller personal pursuant to art. 4. par. 1 of the GDPR ("Owner") is constantly
committed to protecting the online privacy of its users, protecting their personal data and describing,
on this page, what information can be collected and how it can be used through its accessible website
electronically at the following address: https://www.gruppoveronesi.it/ ("Site").
1) Source of personal data and Data Controller
This page describes the general methods of processing the personal data of users of the Data
Controller's Site, referring to any sections, if any, where the user can find specific information and any
requests for consent (for individual treatments), which they can also be contextual to the user's
personal data collection forms (eg: "contact request" section).
This information does not concern other sites, pages or online services accessible via hypertext links
that may be published on the Site but referring to resources external to the aforementioned domains.
Following consultation of the Site, data relating to identified or identifiable natural persons may be
processed.
2) Processing methods
The information and data provided by the user or otherwise acquired as part of the use of the Site
will be processed in compliance with the provisions of the GDPR and the confidentiality obligations
that inspire the activity of the Owner. According to the GDPR, the treatments described in this
document will be based on the principles of lawfulness, correctness, transparency, purpose limitation
and retention, data minimization, accuracy, integrity and confidentiality.
3) Types of data
Following browsing on the Site, the user is informed that the Data Controller will process the
following types of personal data ("Personal Data"):
(i) Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal
operation, some Personal Data whose transmission is implicit in the use of Internet communication
protocols. This is information that is not collected to be associated with identified interested parties,
but which by their very nature could, through processing and association with data held by third
parties, allow users to be identified. This category of data includes the IP addresses or domain names
of the computers used by users who connect to the Site, the addresses in Uniform Resource Identifier
(URI) notation of the requested resources, the time of the request, the method used to submit the
request to the server, the size of the file obtained in response, the numerical code indicating the
status of the response given by the server (eg: successful, error, etc.) and other parameters relating
to the operating system and the user's IT environment. These data are used for the sole purpose of
obtaining anonymous statistical information on the use of the Site and to check its correct functioning
[see below paragraph (iii) on cookies], to identify anomalies and / or abuses, and are deleted
immediately after the 'processing. The data could be used by the competent authorities to ascertain
responsibility in the event of hypothetical computer crimes against the Site.
(ii) Data provided voluntarily by the interested party

Apart from what is specified for navigation data, the user is free to provide the Personal Data
contained in any contact forms present on the Site (eg: to send a request for information, etc.).
Failure to provide them could make it impossible to provide the service. In these cases, only the
information necessary for the requested service will be collected (see the specific information in
detail). If the user provides or otherwise processes the Personal Data of third parties in the use of the
Site, he / she guarantees from now - assuming all related responsibility - that this particular
hypothesis of treatment is based on an appropriate legal basis pursuant to art. 6 of the GDPR which
legitimizes the processing of the information in question.
(iii) Cookies and other tracking systems
Cookies are small text files that the sites visited by the user send and record on their computer or
mobile device, to be then re-transmitted to the same sites on the next visit. Thanks to cookies, a site
remembers the user's actions and preferences (such as , for example, the login data, the chosen
language, the font size, other display settings, etc.) so that they do not have to be indicated again
when the user returns to visit said site or browse from a page to other of it.
Cookies, therefore, are used to perform computer authentication, session monitoring and storage of
information regarding the activities of users who access a site and may also contain a unique
identification code that allows you to keep track of the user's navigation within. of the site itself for
statistical or advertising purposes. While browsing a site, the user can also receive on his computer
cookies from sites or web servers other than the one he is visiting (so-called "third party" cookies).
Some operations could not be performed without the use of cookies, which in some cases are
therefore technically necessary for the site to function.
There are various types of cookies, depending on their characteristics and functions, and these can
remain on the user's computer for different periods of time: "Session cookies", which are
automatically deleted when the browser is closed; CD. "Persistent cookies", which remain on the
user's device until a pre-established expiry date. According to the legislation in force in Italy, the
user's express consent is not always required for the use of cookies. In particular, the so-called
"technical cookies", ie those used for the sole purpose of transmitting a communication over an
electronic communications network, or to the extent strictly necessary to provide a service explicitly
requested by the user. In other words, these are cookies that are essential for the functioning of the
site or necessary to perform activities requested by the user.
For more information on the cookies used on the Site and possibly manage in consent, where
required, the user is referred to the relevant cookie information retrievable on the site.
4) Purpose of the processing and legal bases
The processing of Personal Data has the purpose of allowing the user to browse the Site and the
provision by the Owner of any services, where provided; the legal basis of the processing is the
execution of pre-contractual measures adopted at the request of the interested party pursuant to art.
6, par. 1, lett. b) of the GDPR. The provision of Personal Data for these purposes is optional, but
failure to provide it would make it impossible to carry out the requested services.
It is specified that for some of the services on the Site the legal basis may be the specific consent of
the user pursuant to art. 6, par. 1, lett. a) of the GDPR. In such cases, the Site has user consent
collection features compliant with art. 7 of the GDPR, together with the specific information where
the distinct purposes of the processing are explained.
5) Recipients of Personal Data
The user's personal data may be shared, for the aforementioned purposes, with:
- persons authorized by the Data Controller to process Personal Data necessary to carry out
activities strictly related to the provision of services, who are committed to confidentiality or
have an adequate legal obligation of confidentiality (eg employees and system
administrators);
- third parties possibly involved in the management of the Site who typically act as Managers or
Sub-Managers of the processing of Personal Data;
- subjects, entities or authorities to whom it is mandatory to communicate the user's Personal
Data by virtue of the provisions of the law or orders of the authorities.

6) Transfers of Personal Data
Some of the user's Personal Data may be shared with recipients established outside the European
Economic Area. The Data Controller ensures that the processing of the user's Personal Data by the
Recipients referred to in the previous § 5) takes place in compliance with the GDPR. Indeed, transfers
can be based on an adequacy decision, on the Standard Contractual Clauses (SCC) approved by the
European Commission or on another suitable legal basis.
7) The privacy rights pursuant to art. 15 and ss. of the GDPR
Pursuant to articles 15 and following of the GDPR, the user has the right to ask the Data Controller, at
any time, to access his Personal Data, to rectify or delete them or to oppose their treatment, he has
the right to request the limitation of processing in the cases provided for by art. 18 of the GDPR, as
well as, in the cases provided for by art. 20 of the GDPR, to obtain their data in a structured format,
commonly used and readable by an automatic device.
Requests should be sent to the Data Controller at the following e-mail address:
privacy@gruppoveronesi.com.
The Data Protection Officer (DPO) can be contacted at the e-mail address: dpo@veronesi.it.
In any case, the user always has the right to lodge a complaint with the competent Supervisory
Authority (Guarantor for the Protection of Personal Data www.gpdp.it), pursuant to art. 77 of the
GDPR, if you believe that the processing of your Personal Data is contrary to the legislation in force.
8) Changes
This information on the processing of personal data of users who consult the site is in force from the
date of its publication on the site itself. The Owner reserves the right to modify or simply update its
content, in part or completely, also due to changes in the applicable legislation. The Owner will
inform the user of these changes as soon as they are introduced and they will be binding as soon as
they are published on the Site. The Owner therefore invites the user to regularly visit this section to
become aware of the most recent and updated version of this Information. to be always updated on
the data collected and on the use made by the Data Controller.