CONFIDENTIALITY NOTICE

The information contained in all emails belonging to GB, including any attachments, is confidential, proprietary, and/or legally privileged and is only for the exclusive use of the recipient. Any unauthorized partial or total use, reproduction, retransmission or dissemination is forbidden. If you are not the intended recipient of this email, you are notified that any dissemination, distribution, retransmission, copying or use of the information contained in or attached, is strictly prohibited. If you have received this email in error, please immediately notify the sender and delete the email and any attachments permanently, including any digital and/or printed versions.

PRIVACY POLICY

on the processing of personal data (“Data”) under the Italian Legislative Decree. no. 196/2003 (“Privacy Code”) and EU General Data Protection Regulation no. 2016/679 (“GDPR”).

Your personal data are important for us. This policy outlines which Data we collect and how we retain and process them.

1. Who is responsible for the processing of your Data?

The Controller of the processing under the Privacy Code and GDPR is BIMBO QSR ITALIA SRL (04337740379) with its legal office in Via Aldo Moro n. 25, Bomporto, Modena (MO), 41030, Italy, email contact: datospersonales@grupobimbo.com (hereinafter “BIMBO” or “Controller”).

Controller, notwithstanding its responsibility for the Data processed, may appoint sub-processors, that will implement all the organisational and technical measures necessary to process personal Data in a secure way and to comply with the provisions set in the GDPR.

In any case, the Controller ensures that its personnel engaged in the processing of personal data are informed of the confidential nature of the Data, and have received appropriate training on their responsibilities.

2. How and for what purpose do we process your personal Data?

In BIMBO we process your Data for the following purposes:

- attend and reply to your inquiries;

- inform you about our products, services, news, sweepstakes, contests and BIMBO events;

- manage your registration and participation in raffles, competitions or events that request to participate.

Automated decisions will not be made based on the information.

In the above mentioned cases, we confirm that we process non sensitive data, being the Data processed mainly customers’ name, last name, address, email and telephone number.

The legal basis for the processing of your Data is your express consent.

Only people over 14 years of age can give a valid consent.

You have the right to withdraw your consent at any time; however, the withdrawal of the consent may result in the impossibility to obtain the information and services required.

To revoke your consent, you can submit your request to the following email account: datospersonales@grupobimbo.com.

No other Data processing will be engaged unless a prior specific written consent is given by the interested person.

The Data processing is performed with computerized means with organisational methods and logic strictly related to the purposes mentioned in the above par. 2.

3. How long will we keep your information?

The personal Data provided will be kept for as long as necessary to fulfil the purposes described in this policy or until it is requested to be deleted or withdrawn by the interested party.

In any case we will keep your Data as long as it is needed to comply with legal obligations or for as long as it is considered necessary to demonstrate the correct performance of the activities requested (so called legitimate interest).

4. To whom are the contents of this web site addressed?

The forms contained in this website are not directed to people under 14 years old.

BIMBO is not responsible for cases in which minors have sent personal Data through it. In that case, whoever has parental authority and / or is the guardian or legal representative of the minor, may exercise the rights set forth in the corresponding paragraphs 7 and 8.

5. To which recipients will your personal information be communicated?

Your Data may only be communicated to the companies linked to BIMBO and only for the same purposes mentioned in the above par. 2.

BIMBO reserves the rights to disclose Data to third parties (such as Police and other Security and Judicial Authorities) if it is required to do so for safety or public order reasons or for the purpose of preventing serious criminal offence.

6. Where do we retain your Data?

Any Data kept and processed will be stored in a secure server placed in.....(Europe? Italy?).

Data collected by means of websites will be not retained by the website’s operator but they will be directly transferred to the Controller that will stored them in the server mentioned above.

BIMBO maintains appropriate technical and organizational measures designed to protect the security (including protection against unauthorized or unlawful processing and against accidental or unlawful data destruction, loss or alteration).

BIMBO guarantees that the technical and organisational measures meet the requirements of the GDPR and the Privacy Code.

7. What are your rights when you provide us with your data?

8. Exercise of rights

In order to exercise any of all of the rights listed in the previous paragraph 8, the interested person may contact BIMBO’s data protection department by sending an email to datospersonales@grupobimbo.com.

9.Data breach

Controller maintains security incident management policies and procedures and shall notify the interested person without undue delay after becoming aware of a Data breach or of an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to retained Data.

BIMBO shall make any reasonable effort in order to remedy the cause of the Data breach.

BIMBO will notify the competent Authority as soon as it becomes aware of any data breach and, in any case, no later than 72h from when it became aware of the breach, according with art. 33 GDPR.

10. Data Transfer

The EU Standard Contractual Clauses shall apply, to any transfers of personal Data from the European Union to countries which do not ensure an adequate level of data protection within the meaning of Privacy Code and GDPR to the extent that such transfers are subject to the recalled laws.