Collective catering

School, healthcare and company catering

Commercial catering

Customised catering formats and solutions

Welfare Services

Tailor-made solutions and welfare services for the well-being of your employees

Information on the processing of personal data pursuant to articles 13 and 14 of Regulation (EU) 2016/679

Data subjects concerned: Web users, newsletter.

CIRFOOD s.c. in its capacity as Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter the “GDPR”, hereby informs you that said regulation establishes measures to protect data subjects with regard to the processing of their personal data and that this processing is based on principles of fairness, lawfulness and transparency and on the protection of your confidentiality and rights.

Your personal data will be processed in accordance with provisions of the above regulation and with the confidentiality obligations therein.

Purposes and legal basis of the processing: in particular, your data will be used for the following purposes relative to carrying out measures connected with contractual or pre-contractual obligations:

  • Entry in the CRM/Company database.

Your personal data may also be used for the following purposes, if you give your consent:

  • Custom audience for advertising purposes on social platforms (only if included in consent to give online. If there is no specific request for consent, this purpose does not apply);
  • Request to receive the newsletter and signing up to the mailing list concerning direct marketing, the newsletter, the sending of promotional, commercial and advertising material or material concerning events and initiatives, also through inclusion in the company CRM of the Controller, in full compliance with principles of lawfulness and fairness and with legal provisions. If you consent, your email address will be used for advertising purposes on social platforms (Custom Audience). The Controller uses systems to send newsletters and promotional notices with reports, to review and, if applicable, improve the results of communications. Thanks to the reports, the Controller will be able to know, for example: the number of readers, openings, individual clickers and clicks; the devices (iPhone, Blackberry, Nokia...) and operating platforms (Windows, Apple, Linux, Android...) used to read the communication; details of the activities of individual users; details of the number of users who have not yet confirmed their registration; details of emails sent by date/hour/minute; details of emails delivered/undelivered and of emails forwarded; details of users unsubscribing from the newsletter; details of users who have opened an email or clicked on a single link; details of users with problems displaying the message; details of link tracking (i.e. the number of clicks on the message links) and click tracking (which links have been clicked and by who). All these data are used to review and, if applicable, improve the results of communications.

Giving your data is optional for the above purposes. If you do not consent to the processing of your data, this will not affect your status with CIR or the suitability of processing.

Processing procedure. Your personal data may be processed as follows:

  • data will be assigned to third parties for processing;
  • data will be collected electronically;
  • data will be processed by computer.

All processing is carried out in compliance with articles 6 and 32 of the GDPR and by adopting adequate security measures established. Your data will only be processed by personnel specifically authorised by the Controller and, in particular, by the following categories of operators:

Communication: Your data may be disclosed to external subjects for correct management of your status and in particular to the following categories of Recipients including all duly appointed Data Processors:

  • Cloud Providers;
  • Mail marketing service companies.

Dissemination: Your personal data will not be disseminated under any circumstances.

Period for storing data. In compliance with principles of lawfulness, purpose limitation and data minimisation, pursuant to article 5 of the GDPR, your personal data will be stored:

  • for no longer than is necessary for the purposes for which the data are collected and processed for contractual purposes;
  • for no longer than is necessary to perform the services provided.

Controller: in accordance with law, the Controller is CIRFOOD s.c. (via Nobel 19, 42124 Reggio Emilia (Reggio Emilia), Italy; e-mail:; telephone: +39 052253011 - VAT number: 00464110352) represented by the pro tempore legal representative.

You have the right to obtain from the Controller the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, and to oppose the processing of your personal data, and in general to exercise all rights referred to in articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.

You may also consult the updated version of this privacy notice at any time, at

The lawyer Silvia Stefanelli has been appointed Data Protection Officer (DPO) of CIRFOOD. via Azzo Gardino 8/a 40122 Bologna 051/520315


Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21 and 22 - Rights of the data subject

  1. The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her exist, even if not yet registered, to have the data notified to him/her in an intelligible form and to make claims to the supervisory authorities.
  2. The data subject has the right to obtain information on:
    • the origin of his/her personal data;
    • the purposes and procedures of the processing;
    • the logic involved in automatic processing;
    • details of the controller, processors and designated representative pursuant to article 5, paragraph 2;
    • the subjects or categories of subjects to whom the personal data may be disclosed or that may become aware of such data in a capacity as designed representative in the territory of the State, processors or persons in charge of processing.
  3. The data subject has the right to obtain:
    • the updating, rectification or, if applicable, completion of his/her data;
    • the erasure, anonymization or blocking of data processed in breach of the law, including data which do not need to be retained for the purposes for which the data were collected or subsequently processed;
    • certification that the activities as of letters a) and b) have been notified, also as regards their content, to subjects to whom the data in question were disclosed, except for cases where such an obligation is impossible or involves the use of resources that are disproportionate to the right protected;
    • the portability of data.
  4. The data subject has the right to wholly or partially object:  
    • to the processing of his/her personal data for legitimate reasons, even if the data are relevant to the purposes for which they were collected;
    • to the processing of his/her personal data for the purpose of sending advertising or direct sales material or for conducting market research or for sales communication.