Collective catering

School, healthcare and company catering

Commercial catering

Customised catering formats and solutions

Welfare Services

Tailor-made solutions and welfare services for the well-being of your employees

Information on the processing of personal data pursuant to articles 13 and 14 of Regulation (EU) 2016/679

Data subjects concerned: Web users, requests for information.

CIRFOOD s.c. in its capacity as Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter the “GDPR”, hereby informs you that said regulation establishes measures to protect data subjects with regard to the processing of their personal data and that this processing is based on principles of fairness, lawfulness and transparency and on the protection of your confidentiality and rights.

Your personal data will be processed in accordance with provisions of the above regulation and with the confidentiality obligations therein.

Purposes and legal basis of the processing: in particular, your data will be used for the following purposes relative to carrying out measures connected with contractual or pre-contractual obligations:

  • Entry in the CRM/Company database;
  • To meet your requests.

Your personal data may also be used for the following purposes, if you give your consent:

  • Custom audience for advertising purposes on social platforms (only if included in consent to give online. If there is no specific request for consent, this purpose does not apply).

Giving your data is optional for the above purposes. If you do not consent to the processing of your data, this will not affect your status with CIR or the suitability of processing.

Processing procedure. Your personal data may be processed as follows:

  • data will be assigned to third parties for processing;
  • data will be collected electronically;
  • data will be processed by computer.

All processing is carried out in compliance with articles 6 and 32 of the GDPR and by adopting adequate security measures established. Your data will only be processed by personnel specifically authorised by the Controller and, in particular, by the following categories of operators:

  • Sales operators;
  • Marketing department.

Communication: Your data may be disclosed to external subjects for correct management of your status and in particular to the following categories of Recipients including all duly appointed Data Processors:

  • Cloud Providers;
  • Mail marketing service companies.

Dissemination: Your personal data will not be disseminated under any circumstances.

Period for storing data. In compliance with principles of lawfulness, purpose limitation and data minimisation, pursuant to article 5 of the GDPR, your personal data will be stored:

  • for no longer than is necessary for the purposes for which the data are collected and processed for contractual purposes;
  • for no longer than is necessary to perform the services provided;
  • only for personal data and mails up to completion of the company activities of the Controller (save for your right to have data erased).

Controller: in accordance with law, the Controller is CIRFOOD s.c. (via Nobel 19, 42124 Reggio Emilia (Reggio Emilia), Italy; e-mail:; telephone: +39 052253011 - VAT number: 00464110352) represented by the pro tempore legal representative.

You have the right to obtain from the Controller the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, and to oppose the processing of your personal data, and in general to exercise all rights referred to in articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.

You may also consult the updated version of this privacy notice at any time, at


Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21 and 22 - Rights of the data subject

  1. The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her exist, even if not yet registered, to have the data notified to him/her in an intelligible form and to make claims to the supervisory authorities.
  2. The data subject has the right to obtain information on:
    • the origin of his/her personal data;
    • the purposes and procedures of the processing;
    • the logic involved in automatic processing;
    • details of the controller, processors and designated representative pursuant to article 5, paragraph 2;
    • the subjects or categories of subjects to whom the personal data may be disclosed or that may become aware of such data in a capacity as designed representative in the territory of the State, processors or persons in charge of processing.
  3. The data subject has the right to obtain:
    • the updating, rectification or, if applicable, completion of his/her data;
    • the erasure, anonymization or blocking of data processed in breach of the law, including data which do not need to be retained for the purposes for which the data were collected or subsequently processed;
    • certification that the activities as of letters a) and b) have been notified, also as regards their content, to subjects to whom the data in question were disclosed, except for cases where such an obligation is impossible or involves the use of resources that are disproportionate to the right protected;
    • the portability of data.
  4. The data subject has the right to wholly or partially object:
    • to the processing of his/her personal data for legitimate reasons, even if the data are relevant to the purposes for which they were collected;
    • to the processing of his/her personal data for the purpose of sending advertising or direct sales material or for conducting market research or for sales communication.