INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
Edition 03 dated 07.04.2025

In compliance with the obligations deriving from national legislation (Legislative Decree no. 196 of June 30, 2003 – Personal Data Protection Code, as amended) and European regulations (EU General Data Protection Regulation No. 679/2016 – GDPR), Giusto Faravelli S.p.A. – Sole Shareholder Company, with registered office at Via Medardo Rosso 8, Milan, Italy, Tax Code and VAT No. 03224410153, as Data Controller, provides information on the methods and purposes of the processing of personal data collected through its websites.

1. Scope and Sources of Data Processing
This information notice concerns only personal data collected during navigation on the following websites:

https://www.faravelligroup.com

https://www.faravelli.it

https://www.faravelli.de

https://www.faravelli.cz

https://www.faravelli.hu

https://www.faravelli.sk

https://www.faravelli.com.cn

https://www.faravelli.us

https://www.faravelli.es

https://www.deltapharma.com

Ingredientegiusto.it

Faraemotions.com

As the operator of the websites listed above, Giusto Faravelli is committed to ensuring the utmost protection of the personal data collected and undertakes to process such data confidentially and in compliance with applicable legislation.

Browsing the sites is generally possible by using anonymous or pseudonymized personal data, especially in the public areas. However, certain sections may require the transmission or may lead to the collection of identifiable personal data—such as when sending communications, whistleblowing reports, job applications, or newsletter subscription requests.

Data collected through navigation and/or through the forms in these sections are processed, whenever possible, on a voluntary basis, in accordance with this notice or the specific notices available in the relevant sections.

Some sections of the websites also include contact buttons (Social Plugin Applications or forms for interaction with Faravelli Group companies or CV submission). If used by visitors, they may allow companies other than the Data Controller to receive the visitor's data.

We strongly encourage each user to carefully read this notice to understand when their data is processed by the Data Controller and when by third parties.

2. Processing Carried Out Through Website Navigation
Accessing and using the websites involves the collection of information about the user.

Some of this information is technically necessary for the website to function, others are collected to improve usability, and others for statistical purposes, to help the Controller assess content popularity and improve offerings.

2.1. Data Collected by Website Functionality Applications
Each time a visitor accesses one of the listed websites without registering or submitting data, the Data Controller collects information sent by the user's browser to the server, necessary for displaying the website and ensuring its stability and security.

These technical applications may collect, during browsing, some data not directly associated with the user, the transmission of which is implicit in the use of Internet communication protocols.

Such data may include, for example (but not limited to): IP address, domain names, browser type used to connect, URI (Uniform Resource Identifier) addresses of requested resources, time of the request, and other parameters relating to the operating system and IT environment used.

This information does not allow the Controller to identify the user and is therefore considered anonymous; no consent is required for its processing.

This data collection is necessary for website navigation and cannot be disabled. If the user does not agree with this processing, they must stop browsing the site.

The data is processed without requiring consent and is collected and used by the Controller to pursue its legitimate interest in operating and managing the websites, optimizing their functionality, ensuring operability and security, system administration, improving user navigation, identifying server issues, and other system or network needs.

The collection and use of data occur through automated methods and after appropriately balancing the Controller’s legitimate interest with the fundamental rights and freedoms of visitors.

Data collected in this manner will be stored in Italy for the duration of the session, unless longer retention is necessary for the Controller to exercise its legitimate interest in defending itself in legal proceedings.

Providing such data is the only way to access the websites: if the user does not wish to authorize the processing, they must stop browsing.

2.2. Data Collected via Cookies
The websites use cookies, which are text files placed on the users' device to enable the site to analyze usage and exchange information between server and user.

Cookies were developed to simplify user navigation, allowing the site to remember choices and reapply them during future visits. They can also be used to obtain information about the pages visited and activities carried out by the user.

Such data is used mainly for two purposes: understanding visitor interests to improve website content and services, and displaying ads aligned with the likely interests of the user (i.e., Web Marketing).

The websites use the following types of cookies:

Technical Cookies – to ensure that the requested service is provided, including basic analytics. (No consent required under Directive 2002/58/EC).

First-Party Analytics Tools – additional tools for measuring website performance and attractiveness, and for providing added functionalities (treated as technical cookies, not requiring consent).

Data Collected Through First-Party Technical Cookies
While navigating public areas of the websites, technical, standard, and session cookies are used. These cookies do not store personal data nor do they allow direct identification of users.

When a user revisits the website from the same device, the data stored in cookies from the previous session is transmitted back to the site (via “First-Party Cookies”).

This enables the website to recognize the user and display content in line with their preferences.

Collected data may include, by way of example and not limitation: IP address, domain names, browser type, URI addresses of requested resources, time of request, user’s language settings, and other parameters relating to the operating system and IT environment.

The use of First-Party Technical Cookies does not require user consent, as they do not allow identification. Their deactivation may impair navigation or access to some areas of the site. Therefore, the cookie banner does not allow their deactivation.

These data are processed without the need for user consent and are collected/used by the Controller for the legitimate interest of operating and managing the websites, ensuring functionality, performance, and security, administering the system, improving user navigation, identifying server problems, and meeting other technical or network needs.

Data is collected through automated means and following a proper balance between the Controller’s interest and the users’ fundamental rights.

The data collected will be stored in Italy; specifically, information recorded through standard technical cookies will be kept for up to 6 months, and that collected via session cookies for up to 14 days.

Users may refuse the use of such cookies by adjusting their browser settings. However, refusal may prevent access to the website or its services.

The technical cookies used do not pose risks to the user's privacy or the integrity of the IT systems used to access the Internet or the site.

Access to the data collected through the website is granted exclusively to the Data Controller and the Hosting Provider, which is appointed as Data Processor and may potentially access data solely for technical reasons requiring urgent intervention to ensure website functionality and security.

2.3. Data collected through the completion of application forms, contact forms or the selection of email submission buttons
Some sections of the website contain forms for the transmission of visitors’ Personal Data, for example to submit a job application or request contact.

Filling in the forms results in the direct communication of the visitor’s contact Personal Data to the individual companies of the Faravelli Group with which the website visitor wishes to interact. Each company in the Group processes the Data as an independent Data Controller, solely for the purpose of providing the services requested, in accordance with the specific privacy policies prepared by each company, available in the dedicated sections via the following links:

Privacy Policy Contact Us

Privacy Policy Work with us

Privacy Policy Newsletter

Privacy Policy Whistleblowing

Privacy Policy Inclusion

These policies can be found at the bottom of each form on the individual websites.

Providing data is optional. Therefore, the data subject may choose not to provide any data, but in such a case, it will not be possible to receive a response from the Data Controller.

Please note that access to the Whistleblowing and Inclusion reporting sections occurs via browsing on the website whistleblowersoftware.com, which is operated by a different Data Controller. Visitors are advised to consult the relevant privacy policy on that site.

2.3. Data collected through the subscription form for the Newsletter service
If the form to subscribe to the Newsletter service is filled out on the Sites, the Data will be sent to the Data Controller, who will process it in Italy, using the methods and for the purposes specified in the specific privacy notice linked at the bottom of the form, available here:
[Newsletter Privacy Policy – Italian]
(chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.faravelli.it/docs/privacy-newsletter-IT.pdf)

The Data collected in this way will be processed within Europe by the Data Controller only on the basis of the explicit consent of the data subject and solely for the purpose of sending information about the services and products of the Faravelli Group.

Data will be processed until the withdrawal of consent by the data subject, and in any case no longer than 10 years, unless a longer retention period is required to allow the Group companies to exercise their legitimate interest in defending themselves in legal proceedings.

2.4. Data collected through the use of “plugin” services
Our Site uses plugin services provided by Social Network Applications.

The Plugin establishes a direct connection between the user’s browser and the third-party Social Network Application server. It is activated when the visitor, while browsing the Giusto Faravelli Site, selects a Social Application icon present on the pages of the Site. This operation allows the Application to associate the user’s social account with their visit to the Giusto Faravelli Site. From that moment on, the visitor and their Personal Data are automatically transferred to the selected Application's website.

The selected Application’s website belongs to third parties; therefore, Giusto Faravelli is not responsible for the data processing carried out by the Social Application controller after the plugin button is selected. Visitors are encouraged to read the specific privacy policies of the individual Social Applications.

Google Maps Plugin
Pages of the Giusto Faravelli Sites use Google Maps features. Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The Google Maps API is used to visually display geographic information. When using Google Maps, Google collects, processes, and uses data relating to visitors’ use of the Maps features, including location data where location tracking is enabled.
Giusto Faravelli does not receive or process such data. More information is available in Google’s privacy policy.

Instagram Plugin
The Giusto Faravelli Sites include features of the Instagram service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
Instagram plugins can be identified by the Instagram logo on the Giusto Faravelli site pages.
If the user clicks on the Instagram logo on the site’s homepage, they will be automatically redirected to the relevant Giusto Faravelli social media page.
Giusto Faravelli is not aware of the content of the transmitted data or how Instagram uses it. For more information, see Instagram’s privacy policy:
https://instagram.com/about/legal/privacy/

LinkedIn Plugin
The Giusto Faravelli Sites use LinkedIn network features. Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043.
LinkedIn plugins are recognizable by the LinkedIn logo displayed on our page.
Clicking the LinkedIn logo on the homepage redirects the user to the Giusto Faravelli LinkedIn page.
If the user clicks the LinkedIn logo on blog articles while logged into their LinkedIn account, they may share the blog content on their LinkedIn profile.
As the site providers, we do not know the content of the transmitted data or how LinkedIn uses it.
More information is available in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

YouTube Plugin
The Giusto Faravelli Sites use YouTube Plugins provided by Google. This website is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
YouTube plugins can be identified by the YouTube logo on our page.
If the user visits one of our pages containing a YouTube Plugin, a connection is established with YouTube’s servers.
Clicking the YouTube logo on the homepage redirects the user to the official Giusto Faravelli YouTube page.
To avoid linking their visit to their YouTube account, users may log out of their YouTube account during browsing.
More details on user data management are available in YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy

3. Data Access
Direct access to the Data collected from the Site is granted exclusively to the Data Controller.

The hosting service is provided by Boken S.r.l, which may potentially access the Data only for technical reasons of necessity or urgency in order to preserve site functionality and security.

The Data provided via form submissions on the Sites is made accessible to employees and collaborators of the Data Controller, in their capacity as internal processors, external processors, or system administrators.

4. Data disclosure without the need for explicit consent (pursuant to Article 6, letters b) and c) of the GDPR)
The Data Controller may disclose the Data collected for the purposes set out in section 2 above to judicial authorities and to parties to whom disclosure is mandatory by law for the fulfillment of the aforementioned purposes. These entities will process the Data in their capacity as independent Data Controllers.

5. Data dissemination and transfer
The Personal Data collected for the purposes outlined in sections 2.1 and 2.3 will not be disseminated. For Data collected for other purposes, please refer to the specific Privacy Policies.

The Personal Data collected in accordance with sections 2.1 and 2.3 are stored on servers located within the European Union. However, it is understood that the Data Controller may, if necessary, transfer the servers outside the EU. In such cases, the Data Controller hereby ensures that any transfer of Data outside the EU will occur in compliance with applicable legal provisions, including the execution of the standard contractual clauses approved by the European Commission. For Data collected for other purposes, please refer to the relevant Privacy Policies.

6. Automated decision-making processes, including profiling
Personal Data will not be subject to automated decision-making processes intended to allow the Data Controller to make decisions solely based on automated processing, including profiling, that may produce legal effects concerning the data subjects or similarly significantly affect them.

7. Data subject rights
In relation to the purposes of processing, the user is granted the rights set out in Articles 15 and following of the GDPR, and specifically the right to:

Access, i.e., to obtain confirmation as to whether or not personal data concerning them exists, to know its origin, and the logic and purposes on which the processing is based, as well as the recipients or categories of recipients to whom the data may be communicated, and, where possible, the retention period;

Rectification of inaccurate data;

Erasure (so-called “right to be forgotten”) where the data is no longer necessary in relation to the purposes for which it was collected, or where the data subject has withdrawn consent (where consent was required) and there is no other legal basis for processing;

Restriction of processing, i.e., the right to obtain from the Controller the limitation of access to personal data by all parties with a service or employment contract with the Controller;

Portability, i.e., the right to receive personal data concerning the data subject in a structured, commonly used and machine-readable format, with the possibility of transmitting such data to another Controller. This right does not apply to non-automated processing (e.g., paper archives or records) and only applies to data processed with the data subject’s consent and provided directly by them;

Objection, i.e., the right to object to processing for reasons related to the data subject’s particular situation;

Lodging a complaint with the Data Protection Authority.

Furthermore, under Article 7, paragraph 3 of the GDPR, the data subject has the right to withdraw consent at any time; the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. How to exercise rights
The user may exercise their rights at any time by sending:

a registered letter with return receipt to:
Giusto Faravelli S.p.A Società con Socio Unico,
Via Medardo Rosso 8, 20159 Milan, Italy

an email to: privacy@faravelli.it

9. Data Controller, processors, and appointees
The Data Controller is Giusto Faravelli S.p.A Società con Socio Unico, with registered office in Milan, Via Medardo Rosso 8.

The updated list of data processors and persons in charge of the processing is kept at the registered office of the Data Controller.

10. Privacy Policy updates
This Privacy Policy has been in force since __________. The Data Controller reserves the right to amend or update its content, in part or in full, including due to changes in applicable regulations. Visitors will be informed of such changes as soon as they are introduced. The changes will be binding as soon as they are published on the Website. Therefore, the Data Controller invites visitors to regularly consult this section to stay informed about the most recent and updated version of the Privacy Policy, and to be aware of the data collected and its use.

Link:
COOKIE POLICY
CONTACTS
NEWSLETTER
WORK WITH US