My book   |   Freebies   |   Ligurian recipes   |   Foodie tips   |   Newsletter   |   Press   |   Work with me

Privacy and Cookie Policy

With this document, Enrica Monzani provides users of the website www.asmallkitcheningenoa.com with information on the data that are collected and tracked through the website, the purposes of this collection and the rights that users (and/or interested parties) may exercise with respect to their data.

Data controller

The data controller is Enrica Monzani c.f. MNZNRC78E60D969N, P.IVA 01307160992 with registered office in Genoa, Via Ponte dell’Ammiraglio 32 (Italy), e-mail: enrica@asmallkitcheningenoa.com 
Should the user want more information than that contained in this document, he may send an e-mail to the above address.
The Controller has not appointed a data protection officer (DPO).

Place of Processing

The Data are processed at the premises of the owner in Genoa (GE), Via Ponte dell’Ammiraglio 32 (Italy).
For further information, please contact the Data Controller at the above address.

Information collected and data processed

The data controller, as identified above, processes the following data:

  • personal data such as name, surname, e-mail address, IP address, residential address and any other data spontaneously provided by the data subject in the contact form (‘form’) to submit a request through the site;
  • statistical data, such as browser used, date and time of the website visit, physical address of the device from which the connection is made;
  • data concerning the credit/prepaid card (circuit number, expiry date, CVV, holder’s personal details) in order to process payment for the service;
  • any common and special data voluntarily provided in connection with the forwarded communications.

By filling in the fields made available within the website, the user consents to the processing of the data provided by the controller in order to process the request, including any reference to food intolerances and/or allergies.

Purpose of data processing and its legal basis

The Data Controller processes the data collected in compliance with the principles of lawfulness, correctness and transparency, in accordance with current legislation (Art. 13 EU Reg. 679/2016 “GDPR”), using tools and organisational measures suitable for minimising the risks associated with the processing of data and guaranteeing its security.

In particular, user data are processed on the following legal bases:

  1. to process an information or booking request, received via the website contact “form”, by e-mail or by other communication tools: in this case, data processing is optional and its legal basis is represented by the consent freely expressed by the user. For this reason, failure to provide one or more pieces of data does not allow the owner to process the request.
  2. in order to carry out the analysis of the request for the “Travel design” service through the administration of an initial questionnaire via the Google Form platform (privacy policy here). This processing is necessary in order to carry out an initial assessment of the data subject’s needs. This activity is part of the pre-contractual measures taken pursuant to Article 6 paragraph 1 letter b) GDPR.
  3. to enable the site to function at its best, through statistical analysis of traffic and user behaviour.
    Processing is optional and its legal basis is the user’s consent.
  4. for subscribing to and sending a periodic information newsletter: the processing of data is optional and its legal basis is represented by the consent freely expressed by the user. Failure to provide one or more data does not allow the owner to provide this service.
  5. to receive exclusive dedicated offers and promotional communications: also in this case, the legal basis of the processing is the consent freely given by the user, and failure to provide one or more data does not allow the data controller to provide this service.
  6. to send personalised promotional communications based on profiling. For this purpose, the consumption preferences expressed by the user will be detected. Also in this case the legal basis of the processing is the consent freely expressed by the user.
  7. to send communications concerning services similar to those that have already been purchased by the user without the need for his/her specific consent pursuant to Article 130 paragraph 4 of Legislative Decree 196/2003 (so-called soft-spam). The legal basis for this processing is the legitimate interest of the owner, pursuant to Art. 6 paragraph 1 letter f) of EU Reg. 679/2016. Consent may be revoked at any time and the data subject may object to such processing at any time;
  8. to collect information concerning the level of satisfaction of the data subject with the purchased service. The legal basis for this processing is the legitimate interest of the Controller;
  9. to protect the rights of the owner in the event of disputes, and in any case of legitimate interest on the part of the latter, pursuant to Art. 6 para. 1 lit. f);
  10. to fulfil tax and other legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR.

Duration of treatment

The data controller stores and processes the data of the data subject for as long as is strictly necessary to achieve each of the purposes set out in this document.

In particular, data collected on the basis of the consent freely given by the data subject may be retained until the user decides to revoke the consent.
The data collected for the purpose of point 1.1) will be kept for the time necessary for the submission of the travel design proposal and, in the event of non-purchase of the requested service, for a maximum period of six months from the submission of the application.

Data collected on the basis of the consent freely given by the data subject may be retained until the user decides to revoke the consent.

Data collected for marketing purposes will be retained for a maximum period of 24 (twenty-four) months after the data subject’s consent has been given, while data collected for profiling purposes will be retained for a maximum period of 12 months.

The data subject may, however, at any time request the interruption of the processing or the deletion of the data, unless there are overriding reasons for the legitimate retention of the data by the data controller.

Data recipients

The recipients of the data, other than the data controller, include natural persons and/or legal entities acting on behalf of the data controller by virtue of specific cooperation relationships (e.g. external collaborators, website operator).

In order to send the newsletter, the data controller uses Substack, based in San Francisco, California (USA), appointed as External Data Processor, for the management of the e-mail marketing service.  Its privacy policy can be found here. For the management of the mailing list, the Controller uses Mailerlite, based in Dublin, appointed as External Data Processor, with regard to the management of the e-mail marketing service. Its privacy policy here.
Google Ireland Ltd with its registered office in Gordon House, Barrow Street, Dublin (Ireland) is also the data controller in respect of the data transmitted via Google Calendar and Google Meet (Google’s privacy policy here).   

Some materials, such as on-demand courses, are hosted on Systeme.io based in Dublin (Ireland) (privacy policy here) with whom some data may be shared, while cooking courses held online are delivered through the use of the Zoom Video Communications Inc. platform, based at 55 Almaden Blvd, Suite 600, San Jose, California (USA) (privacy policy here).
For the payment of some of the services on the site, the PayPal platform of PayPal (Europe) S.a.r.l. et Cie, S.C.A. based in Luxembourg (EU) is used (here its privacy policy).

The list of data processors can be requested from the Controller at any time by writing to enrica@asmallkitcheningenoa.com. 
Any further dissemination of the data provided is excluded.

User rights

In the event that the processing is carried out on the basis of consent, the user may revoke it at any time, in addition to being able to exercise the faculties provided for in Articles 7, 15-22 of European Regulation 679/2016. This free choice does not affect the legitimacy of the processing carried out before the revocation.
To revoke it, simply write to: enrica@asmallkitcheningenoa.com 
By doing so, the user’s data will no longer be processed, unless there is a legal basis other than freely given consent (such as the existence of a legal obligation).
Furthermore, if the user has a doubt and wants to confirm whether or not personal data concerning him or her are being processed (and, if so, to access the data), he or she may access his or her data and request the following information:

  • the purposes of the processing;
  • the categories of personal data in question;
  • the recipients or categories of recipients to whom the data subject’s data are or will be disclosed, in particular if they are recipients in third countries or international organisations;
  • the data retention period, or the criteria used to determine that period
  • the existence of the right to request rectification, erasure, restriction of processing, or the right to object to processing;
  • the right to lodge a complaint with the supervisory authority (www.garanteprivacy.it); 
  • if the data are not collected from the user, all available information on their origin;
  • the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, in such cases, information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

In addition to requesting the correction or rectification of your data, you may object to the processing, including requesting a restriction.
Your rights also include the right to request and obtain the deletion of your data.
The user may also request the portability of data, which can then be obtained in a structured, commonly used and machine-readable format.
Should you consider that your data is not being processed in compliance with the applicable legislation, you may write to the data controller, without prejudice to your right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali – www.garanteprivacy.it).

Existence of an automated decision-making process

The owner does not adopt any automated decision-making processes, and as referred to in Article 22 GDPR (EU Reg. 679/2016).
In the event that the user expresses consent to the processing of his or her data in order to receive commercial communications in line with his or her interests (so-called profiling), his or her data will not be subjected to a fully automated decision-making process, since it will be the data controller who will decide, depending on the preferences expressed, which communications may be of most interest to him or her. The processing carried out in this way has, by way of example, the expected consequences of sending profiled commercial communications in line with the interests expressed.

Data transfer to non-EU countries

The data subject’s personal data are processed at the operational headquarters of the Data Controller in Genoa (Italy) and stored on servers located in the EU and in the USA.
In accordance with the above, therefore, the data of the data subject may be processed by the aforementioned servers, and thus transferred, to a third country outside the European Union. 
This transfer is based on an adequacy decision of the European Commission pursuant to Article 45 of the GDPR and the Data Privacy Framework of 10/7/2023.
However, the owner undertakes to ensure compliance with the principles enshrined in the GDPR.
With the exception of the above, the owner does not transfer data to third countries or international organisations without the express consent of the user.

Copyrights 

All contents of this website are protected by the legal provisions in force regarding copyright and intellectual property rights. Reproduction, even in part, in any form is prohibited. 

Enforcement 

In compliance with legal obligations, the Data Controller regularly updates this policy, adapting it to the new provisions issued. For any information regarding this privacy policy, please contact the Data Controller at the above address.

Information updated to April 2024

Cookie Policy

The www.asmallkitcheningenoa.com website makes use of cookies.

A cookie is a text string forwarded to the user’s device by the sites visited, which is stored by the device.

On each subsequent visit to the platform, cookies stored by the device are sent back to the website that originated them (first-party cookies) or to another website, or social media, that recognises them (third-party cookies).

The purpose of cookies is to make the user’s navigation more convenient by automating certain procedures (such as logging in) and, at the same time, to analyse the use made of the platform.

Depending on their function, there are different types of cookies.

This site makes use of Technical Cookies, Analytical Cookies and Third Party Cookies

Technical cookies

Technical cookies are necessary for the proper functioning of the platform, such as navigation and functionality cookies, which ensure normal navigation and use of the website.

These cookies allow access to restricted areas without having to authenticate or to view the site in Italian without having to set the language each time.

By using this website you expressly consent to the use of technical cookies.
Deactivating this type of cookie may affect your browsing experience. 

WordPress was used for the development of this site (its privacy policy here).

Analytical cookies

In order to gather the information needed to understand which content works and which does not, the site makes use of Google Analytics 4 (GA4), thanks to which the data controller can find out which language visitors to the site speak, from which country they come, which device (PC/mobile or tablet) they are using, which browser and operating system they have installed, as well as being able to understand which topics are popular, in compliance with the parameters imposed by the GDPR.

During the user’s navigation, Google Analytics 4 collects data such as:

  • anonymised IP (Internet Protocol) address
  • name of the device used
  • browser in use
  • date and time of visit
  • place of origin
  • URI (Uniform Resource Identifier) notation addresses of the requested resources or the method used in submitting the request to the server.

This information guarantees anonymity: the data controller does not know the name of those who have viewed the pages, but it can know how many people have visited them in a defined time frame.

Google’s privacy policy here:

https://support.google.com/analytics/topic/2919631?hl=it&ref_topic=1008008 

Personal data collected: Cookies and usage data

Place of processing: USA

The use of this type of cookie also requires the explicit consent of the user, without which the site may not perform at its best.

Here is the link to the Google Analytics cookie policy:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

To disable the Google Analytics action, you can opt-out at this link:

https://tools.google.com/dlpage/gaoptout?hl=it

Third-party cookies:

The site makes use of functionalities provided by third parties, for the operation of which the user’s consent is required.

Below are the functionalities of the site that involve the use of third-party cookies:

Google Fonts: is a Google service that allows fonts (fonts) to be loaded onto the website to improve the browsing experience from a graphical point of view.

The service is operated by Google Inc., here is its privacy policy.

Data processed: cookies and usage data.

Here is its cookie policy: https://fonts.google.com/specimen/Cookie 

Place of processing: USA.

 

Google Tag Manager: a statistics service provided by Google Inc., here is its privacy policy.

Data processed: Cookies and Usage Data. 

Place of processing: USA

 

Google’s NID cookie: a service to help personalise ads in Google properties, such as Google Search. Here is its policy.

Data processed: Cookies and usage data.

Place of processing: USA.

Google Ads – remarketing: is a remarketing and behavioral targeting service provided by Google that cross-references the activity of this Website with the Google Ads advertising network and the DoubleClick cookie.

Users can opt out of Google’s cookies for ad customisation by visiting Google’s Ads Settings, here is its privacy policy.

Data processed: Cookies and Usage Data.

Place of processing: USA

 

Mailerlite: is a platform that provides a mailing list management service. 

The service is provided by Mailerlite Limited, here is its privacy policy 

Data processed: Cookies and Usage Data 

Place of processing: Ireland.

 

Substack of Substack Inc.

 https://substack.com/privacy 

Personal Data Collected: Cookies and Usage Data

Place of processing: USA.

Yoast SEO: this plugin allows you to optimise your site ranking.

Here is its privacy policy.

Place of processing: the Netherlands.

 

CookieYes for functionality related to the cookie banner and the collection of consent from users.

The service is provided by CookieYes Ltd, here is its privacy policy.

Place of processing: UK.

 

Social Network: among the various functionalities of the site is the possibility of interaction with certain social networks such as Instagram and Facebook.

The latter use cookies to function and collect traffic data relating to the pages where this functionality is installed.

The use of this type of cookie requires the user’s consent.

 

Below are the cookie policies of the sharing platforms on the site:

 

Meta Platforms Ireland Ltd.’s Facebook: https://www.facebook.com/policy/cookies/ 

Personal Data Collected: Cookies and Usage Data

Place of processing: Ireland

 

Instagram: https://help.instagram.com/1896641480634370 

Personal Data Collected: Cookies and Usage Data

Place of processing: USA

YouTube by YouTube LLC:  

https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/

Personal Data Collected: Cookies and Usage Data

Place of processing: USA.

YSC yt.innertube::nextId and yt.innertube::requests: Record a unique ID for statistics related to which YouTube videos were viewed by the user.

VISITOR_PRIVACY_METADATA: stores the user’s cookie consent status for the current domain

 

Amazon Web Services (AWS) Inc. an application that routes and manages traffic to and from the application.

Personal Data Collected: Cookies and Usage Data

Place of processing: USA

 

Pinterest by Pinterest Europe Ltd:

         https://policy.pinterest.com/en/cookies 

Personal Data Collected: Cookies and Usage Data

Place of processing: Dublin (Ireland).

 

WPML by OnTheGoSystems Ltd. Company: a WordPress plugin aimed at recording the language code of the last visit.

https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/ 

Personal Data Collected: Cookies and Usage Data

Place of processing: Hong Kong (China).

Through affiliate agreements, some external sites may install cookies aimed at tracking user activity in connection with sales of services and products to which the site refers.

Deactivating cookies 

Below are links through which the user can disable cookies for the most popular browsers:

 

Internet Explorer: 

http://windows.microsoft.com/it-IT/windows7/Block-enable-or-allowcookies 

 

Google Chrome:

https://support.google.com/chrome/bin/answer.py?hl=itIT&answer=95647&p=cpn_cookies 

 

Mozilla Firefox:

http://support.mozilla.org/it/kb/Bloccare%20i%20cookie?redirectlocale=enUS&redirectslu=Blocking+cookies 

 

Apple Safari: 

http://www.apple.com/it/privacy/use-of-cookies/ 

 

Disabling cookies via your browser settings will result in the inability to use some of the Site’s services.

Security Measures

The data controller takes appropriate security measures to prevent unauthorised access, rather than unauthorised disclosure and/or destruction of the data, and with organisational methods suitable for ensuring the security of the data in relation to the stated purposes. 

Banner cookie functions

Through the cookie banner on this site you can express your preferences on the use of cookies. If you wish to deny your consent to their use, you must click on “refuse”: this will only result in the application of technical cookies.

 

If, on the other hand, the user wishes to accept their installation, he or she selects the cookies he or she wishes to accept and clicks ‘accept’. 

The user can change his or her choice at any time through the ‘preferences’ section always available on the site.

Further information on treatment

Should the user need clarification or further information in relation to the processing of personal data carried out by this site, he/she may contact the Data Controller at any time using the contact information.

 

In the event that one or more of the above links are not functional, the user may access the relevant regulations directly from the owner site referred to by the link.

 

Information updated to April 2024