Dear User,

This Privacy Policy Statement is issued, in accordance with art. 13 of European Regulation 2016/679 on personal data protection and art. 13 of the Italian Data Protection Law (Legislative Decree No 196/2003), bearing in mind Recommendation no. 2/2001 adopted on 17 May 2001, to users who access the website, and relates to all personal data which the Data Controller collects and conserves concerning its users.

The information is provided solely for the / website and not for any other websites/and or apps the user may visit by means of links to external pages belonging to third parties.


The data controller is “Cangini Benne Srl”, with registered office at Via Savio, 29/31 47027 Sarsina (FC), VAT No.: IT02185060403 and the Internal Data Processor is Mr. Giorgio Cangini. The Company has appointed a company Dpo.

Data will be stored in the databases of the Server Provider companies used by the Data Controller, at data centres located within the European Union.

Data are normally processed at the Data Controller’s registered office, by employees and/or external associates duly designated as data processors or persons in charge of processing.


If personal data are transferred outside the European Union for technical operating purposes and to guarantee a high degree of continuity of service, the Data Controller ensures that the transfer is based on an adequacy decision of the Commission, in order to ensure that the level of protection of natural persons guaranteed by the relevant legislation, and especially by Regulation (EU) 2016/679, is maintained.

You may contact the Data Controller, the Data Processor or the DPO at


The personal data collected and processed by the Data Controller via this website are of the following types.

The optional, intentional, voluntary sending of messages to the Data Controller’s contact addresses implies the acquisition of the sender’s contact data necessary to reply, and of all the personal data included in the communications. Moreover, specifically:

– by compiling the specific enquiry form in the Contacts section of the website, users may send Cangini Benne an information request, directly supplying their data, including company name, website, town, province, contact’s name and surname, email address and telephone number. In the event of failure to contribute or incorrect or partial contribution of the data, it may be impossible for us to contact you and/or for you to receive the information requested.

– moreover, via a special data collection form on the /work for us/ page, users may send their CVs in an unsolicited job application. The Data Controller will conserve the personal data received for 24 months, contacting the data subject if a post compatible with the CV received becomes available.

– by compiling the specific newsletter subscription form, users may ask to receive promotional, informative and marketing communications from Cangini Benne, by supplying their name, surname and email address directly. These data are contributed directly by the data subject and in the event of failure to contribute or incorrect or partial contribution of the data, it may be impossible for the user to obtain commercial or informative news and communications from the Data Controller.

Through your navigation of the website / the Data Controller automatically collects data known as navigation data. During their normal operation, the IT systems and software procedures which operate this website acquire some personal data the transmission of which is implicit in the use of Internet communications protocols. These data are not gathered for association with identified subjects, but by their very nature, when processed or associated with data held by third parties or the data controller, they might allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who log onto the website, the addresses in URI notation of the resources requested, the time of the request, the method used when submitting the request to the server, the numerical code indicating the server’s response status (concluded successfully, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data, necessary for the use of web services, are processed, also in aggregate form, in order to:

– obtain statistical information concerning the use of the services (most visited pages, number of visitors by time band or per day, geographical area of origin, etc.);

– check that the services offered are operating correctly.

Navigation data are not retained for more than seven days and are erased immediately after their aggregation (unless required for the investigation of criminal offences by the Judicial Authorities).



The personal data supplied may be disclosed to duly designated recipients, who will process the data in the capacity of data processors and/or persons in charge of processing.

Specifically, personal data concerning the data subject may be disclosed to recipients in the following categories: competent authorities for the fulfilment of legal obligations and/or the orders of public bodies, on request; Data Controller’s employees for dispatch of the communications requested or for the assessment of CVs submitted; companies which repair and/or maintain IT equipment; website management companies and, in general, to enable suppliers to perform technical, logistics and other types of activities on our behalf. Our suppliers only have access to the personal data necessary for the performance of their tasks, and undertake not to use the data for other purposes. They are also obliged to process the personal data in accordance with the relevant legislation.

The Data Controller does not disclose any data concerning data subjects to third parties without their consent, unless required by law. Under no circumstances are personal data disseminated.

The full list of the data processors, the joint data controllers and the persons in charge of the processing of personal data can be requested by sending an email to



Data are only processed for the purposes for which they were collected, as described below. The Data Controller processes the data contributed by data subjects for:

Fulfilment of obligations under laws, regulations and EU directives;
Management of the dispatching of information requested using the contact form. The legal basis of the processing is the fulfilment of a contract to which the data subject is a party, or the performance of pre-contractual measures adopted on his request. The contribution of your personal data for the above purpose is optional, but unless they are contributed management of the enquiry will not be possible;
Statistical analyses/research on aggregated or anonymous data, meaning that the user cannot be identified, intended to evaluate the Website’s operation, measure traffic and assess usability and interest;
With the user’s specific consent only, even if he has compiled the form specifically asking to subscribe to the newsletter, to enable the user to receive additional specific services, such as the dispatch of future informative and promotional communications via email or telephone. The legal basis for the contribution of data for the purposes of sending newsletters for promotional, information or survey purposes is therefore the consent given by the data subject. Therefore, the data subject is entitled to withdraw this consent at any moment, without prejudice to the lawfulness of the processing based on the consent prior to the withdrawal and without any prejudicial consequences of the withdrawal for the data subject.


Personal data are processed by automated and manual means for the time strictly necessary to achieve the purposes for which they were collected.

As soon as the personal data are no longer necessary for the purposes for which they were collected, the Data Controller erases them, unless their conservation is compulsory by law, or the user has consented to their processing for a longer period of time.

In particular, the personal data collected are stored for a period of time established on the basis of criteria such as a) the creation of a subsequent contractual relationship; b) the user’s lasting interest in receiving promotional and/or commercial offers, until the user asks to unsubscribe, c) CVs sent to the Work for Us section will be conserved for 24 months. In all other cases, the Data Controller stores the data for 24 months, unless legal obligations require their conservation for longer periods of time.

Specific security measures are implemented to prevent the loss of data, illegal or improper use, or unauthorised access.



Pursuant to articles 15 – 21 of Regulation (EU) 2016/679, every data subject is granted a series of rights.

Right to Access: pursuant to art. 15, the data subject has the right to confirmation that personal data concerning him are being processed, and, where that is the case, to obtain a copy of the data. He is also entitled to obtain access to the personal data concerning him and to additional information, such as the purpose of the processing, the categories of recipients, the data storage period and the rights he is able to exercise.

Right to rectification: pursuant to art. 16, the data subject has the right to obtain the rectification of inaccurate personal data concerning him or the completion of the data.

Right to erasure: the data subject has the right to obtain the erasure of personal data concerning him, without undue delay, if one of the circumstances listed by art. 17 is met.

Right to restriction of processing: pursuant to art. 18 of Regulation 2016/679, the data subject has the right to obtain restriction of the processing.

Right to data portability: the data subject has the right to receive the personal data concerning him in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance, in accordance with the provisions of art. 20 of Regulation 2016/679;

Right to object to the processing: the data subject has the right to object to the processing of the personal data concerning him in accordance with the provisions if art. 21 of Regulation 2016/679.

The data subject also has the right to lodge a complaint with the competent Supervisory Authority.

Requests to exercise the rights set out in the previous points must be addressed to the Data Controller in writing. The Data Controller will reply to requests to exercise the rights of data subjects without undue delay, within the time limits set by the relevant legislation.

All requests for explanations or clarifications may be addressed to the Data Controller in writing, also using the form provided at


The Data Controller reserves the right to amend, supplement or update this Privacy Policy Statement at regular intervals in compliance with the relevant legislation or with the measures adopted by the Supervisory Authority for personal data protection.

Data subjects will be informed of the said amendments or supplements via email and via a link to the Privacy Policy page of this website.

In all cases, all data subjects are advised to view the Privacy Policy regularly, in order to examine the updated Statement.