PRIVACY POLICY PRATO BAKERY

​

FUTURA GAIA CORP. (with trade name PRATO BAKERY) is a corporation organized under the laws of the State of New Jersey with an office located at 371 4th Avenue, Jersey City, NJ 07302, United States (hereinafter referred hereto as the "DATA CONTROLLER" or “PRATO BAKERY”), and together with its affiliates and subsidiaries including but not limited to Toscana Mia Inc., Bay Street Bakery Inc., Extra Food LLC, Palisades Bakery Inc. and SB Morgan Street Corp., as DATA CONTROLLER of personal data pursuant to the applicable law ("Applicable law"), recognizes the importance of the protection of personal data.

​

Before communicating any personal data, the DATA CONTROLLER invites you to read carefully this privacy policy ("Privacy Policy"), containing important information on the protection of personal data and the security measures taken to ensure confidentiality in full compliance with the Applicable law.

 

Further, this Privacy Policy:

​

(i) is intended only for the Website https://www.pratobakery.com/ ("Website"), (ii) does not apply to other websites consulted via external links, and (iii) has to be considered as Information pursuant to the Applicable law to those who interact with the Website.

​

The Website is designed to make it easier and more efficient for users to interact with PRATO BAKERY and this Privacy Policy describes what data is collected and how it is used.

​

Index

​

1. Data Controller

2. Data Category

3. Cookie Policy

4. Purpose, legal basis, mandatory or optional nature of the processing

5. Recipients

6. Transfer of information

7. Children’s Privacy

8. California Privacy Rights

9. European Privacy Notice

10. Data retention

11. Rights available to individuals

12. Changes of the Privacy Policy

13. Contacts

 

1. Data Controller

The Data Controller is FUTURA GAIA CORP. as defined above. For any information regarding the processing of personal data of the DATA CONTROLLER, including the list of data processors, please write to: info@pratobakery.com.

​

2. Data Category

"Personal Data" means any information concerning an identified or identifiable natural person with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of its physical identity, physiological, psychological, economic, cultural or social.

a) Navigation data. The computer systems of the Website collect some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with you, but by its very nature could, through processing and association with data held by third parties, allow you to identify yourself. These data are used to obtain anonymous statistical information on the use of the Website and to check its correct functioning; to allow - given the architecture of the systems used - the correct delivery of the various features you requested, for reasons of security and assessment of responsibility in case of hypothetical computer crimes against the Website or third parties.

b) Data provided voluntarily. You have the possibility to voluntarily provide Personal Data through Contact Form such as name, surname, birthdate, telephone number, home address and e-mail address, also you have the possibility to voluntarily provide your e-mail address through newsletter. The DATA CONTROLLER will process these data in compliance with the Applicable law, assuming that they refer to you or to third parties who have expressly authorized you to confer them on the basis of an appropriate legal basis that legitimizes the processing of the data in question. With respect to these assumptions, you are entitled to be an independent data controller, assuming all the legal obligations and responsibilities. In this sense, you confer on the point the widest indemnity with respect to any dispute, claim, request for compensation for damage from treatment, legal obligations and responsibilities that should be brought against the DATA CONTROLLER by third parties whose Personal Data have been processed through your use of the Website in violation of the Applicable law.

c) Data Processed in Interacting with Social Networks. When an individual interacts with PRATO BAKERY through various social networks, such as when someone logs in through a social network, likes PRATO BAKERY on Facebook, follows or shares PRATO BAKERY content on Google, Facebook, Instagram or other social networks, the DATA CONTROLLER may receive certain information from these social networks, including your profile information and any other information you allow the social network to share with third parties. The DATA CONTROLLER uses this information to allow you to log into your account, to communicate or interact with individuals on the social network, to better understand the demographics of PRATO BAKERY visitors, and to customize content and advertising. Individuals should always review and, if necessary, adjust the privacy settings of third-party websites and social media networks and services before sharing information and/or linking or connecting to other services.

d) Automatically collected data. When you access to the Website, the DATA CONTROLLER automatically records and stores certain information about your system by using cookies and other types of technologies, as indicated in point 3 below. By using this Website, you accept this Privacy Policy, and you consent to the data practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use this Website.

e) Data of the shipment/delivery. You have the possibility to voluntarily provide data of the shipment such as name, surname, street, city, province, postal code, state, time zone, language, telephone number.

​

3. Cookie Policy

The DATA CONTROLLER collects Personal Data through cookies.

Cookies are small text files containing a string of alphanumeric characters that are sent to your browser. Examples of such information the DATA CONTROLLER automatically collects include, but it is not limited to: preferences, Internet Protocol address (“IP Address”), a unique user ID, device and browser types and identifiers, referring and exit page addresses, software and system type. Examples of how the DATA CONTROLLER uses automatically collected information include, but it is not limited to: (a) automatically update the application on your system; (b) remember your information so that you will not have to re-enter it during your visit or the next time you access the services; (c) provide customized advertisements, content, and information; (d) monitor the effectiveness of marketing campaigns; (e) monitor and store aggregate site usage metrics such as total number of visitors and pages accessed; and (f) track your entries, submissions, and status in any promotions or other activities.

There are two types of cookies:

- session (transient) cookies: these cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.

- persistent (permanent or stored) cookies: these cookies are stored on your hard drive until they expire (at a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific site.

 

4. Purpose, legal basis, mandatory or optional nature of the processing

The Personal Data you provide through the Website will be processed by the DATA CONTROLLER for the following purposes:

a) execution of a contract of which you are a part or execution of pre-contractual measures taken on your request;

b) fulfillment of a legal obligation to which the DATA CONTROLLER is subject to;

c) to ascertain, exercise or defend a right in court or whenever the jurisdictional authorities exercise their jurisdictional duties;

d) to allow navigation of the Website and the provision of the services of the DATA CONTROLLER;

e) to find specific requests addressed to the DATA CONTROLLER;

f) to fulfill any obligations required by the Applicable law, regulations or legislation, or to satisfy requests from authorities;

g) to carry out direct marketing via Website or e-mail for services similar to those signed by you, subject to your refusal to receive such communications, which may be expressed during registration or on subsequent occasions;

h) to carry out marketing activities such as: preparing studies, research, market statistics; to send informational and promotional material relating to the activities, services and products of the DATA CONTROLLER and its commercial partners; to send you surveys to improve the service ("customer satisfaction"). Such communications may be made by e-mail or text message, by mail and / or through the official pages of the DATA CONTROLLER on social networks, or also through push notifications; it is specified that the DATA CONTROLLER collects a single consent for the marketing purposes described herein. If, in any case, you wish to oppose the processing of your data for marketing purposes performed with the methods indicated herein, you may at any time contact the DATA CONTROLLER at the addresses indicated in the "Contact" section of this Privacy Policy, without prejudice to the lawfulness of the processing based on the consent given before the revocation.

i) where applicable, to analyze your interests, habits and consumption choices, also in order to be able to send you personalized information and promotional material on the services offered ('profiling').

​

5. Recipients

Your Personal Data may be shared, for the purposes specified in point 4, with:

- subjects appointed within the structure of the DATA CONTROLLER, necessary for the provision of the services offered;

- subjects that typically act as data controllers, namely: i) persons, companies or professional firms that provide assistance and advice to the DATA CONTROLLER in accounting, administrative, legal, tax and financial matters; ii) subjects delegated to carry out technical maintenance activities; iii) companies controlling, controlled and connected to the DATA CONTROLLER, limited to the pursuit of administrative-contracting purposes connected to the performance of organizational, administrative, financial and accounting activities;

- service providers and consultants that need access to personal information in order to perform services for the DATA CONTROLLER, such as companies that assist PRATO BAKERY with web hosting, shipping and delivery, payment processing, fraud prevention, customer service, and marketing and advertising;

- persons authorized by the DATA CONTROLLER to the processing of Personal Data that have committed to confidentiality or have an adequate legal obligation of confidentiality (eg employees and collaborators of the DATA CONTROLLER);

- subjects, bodies or authorities to whom it is mandatory to communicate your personal data in accordance with the provisions of law or orders of the authorities;

- jurisdictional authorities in the exercise of their functions when required by the Applicable law.

 

6. Transfer of information

PRATO BAKERY is headquartered and it operates in the United States. Therefore, the DATA CONTROLLER and its service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Prato Bakery will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which the DATA CONTROLLER processes it.

Your personal information may be stored in any other country in which PRATO BAKERY and/or service providers maintain facilities. The data protection laws in these countries may provide a different standard of protection for your personal information than the country in which you are located or your country of residence. If you have questions or wish to obtain more information about the international transfer of your personal information or the implemented safeguards, please contact the DATA CONTROLLER using the contact information below.

 

7. Children’s Privacy

The content of the Website is not directed at children under the age of 18 (or the equivalent age of a child in your jurisdiction), and PRATO BAKERY does not knowingly collect Personal Information from any child under the age of 18 (or the equivalent age of a child in your jurisdiction).

 

8. California Privacy Rights

If you are a California resident, you may have certain additional rights. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by PRATO BAKERY to third parties for the third parties’ direct marketing purposes. Such requests must be submitted by contacting the DATA CONTROLLER at the addresses listed in the Contacts section of this Privacy Policy.

The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) affords consumers residing in California certain rights with respect to their personal information. If you are a California resident, this section applies to you.

In the preceding 12 months, the DATA CONTROLLER has collected the following categories of personal information:

a) navigation data;  

b) data provided voluntarily: name, surname, birthdate, telephone number, home address and e-mail address;

c) data processed in interacting with social networks;

d) automatically collected data by using cookies and other types of technologies, as indicated in point 3 above;

e) data of the shipment/delivery: name, surname, street, city, province, postal code, state, time zone, language, telephone number.

 

9. European Privacy Notice

This European Privacy Notice supplements the information contained in the DATA CONTROLLER’s Privacy Policy and applies solely to Europe citizens.

The DATA CONTROLLER processes your personal data only if there is a legal basis to do so, including:

- to comply with the DATA CONTROLLER’s legal and regulatory obligations;

- for the performance of the DATA CONTROLLER’s contract with you or to take steps at your request before entering into a contract;

- for the DATA CONTROLLER’s legitimate interests or those of a third party;

- where you have given consent to the DATA CONTROLLER’s specific use.

The purpose for which the DATA CONTROLLER uses and processes your information and the legal basis on which Prato Bakery carries out each type of processing is further explained below.

Purposes for which the DATA CONTROLLER will process the information & legal basis for such processing:

- to provide products and services you request: It is necessary for the DATA CONTROLLER to process your personal data in order to deliver the services and process transactions according to the applicable contract between Prato Bakery and you (or take necessary steps relating thereto);

- to respond to requests, questions, and comments, and provide other types of user support: It is necessary for Prato Bakery to respond to requests, questions, and comments, and provide other types of user support in order to take steps at your request or according to the applicable contract between Prato Bakery and you;

- to offer you products and services in marketing communications, or direct you to portions of this Website or other websites, that the DATA CONTROLLER believes may interest you: Prato Bakery may send electronic marketing communications to you if you have consented to these communications. It is in the DATA CONTROLLER’s legitimate interest to market out products and services to you by other means and to direct you to portions of this Site or other websites that the DATA CONTROLLER believes may interest you. The DATA CONTROLLER considers this use to be proportionate and will not be prejudicial or detrimental to your rights and freedoms;

- to communicate about, and administer your participation in, events, programs, contests, and other offers or promotions: the DATA CONTROLLER will send electronic communications to you if you have consented to these communications, where such consent is required by applicable law. With respect to other communications, it is in the DATA CONTROLLER’s legitimate interest to communicate to you and administer your participation in, Prato Bakery’s events, programs, contests, and other offers or promotions. The DATA CONTROLLER considers this use to be proportionate and will not be prejudicial or detrimental to your rights and freedoms;

- to carry out, evaluate, and improve PRATO BAKERY’s business (which may include developing new features for the Services; analyzing and enhancing the user experience on the Services; optimizing and assessing the effectiveness of PRATO BAKERY’s marketing and advertising; and managing communications). It is in the DATA CONTROLLER’s legitimate interests to process your personal data to carry out these activities. The DATA CONTROLLER considers this use to be proportionate and will not be prejudicial or detrimental to your rights and freedoms;

- to perform data analytics regarding usage of the Services (including market and customer research, trend analysis, financial analysis, and pseudonymization or anonymization of personal data). It is in the DATA CONTROLLER’s legitimate interests to process your personal data to carry out these activities. The DATA CONTROLLER considers this use to be proportionate and will not be prejudicial or detrimental to you;

- to serve advertising, content, and offers to you based on your interests and online activities, from the DATA CONTROLLER or third parties. The DATA CONTROLLER will send advertising, content and offers to you based on your interests and online activities if you have consented to this processing;

- to enable Prato Bakery’s affiliates or service providers to perform certain activities on the DATA CONTROLLER’s behalf: It is necessary for Prato Bakery to process your personal data in this manner in order to deliver the services and process transactions according to the applicable contract between Prato Bakery and you. It is also in the DATA CONTROLLER’s legitimate interest to enable the DATA CONTROLLER’s service providers and affiliates to perform certain activities on the DATA CONTROLLER’s behalf. Prato Bakery considers this use to be proportionate and will not be prejudicial or detrimental to your rights and freedoms;

- to notify you of any changes to the Services that may affect you: It is necessary for the DATA CONTROLLER to process your personal data in order to deliver the services and process transactions according to the applicable contract between Prato Bakery and you;

- if the DATA CONTROLLER are required to do so by law, regulation, or legal process (such as a court order or subpoena); in response to requests from government agencies, such as law enforcement authorities, including to meet national security requirements; if the DATA CONTROLLER believes disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity; and in the event the DATA CONTROLLER sells or transfer all or a portion of Prato Bakery’s business or assets (including a reorganization, dissolution, or liquidation). In such an event, the DATA CONTROLLER will seek to provide you with commercially reasonable notice, e.g., via email and/or notice on the DATA CONTROLLER’s Sites, of any change in ownership, incompatible new uses of your personal data, and choices you may have regarding your personal data:  the DATA CONTROLLER conducts this processing to comply with the DATA CONTROLLER’s legal obligations and to protect the public interest;

- guard against, identify, and prevent fraud and other criminal activity, claims, and other liabilities; and comply with applicable legal requirements, law enforcement requests, and the DATA CONTROLLER’s company policies:  Prato Bakery conducts this processing to comply with the DATA CONTROLLER’s legal obligations and to protect the public interest.

 

10. Data Retention

The DATA CONTROLLER will process your Personal Data for the time strictly necessary to achieve the purposes indicated in point 4.

 

11. Rights available to individuals

Pursuant to the Applicable law, you have the right to ask the DATA CONTROLLER, at any time, to access your Personal Data, to rectify or cancel them or to oppose their treatment, limitation of processing and to obtain in a format structured, in common use and readable by automatic device data concerning you. Requests should be sent via e-mail to the following address: info@pratobakery.com. In accordance with the Applicable law, the individual has in any case the right to lodge a complaint with the Data Protection Authority if he considers that the processing of his Personal Data is against the Applicable law.

 

12. Changes of the Privacy Policy

This Privacy Policy is effective from 16/12/2022. The DATA CONTROLLER reserves the right to modify or simply update its content, in part or completely, also due to changes in the applicable legislation. The DATA CONTROLLER will inform you of these changes as soon as they are introduced and will be binding as soon as they are published on the Website. The DATA CONTROLLER invites you to visit this section regularly to get to know the most recent and updated Privacy Policy.

 

13. Contacts

To exercise the above rights or for any other request, please send an email to the DATA CONTROLLER at info@pratobakery.com.

​