Data Protection Policy


  • Directive 2002/58/CE – concerning the “processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communication)”;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).


As a result of browsing this website, data concerning identified or identifiable persons may be processed. The Data Controller of the process is Pastificio Rana S.p.A., Via Antonio Pacinotti n. 25 – 37057 San Giovanni Lupatoto (VR).


Browsing data

The information systems and the software procedures needed for the running of this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of the Internet communication protocols.

Such data is not collected to be associated with identified Data Subjects, but due to its nature, it could allow to identify the users, through processing and association with data held by third parties.

To this category of data belong the IP addresses or the domain names of the PC used by the users who connects to the website, the URI notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the size of the file obtained in response, the numeric code specifying the status of the response given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment.

Such data is used only in order to obtain anonymous statistical information on the use of the website and to control the correct operation, and is cancelled immediately after processing. The data could be used to ascertain the liability in case of possible cybercrimes damaging the website.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of personal data by the user by filling the registration form on the website or by calling the telephone numbers published on the website, entails the subsequent acquisition of the data provided by the sender, necessary to provide the service or the information requested.

Anonymous or aggregated data

Anonymisation is a process aimed at preventing the Data Subject’s identification. The data made anonymous doesn’t belong to the application field of the data protection regulation. The aggregated data can derive from personal data supplied by the user but is not considered personal data since, as specified, it doesn’t allow to directly or indirectly identify the Data Subject.


Please refer to the Cookie Policy available at for more information on the cookies we use.


This website could contain links or references for the access to other websites, we inform you that the Data Controller doesn’t control the cookies or other monitoring technologies of such websites to which this policy doesn’t apply. We therefore recommend that you consult the individual privacy policies relating to these websites.


Apart from what has been specified for the browsing data, users are free to supply their personal data or not. However, the non-supply of such data may entail the impossibility to obtain what has been requested.


We inform you that at any time you may choose to limit the collection or use of your personal data. For example, if you previously consented to the processing of your personal data for marketing purposes, you can change your mind at any time by writing or sending an email to

Pastificio Rana S.p.A will not sell and will not distribute the personal data collected to third parties unless it has received explicit and free consent from the interested parties or unless specifically required by law. After collecting the consent of the parties concerned, the personal data may however be used to also send promotional information from third parties.


Personal data is processed, even with the aid of automated devices, for the time strictly necessary to achieve the purposes for which it was collected.

Specific security measures are taken in order to prevent the loss of data, its unlawful or wrongful use and unauthorised access. The Data Controller adopted all adequate security measures, following the principal international standards to minimise the risks to confidentiality, availability and integrity of the personal data collected and processed.


The processing of data related to the web services of this website takes place at the aforementioned offices of the Data Controller and is handled only by expressly authorised personnel.

The collected data may be shared, transferred or communicated to other companies for activities strictly connected and instrumental to the operativeness of the service, such as the management of the information system, or to any supplier employed to put in place maintenance services.

In the aforementioned cases, the Data Controller shall appoint such third parties as Data Processors pursuant to Article 28 of the GDPR.

Apart from these cases, personal data won’t be communicated unless there’s a contractual or legal provision, or upon specific consent by the Data Subject. In this sense, personal data may be transmitted to third parties, but only and exclusively if:

  1. There is explicit consent to share the data with third parties;
  2. There is a need to share information with third parties in order to provide the service required by the Data Subject;
  3. It is necessary in order to meet a request by the judicial or public security authorities.

No data deriving from the web service is circulated.


Personal data will not be transferred to Third Countries, meaning countries not belonging to the European Union or to the European Economic Area. Should this occur, the Data Controller declares and guarantees to comply with the provisions of the articles 44 et seq. of the GDPR.


The regulation protecting the personal data expressly provides some rights for the subjects to whom the data refers (the so-called Data Subjects). In particular, pursuant to articles 15 and following, of the EU Regulation 2016/679, each Data Subject has the right to obtain the confirmation of the existence of their data, to obtain the specification about the origin, purposes and methods of processing, to object to the processing, the obtaining, the updating, rectification, integration of data, the right of objection, as well as the right to obtain its cancellation in case it is processed in a manner infringing the law, or if one of the reasons specified in article 17 of the EU Regulation 2016/679 should exist.


Pastificio Rana S.p.A. informs you that the data collected will be stored only for the time necessary to fulfil the specific purposes indicated. Any further storage of data or part thereof may be arranged to assert or defend its rights in any given location and in particular before the Court as well as to respond to the explicit requests of the interested party, such as requests for the reception of promotional material, provided express consent has been granted.

The data collected through profiling cookies will be stored completely for 13 months from the date of collection and/or installation of the relative cookie.


The Data Controller periodically controls its data protection and security policy and – if needed – reviews it in connection with modifications deriving from regulations or organisations, or as dictated by technological evolution. Should the policy be modified, the new version will be published on this web page.


Anyone interested in more information, wanting to contribute suggestions or make a complaint about the data protection policy or the way our Company processes personal data, or who wants to assert the rights provided by the data protection regulation, may contact the Data Controller in writing at Pastificio Rana S.p.A., Via Antonio Pacinotti n. 25 – 37057 San Giovanni Lupatoto (VR), or by emailing

Without prejudice to any other administrative or judicial remedy, every Data Subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if the Data Subject considers that the processing of personal data relating to them infringes this Regulation.