Customer privacy information notice

Ice Cream Factory Italy Srl, a single-member limited liability company, with its registered office in Via Fabio Filzi no. 25/A, 20124 Milan (MI), tax code and VAT no. 02528830207 (hereinafter, the ‘Company’) as the data controller wishes to inform you, pursuant to Articles 13 and 14 of the European Regulation 679/2016 on the protection of personal data (‘Regulation’) of the following:


1. Type of personal data

Any data provided by you in relation to your personnel involved in the performance of contracts, including the names of internal contact persons for the management of contracts; positions; telephone numbers; e-mail addresses; any data regarding the legal representatives for the purposes of economic-financial audits (hereinafter ‘Data Subjects’), whether it be directly provided by you or obtained from public sources (e.g. Chambers of Commerce), shall be processed by the Company in accordance with the Regulation and national legislation including any provisions issued by the Supervisory Authority (Authority for the protection of personal data) where applicable.


2. Purpose of the data processing

The Data Subject’s data is processed by the Company as part of the performance of its economic and commercial activities for purposes connected with the possible establishment, management and execution of commercial/contractual relations (including the management of the pre-contractual relationship and/or entry onto the Company’s customer registry). More specifically, the data will be processed for the fulfilment of legal and regulatory obligations (e.g. tax and accounting obligations); the administrative management of contracts and orders, including handling payments and invoices; the receipt of goods at your premises; the management of any litigation, the management of any debt collection, recruitment as per the Company’s needs, as well as for purposes of intercompany reporting, internal controls (security, asset integrity) and management control. The Data Subject’s data may also be processed periodically to assess the existence of the ethical and legal requirements established by the Company in its Code of Ethics. In order to process the data for the above-mentioned purposes, it is not necessary to obtain specific consent from the Data Subjects as the Company can avail itself of the exemptions set out in Articles 6.1 b), c) and f) of Regulation 2016/679.


3. How the data is provided and processed

The Data Subjects must provide their personal data and, without them, it will not be possible to establish any business relationship, to properly perform pre-contractual and contractual obligations or, where a contractual relationship has already been established, to fulfil the obligations and commitments arising from that contract.

The data will be processed by the Company and its employees mainly using electronic and manual systems in accordance with the principles of correctness, fairness and transparency as provided for by the applicable data protection legislation. The confidentiality of the person to whom the data refer will also be protected by means of technical and organisational security measures to ensure an adequate level of security (e.g. preventing access by unauthorised persons except in the cases required for by law, or the ability to restore access to the data in the event of physical or technical incidents).


4. Data retention

The data will be kept in accordance with the applicable data protection regulations for as long as necessary in order to fulfil the above-mentioned purposes. For contractual relationships, only the personal data required for the fulfilment of civil and tax obligations will be kept for the duration of the contractual relationship and in compliance with these obligations (e.g. civil obligation to keep invoices and company documents for at least ten years).


5. Data communication, disclosure and transfer

Without prejudice to communications carried out in fulfilment of legal and contractual obligations, the data may be passed onto tax or legal consultants that collaborate with the Company, as well as to parties permitted by law to receive such information, Italian and foreign judicial authorities and other public authorities, for purposes connected with the fulfilment of legal obligations, or for the fulfilment of obligations assumed and arising from the contractual relationship, including for debt collection needs and defence in court. Contact details may be disclosed for occasional, one-off needs to customers and/or suppliers of the Company, e.g. if they have to cooperate with these parties in order to deliver products.


The data will be processed by the personnel in charge at the Company, which will also make use of third parties in order to provide certain services involving the processing of personal data, including Ferrero Management Services Italia S.r.l. for all legal and accounting services; Ferrero Technical Services Italia S.r.l. for the management of information systems, and other suppliers. The data may be passed onto other companies in the Ferrero group, including the parent company, subsidiaries and affiliates, where necessary, for the purposes of group coordination and control. These entities operate on the basis of specific and adequate instructions when it comes to the processing methods and security measures set out in the contractual documentation. A complete and up-to-date list of the entities that process personal data as data controllers is available upon request from the Privacy Office.


The personal data will not be disclosed. The data are not generally transferred outside of the European Union; however, should it be necessary to transfer data to countries outside the European Economic Area for specific needs regarding the location of the Company’s servers and the coordination of group activities, including to countries that do not offer adequate protection, the Company undertakes to guarantee adequate levels of protection and safeguarding, including contractual protection in accordance with applicable regulations, including the stipulation of standard contractual clauses (a copy of the commitments undertaken by third parties within the context of such clauses may be requested from the Privacy Office).


The list of countries outside the European Economic Area where data is transferred to is available upon request from the Privacy Office.


6. Rights of the Data Subject

The Data Subject may exercise their rights under the Regulation (Articles 15-21) in relation to the data processing described herein:



To exercise these rights, please contact the Privacy Office by sending an e-mail to privacy.it@ferrero.com.


7. Identity and contact details of the Data Controller

The Data Controller is:
Ice Cream Factory Italy Srl, a single-member limited liability company in the person of its pro tempore legal representative,
Via Fabio Filzi no. 25/A, 20124 Milan (MI)
Telephone: +39 0376 570411 – E-mail: privacy.it@ferrero.com