Supplier privacy information notice

Ice Cream Factory Italy Srl, a single-member limited liability company, with its registered office in Via Fabio Filzi no. 25/A, 20124 Milan (MI), tax code and VAT no. 02528830207 (hereinafter, the ‘Company’) as the data controller wishes to inform you, pursuant to Articles 13 and 14 of the European Regulation 679/2016 on the protection of personal data (‘Regulation’) of the following:


1. Type of personal data

Data provided by you in relation to your personnel involved in the performance of contracts, including the names of internal contact persons for the management of contracts; positions; telephone numbers; e-mail addresses; any data relating to the verification of the regularity of wages and contributions in fulfilment of contractual obligations for the provision of services; any data regarding the legal representatives for the purposes of economic-financial audits (hereinafter ‘Data Subjects’), whether it be directly provided by you or obtained from public sources (e.g. Chambers of Commerce), shall be processed by the Company in accordance with the Regulation and national legislation including any provisions issued by the Supervisory Authority (Authority for the protection of personal data) where applicable.


2. Purpose of the data processing

The Data Subject’s data is processed by the Company as part of the performance of its economic and commercial activities for purposes connected with the possible selection, establishment, management and execution of commercial/contractual relations (including the management of the pre-contractual relationship and/or entry onto the Company’s supplier registry). More specifically, the data will be processed for the fulfilment of legal and regulatory obligations (e.g. tax and accounting obligations, obligations arising from the regulation of procurement contracts and occupational health and safety, for the qualification of suppliers); the administrative management of contracts, including handling payments and invoices; the receipt of goods and/or services at our premises; the management of any litigation, recruitment as per the Company’s needs, as well as for purposes of intercompany reporting, internal controls (security, productivity, service quality, asset integrity), management control and certification. The Data Subject’s data may also be processed periodically to assess the existence of the ethical and legal requirements established by the Company in its Code of Ethics. In order to process the data for the above-mentioned purposes, it is not necessary to obtain specific consent from the Data Subjects as the Company can avail itself of the exemptions set out in Articles 6.1 b), c) and f) of Regulation 2016/679.


3. How the data is provided and processed

The Data Subjects must provide their personal data and, without them, it will not be possible to establish any business relationship, to properly perform pre-contractual and contractual obligations or, where a contractual relationship has already been established, to fulfil the obligations and commitments arising from that contract.

The data will be processed by the Company and its employees mainly using electronic and manual systems in accordance with the principles of correctness, fairness and transparency as provided for by the applicable data protection legislation. The confidentiality of the person to whom the data refer will also be protected by means of technical and organisational security measures to ensure an adequate level of security (e.g. preventing access by unauthorised persons except in the cases required for by law, or the ability to restore access to the data in the event of physical or technical incidents).


4. Data retention

The data will be kept for the duration of the contractual relationship and in compliance with these obligations (e.g. civil obligation to keep invoices and company documents for at least ten years).


5. Data communication, disclosure and transfer

Without prejudice to communications carried out in fulfilment of legal and contractual obligations, the data may be passed onto tax or legal consultants, those collaborating with the Company, public bodies and administrations in the context of any public tenders where necessary, as well as to parties permitted by law to receive such information, Italian and foreign judicial authorities and other public authorities, for purposes connected with the fulfilment of legal obligations, or for the fulfilment of obligations assumed and arising from the contractual relationship, including the need for defence in court. Contact data may be disclosed for occasional, one-off needs to customers and/or suppliers of the Company, e.g. if they have to cooperate with these parties in order to provide the services.


The data will be processed by the personnel in charge at the Company, which will also make use of third parties in order to provide certain services involving the processing of personal data, including by way of example but not limited to: Ferrero Management Services Italia S.r.l. for all legal and accounting services; Ferrero Technical Services Italia S.r.l. for the management of information systems, and other suppliers. The data may also be passed onto other companies in the Ferrero group, including the parent company, subsidiaries and affiliates, where necessary, for the purposes of group coordination and control.


These entities operate on the basis of specific and adequate instructions when it comes to the processing methods and security measures set out in the contractual documentation. A complete and up-to-date list of the entities that process personal data as data controllers is available upon request from the Privacy Office.


The personal data will not be disclosed. The data is not generally transferred outside of the European Union; however, should it be necessary to transfer data to countries outside the European Economic Area for specific needs regarding the location of services provided by suppliers, the location of the Company’s servers or the coordination of group activities, including to countries that do not offer adequate protection, the Company undertakes to guarantee adequate levels of protection and safeguarding, including contractual in accordance with applicable regulations, including the stipulation of standard contractual clauses (a copy of the commitments undertaken by third parties within the context of such clauses may be requested from the Privacy Office). The list of countries outside the European Economic Area where data is transferred to is available upon request in the exercise of their rights.


6. Rights of the Data Subject

The Data Subject may exercise their rights under the Regulation (Articles 15-21) in relation to the data processing described herein:



To exercise these rights, please contact the Privacy Office by sending an e-mail to privacy.it@ferrero.com.


7. Identity and contact details of the Data Controller

The Data Controller is:
Ice Cream Factory Italy Srl, a single-member limited liability company in the person of its pro tempore legal representative,
Via Fabio Filzi no. 25/A, 20124 Milan (MI)
Telephone: +39 0376 570411 – E-mail: privacy.it@ferrero.com