The information contained in this email and its possible attachments is strictly confidential. If you have received this email by mistake, we ask you to inform us urgently and at the same time to delete it permanently from your system.

Retaining, disclosing, distributing or copying - even partially - an improperly received message constitutes a behavior contrary to what is indicated by the General Data Protection Regulation (GDPR 2016/679/EU) and the Legislative Decree n.101 of August 10, 2018. We inform you that the personal data contained in this email will be managed in compliance with the GDPR 2016/679/EU and the Legislative Decree n.101 of August 10, 2018.


Privacy Policy - Informativa sul trattamento dei dati personali

For Italian, CLICK HERE


Aware of the importance of ensuring the security in the management of personal data (from now on Data), the Data Controller provides the following information to notify the Data Subject of the purposes, methods and, more generally, the characteristics of the management and processing of the Data. The Data Subject is any natural person, whether an employee, collaborator, candidate, customer or supplier, whose Data has been provided, collected and processed during the performance of the Data Controller's services and activities.

1. Reference Regulation

Legislative Decree 196/2003 of June 30, 2003 (from now on Privacy Code) and subsequent amendments; EU Regulation 2016/679 of April 27, 2016 (from now on GDPR) and subsequent amendments, relating to the protection of individuals and the processing of personal data (from now on Data)

2. Data Controller and Data Processor

The Data Controller, i.e. the person who determines the purposes, methods and means of the processing of Data, is TeaPak s.r.l. SB with headquarters in via Bicocca 15/L, 40026 Imola (BO), VAT number 02171691203, (from now on Company), in the person of its legal representative.

Given the nature of the organization and the quality of the data processed, it was not mandatory to set up a Data Protection Officer (DPO), however, the Company has decided to make use of a supervisory body composed as follows:

3. Subject of processing: personal data

They are any information that allows to directly or indirectly identify a natural person. By way of example but not limited to: name and surname, tax code, email address, images, telephone numbers, role held, company and navigation data such as IP addresses, URLs, domain names of computers and terminals used.
Data are collected through spontaneous supply by the interested party, such as when applying for a job or establishing a working relationship or through social network platforms. In addition, the Company may become aware of Data relating to members of corporate bodies at the time of verification and qualification of possible or former clients and/or suppliers or through data from the navigation on its websites and social networks.

4. Purposes of the treatment

The Data are processed, even without the express consent of the Data Subject, for the following purposes:

5. Processing methods

The Data Controller undertakes to implement appropriate technical and organizational measures to ensure that processing is carried out following the GDPR, according to the principles of lawfulness, correctness and transparency and within the limits of confidentiality and security outlined in art. 5. As specified in paragraph 2 of this policy, to which reference is made in the section on the function of the Data Processors, the Company therefore undertakes to put in place - primarily through these figures - all necessary procedures, technical and organizational, for the proper processing of Data.
The processing of the Data may take place through paper, computer, telematic instruments or any other support considered suitable and is carried out through the methods indicated in art.4 of the GDPR i.e. ,any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

6. Disclosure of Data

The primary purpose is not the disclosure of the Data; however, they may be shared, to carry out the purposes indicated in paragraph 4 of this policy, with:

Due to the nature of the Group to which the Company belongs, it is possible that Data may be shared with third countries, i.e. beyond the borders of the European Union. Also in this case, data processing will be carried out in compliance with the provisions of the GDPR.

7. Data retention period

As specified in art. 5 e) of the GDPR, the Data are stored in paper and/or electronic form for a period of time not exceeding the achievement of the purposes for which they are processed; personal data may be stored for longer periods provided that they are processed exclusively for archiving purposes in the public interest, scientific or historical research or statistical purposes.
Once the period of time strictly necessary to carry out the purposes indicated in paragraph 4 of this policy has elapsed, the Data will be destroyed, canceled or made anonymous.

8. Rights of the interested party

The interested party may exercise its rights regarding personal data at any time. The GDPR recognizes the following in Articles 15 to 21. Briefly and within limits provided:

9. How to exercise your rights

The interested party may contact the Data Controller to exercise his/her rights, to request further information regarding the persons in charge, the delegates and the modalities of Data processing, to ensure that the Data in his/her possession are correct or to communicate their updating by:

10. Guarantor for the protection of personal data

In the usual spirit of transparency and respect, we provide the following useful links to gather more information on the protection of personal data: