Privacy Policy

Personal data processing

Access to some sections of this website/App (“Site”) and/or any request for information or services by Site users, could be subject to the entering of personal data whose processing by Barilla G. e R. Fratelli S.p.A with corporate seat in Parma (Italy), Via Mantova 166 (“Barilla” or “Controller”), in its capacity as Controller of the processing of personal data, will be performed in compliance with Italian Legislative Decree 196/2003 (Personal Data Protection Code) (“Code”).

The purpose of this information is to allow users to be aware of how Barilla processes their personal data even before they access the various sections of the Site and provide their personal data. Users will be required, in any case, to read this information before providing personal data by compiling the specific forms in the various sections of the Site.

Purposes of the data processing

Depending on the needs of users accessing the various sections of the Site, personal data gathered directly from users through compilation of online forms or those acquired automatically may be used for the following purposes:

  1. to provide and manage the variety of services offered through the Site and to fulfil any users’ requests relating to these services;
  2. to answer the questions from the users about Barilla products, advertising, or about the Site (section "Contact us" on the Site).

How personal data will be processed

Personal Data will be processed mainly in an automated way, with procedures strictly related to the aforesaid purposes.

The Controller has adopted a wide variety of security measures to protect you against the risk of loss, abuse or alteration of your Personal Data. In particular, it has adopted the measures referred to in art. 32 - 34 of the Code; it uses data encryption technology established by AES standards and protected data transmission protocols known as HL7 and HTTPS. Your Personal Data will be stored on Sites Servers located in the territory of the European Union. Servers are subject to an advanced backup and disaster recovery system.

Nature of personal data processed

The provision of personal data is optional, but it is partly necessary (i.e. for the data whose boxes are marked with an asterisk) for Barilla to be able to meet the needs of the user with regards to the Site functions. Failure to supply the mandatory personal data required for the services requested – or the supply of partial or incorrect data – will make it impossible for these activities to be fulfilled, while the failure to supply optional personal data (whether in-full, partially or incorrectly) will not impede services being fulfilled.

Data Retention time

The Controller will process Personal Data for a period not exceeding the time necessary to achieve the purposes for which personal data are processed, or for a longer period, for the purposes permitted by law, and in any case canceled without unjustified delay.

Categories of personal data subject to processing

In addition to the personal data provided directly by users (such as name, last name, mailing address, e-mail, etc.), whilst connecting to the website, the information systems and software procedures involved in the operation of the Site submit and/or acquire indirectly some information that may constitute personal data, whose transmission is implicit in the use of the Internet communication protocols (such as, by way of example but not limited to, the so-called "cookies" - as best specified below, "IP" addresses, domain names of the computers used by the users who connect to the website, the "Url" addresses of the required resources, the time of the request to the server).

Use of cookies

Cookies are lines of text that act as computer tracks sent by a server (in this case, the server of this Site) to the appliance of a user (generally to the Internet browser) when he/she accesses a given page on a website; cookies are automatically stored by the browser of the user and retransmitted to the server that generated them each time the user accesses the same Internet page. In this way, for example, cookies enable and/or facilitate the access to some Internet pages to improve the navigation of the user, or allow the storage of pages visited and other specific information, such as for example pages viewed  more frequently, connection errors, etc.  Therefore, for a facilitated and complete usage of this Site, it would be advisable for the users to configure their browser to accept the reception of these cookies.

Browsers are often set to automatically accept cookies. However, users can change the default configuration in order to disable or delete cookies (each time or once and for all), with the consequence that the optimal use of some areas of the site may be prevented. Users can also check the modalities and types of cookies that are stored on their browser by changing the cookie settings in their browser. 

Cookie types and management

  1. Technical cookies:
    • Strictly necessary cookies: they are necessary for navigation on a website and use of its functions, such as for proper viewing or access to restricted areas. Therefore disabling these cookies prevents such activities.
    • Performance cookies: they gather information on the efficiency of the responses of a website to anonymous users' requests, with the only purpose of improving the website functions; for example, what pages are most frequently visited by the user, and if there were errors or delays in the delivery of web pages.
    • Functionality cookies: they enable the site to remember the choices made by the user and repropose them on subsequent accesses in order to provide better and customized services: for example, they can be used to propose contents that are similar to those already requested by the user before.
  2. Targeting cookies:
    • they are used to offer users advertising that is potentially close to their interests, as they are discovered during navigation.  They are used, for example, to restrict the delivery of a given advertising, or to assume  the effectiveness of a campaign based on the frequency of display of the relevant advertising. These cookies may also be provided by a third party, also on behalf of advertisers. Users can accept or reject these cookies expressing consent ('opt-in') before cookies are provided.

Disabling cookies ('opt-out'):

The legislation on the protection of personal data envisages that users can disable cookies already provided ('opt-out'). Opting-out is provided for with regards to the so-called "technical cookies" (art. 122 of the Code), as well as for cookies that are not part of the "technical cookies" previously accepted ('opt-in') by the user.

Based on this distinction, the user can proceed to the disabling and/or deletion of cookies ('opt-out') by means of the relevant browser settings and the disabling and/or deletion of individual non-technical cookies provided by third parties accessing the website managed by the European Interactive Digital Advertising Alliance (EDAA) at the address .

The user may block the acceptance of cookies by the browser. However, this may make it less efficient or prevent access to some features or pages of the Site. Here are some of the ways the main browsers offer to block the acceptance of navigation cookies:

Internet Explorer:




Subjects who may process the personal data

Personal data may be accessed by the employees or co-operators of the divisions of the Controller who, operating under the direct authority of the latter, are appointed as Processor or persons in charge of the processing of Personal Data, pursuant to articles 29 and 30 of the Code, and they will receive, in this regard, proper operating instructions. The same will happen – with the persons in charge appointed by the Processor – among its employees or co-operators.

Personal Data may also be disclosed to third parties (for example, to third parties who carry out outsourcing activities on behalf of Barilla) appointed as Data Processors by the Controller

Communication or diffusion of the user personal data

User Personal data will not be divulged or communicated to third parties.


The Site does not contain information intended directly for minors. Minors should not disclose personal information or data to Barilla in the absence of the consent of the parents. Therefore, Barilla invites all those who exercise parental responsibility on minors to inform them about the safe and responsible use of the Internet and the Web and to put in place any procedures that may be referred to in relation to the initiatives Barilla intends to deal with the personal data of the users underage.

Controller and Processors of the personal data processing

The Data Controller is Barilla G. e R. Fratelli Società per Azioni, with corporate seat in Parma, Via Mantova, 166 - 43122.  

The Data Processor is  Softec S.p.A., with headquarters in Milan (Italy), Piazzale Lugano, 19 20158 – Cap. Soc. Euro 2.086.300,00 - CCIAA di Milano n. 01309040473 - R.E.A. n. 1883334 - P.IVA 01309040473 for the management and configuration of the servers on which the Site is hosted.

The user may obtain the complete list of Data Processors by sending a message to the Data Controller of the personal data concerned through the section "Contact us" on the Site.

User rights pursuant to art. 7 of the Code

“Article 7 Right to access personal data and other rights”

  • A data subject has the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
  • A data subject shall have the right to be informed of:
  • a) the source of the personal data;
  • b) the purposes and methods of the data processing;
  • c) the logic applied to the processing, if the latter is carried out with the help of electronic means;
  • d) details identifying the Data Controller, the data processors and the appointed representative pursuant to Article 5, paragraph 2;
  • e) the subjects or categories of subjects to whom or which personal data may be communicated and who or which may gain knowledge thereof in their capacity as appointed representatives in the State’s territory, data processors or person(s) in charge of the processing
  • A data subject shall have the right to obtain:
  • a) an update, rectification or, if he or she requests it, an integration to the personal data;
  • b) the cancellation or change to anonymous status or a block on the data that have been processed in breach of the law, including personal data whose retention is unnecessary for the purposes for which the data have been initially collected or subsequently processed;
  • c) a declaration that the operations specified under letters a) and b) have been notified, as also related to their contents, to the subjects to whom personal data were communicated or disseminated, except where this is impossible or implies the use of means that are manifestly disproportionate compared with the right that is to be protected.
  • A data subject has the right to object to, totally or in part:
  • a) the processing of his/her personal data for legitimate reasons, even if this data is relevant for the purpose for which the data was collected;
  • b) the processing of personal data relating to him/her for the purpose of sending advertising material or for direct sales, or for carrying out market research or marketing communications.

How to exercise the rights outlined in art. 7

The user may at any time, exercise the rights referred to in art. 7 of the Code by sending a message to the Data Controller of the personal data concerned through the section "Contact us" on the Site.

In the event of any conflict between the English version and other language versions of this Privacy Policy, the English version shall prevail.