Pursuant to Article 13 of Regulation EU 2016/679, hereinafter referred to as GDPR (General Regulations for the Protection of Personal Data), also considering Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018, we inform you about the following:
Purposes of the processing and legal bases
The Data Controller will process some personal data of users who interact with the computer systems and software procedures used to operate the website. Specifically, browsing data that computer systems automatically acquire while using the website – such as IP address, domain names and browser types – will be processed. These data will not be accompanied by any additional personal information and will be used to gather anonymous statistical information on the use of the website, to control the way the website is used and to ascertain responsibility in the event of any computer crimes.
Data provided voluntarily by the user
The personal data you provide will be used exclusively for the following purposes:
The legal bases for the processing of personal data for the purposes referred to in points a) and b) above are: the execution of a contract and/or the adoption of a pre-contractual measure at the request of the Data Subject, and the fulfilment of one or more legal obligations or the exercise of a legitimate interest.
Methods of data processing
The processing of personal data is performed by means of the operations indicated in Article 4, no. 2) of the GDPR for the above purposes both on paper and digitally, using electronic and/or automated tools, in compliance with current laws on privacy and security and in compliance with the principles of propriety, lawfulness and transparency and protection of the rights of the Customer. The processing is performed directly by the Data Controller’s organisation, by its Data Processors pursuant to Article 28 and by designated internal parties.
Mandatory or optional nature of the provision of data and consequences of any refusal to provide them
The data required for the purposes referred to in the previous point must be provided for the fulfilment of legal obligations and/or for the conclusion and execution of the contractual relationship requested by you or for the exercise of the legitimate interest of the Data Controller. Therefore, your refusal, even partial, to provide such data would make it impossible for the Data Controller to establish and manage such relationship. The provision of personal data necessary for the purposes referred to in letter c) above is optional, therefore your refusal to provide such data may make it impossible to carry out the activities described therein (marketing and promotional purposes).
Disclosure and dissemination
To the extent strictly relevant to the above obligations, tasks and purposes and in compliance with current laws on the subject, your personal data may be disclosed to the following categories of parties:
Personal data shall not be disseminated in any way unless you explicitly consent or request it in writing.
Retention periods of personal data
The personal data will be kept for the entire time necessary for the execution of the contract stipulated with the Data Controller, after which the data will be kept to fulfil the obligations envisaged by law and for the storage of administrative documents in compliance with current legal provisions.
The personal data are stored on servers located within the European Union. In any case, it is understood that the Data Controller will have the right to move the servers outside the EU if necessary. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission. If the User uses online payment methods, they may be redirected to platforms managed by third parties (such as Multisafepay, PayPal and so on) that operate as independent Data Controllers with any consequent obligation envisaged by the GDPR and applicable laws.
The Data Controller does not intentionally collect personal information about minors.
Rights of the data subject
As the data subject, you have the rights set out in the GDPR, namely:
Note that all Data Subjects have the right to wholly or partially object to the processing of data for marketing purposes. Therefore, the data subject may decide to receive only communications through traditional methods or only automated communications or neither type of communication. Where applicable, they also have the rights referred to in Articles 16-21 of the GDPR (right of rectification, right to be forgotten, right of restriction of processing, right to data portability, right of opposition), as well as the right to lodge a complaint with the Privacy Authority.
To exercise the above rights or for questions or information regarding the processing of your data and the security measures put in place, Data Subjects may in any case submit their requests to our company at the following address: email: email@example.com