Art. 13 Regulation (EU) 2016/679 of the European Parliament and of the European Council
The Company, as data controller, undertakes to protect the confidentiality and rights of the Data Subject and, in accordance with the principles dictated by the aforementioned regulations, the processing of the data provided will be based on principles of correctness, lawfulness and transparency.
- PURPOSE OF DATA PROCESSING
The personal data of the interested parties will be processed by the Company for the following purposes:
- a) to fulfil pre-contractual and contractual obligations necessary to offer the sales service to the interested party if the latter has made a purchase or to offer any further services requested by the interested party, including participation in prize competitions;
- b) to carry out all administrative, accounting and fiscal activities related to the purpose referred to in letter a) above, as well as to comply with the provisions of national and foreign laws and regulations, or to execute an order of the judicial or other authorities to which the Owner is subject;
- c) exercise the rights of the Owner with particular reference to the right of defence in court.
Personal data that are necessary for the pursuit of the processing purposes described in letters a) b) and c) are indicated with an asterisk inside the registration form.
- d) carry out marketing activities of various kinds, including the promotion of products, services, distribution of informative, advertising and promotional material, events, sending newsletters and publications;
- e) to carry out analyses - through an automated process - aimed at determining the profile of the interested party in order to adapt marketing activities to the needs of the interested party.
The provision of data for the purposes referred to in letters a) b) and c) is optional, however, failure to provide the data and/or any express refusal to process the data will make it impossible for the Data Controller to provide the services requested. The processing is lawful as it is carried out for the fulfilment of pre-contractual and contractual obligations, compliance with the provisions of laws and regulations and the exercise of the rights of the Owner.
The provision of data for the purposes referred to in letters d) and e) is optional, however, any refusal to provide it will only make it impossible for the Owner to carry out the activities indicated therein.
The interested party may also revoke his/her consent at any time, with the same ease with which he/she has given it.
- METHODS OF PROCESSING
Data processing is carried out electronically and/or on paper, by means of recording, processing, archiving and transmission of data, also with the aid of IT tools. The tools and supports used during the processing activities are suitable to guarantee the security and confidentiality of the data.
In carrying out the processing activities, the Company undertakes to:
- ensure the accuracy and updating of the data processed, and promptly accept any corrections and/or additions requested by the interested party;
- adopt suitable security measures to ensure adequate data protection, in view of the potential impact that the processing involves on the fundamental rights and freedoms of the Data Subject;
- notify the Data Subject, within the times and in the cases provided for by the mandatory regulations, of any violations of personal data;
- ensure that the processing operations comply with the applicable provisions of law.
- COMMUNICATION AND DISSEMINATION OF DATA
Without prejudice to communications made in compliance with legal obligations, the personal data of the interested party may be known, in addition to the Owner, by:
- employees and collaborators of the Data Controller in their capacity as authorised data processors;
- domestic and foreign companies belonging to the same group to which the Data Controller belongs;
- administrative/accounting consultants;
- authorities in general, administrations, public entities and bodies, both domestic and foreign;
- providers of data entry and digital archiving services;
- marketing companies.
Exclusively for the purposes listed above, according to any consent given by the interested party. Personal data are not subject to disclosure.
- TRANSFERS ABROAD
Personal data will be stored and processed within the European Union.
In the event of any processing of personal data outside the European Union, such processing will be carried out only after the adoption of adequate guarantees, as provided for by the mandatory regulations.
- DATA RETENTION POLICY
The Company keeps personal data in its systems in a form that allows the identification of the persons concerned according to the following criteria:
- for a period of time not exceeding the achievement of the purposes for which they are processed, unless otherwise provided for by regulatory or contractual obligations;
- to comply with specific regulatory or contractual obligations;
- where applicable and legitimate, until any request for cancellation by the interested party.
- RIGHTS OF THE INTERESTED PARTY
The interested party may assert his rights, recognised by the binding legislation and in particular by articles 15 to 22 of the GDPR, such as:
- Right of access: right to obtain confirmation from the Data Controller whether or not personal data is being processed and, if so, to obtain access to personal data and further information on the origin, purpose, categories of data processed, recipients of communication and/or transfer of data, etc..
- Right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without unjustified delay, as well as the integration of incomplete personal data, also by providing a supplementary statement.
- Right to deletion: right to obtain from the Data Controller the deletion of personal data without unjustified delay in case:
- the personal data are no longer necessary with respect to the purposes of the processing;
- the consent on which the processing is based has been revoked and there is no other legal basis for the processing;
- the personal data have been processed unlawfully;
- personal data must be deleted in order to fulfil a legal obligation.
- Right to object to the processing: right to object at any time to the processing of personal data that have as legal basis a legitimate interest of the Data Controller
- Right of limitation of processing: right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the Data Subject has objected to the processing, if the personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court, if, following the objection to the processing, the Data Subject is awaiting verification as to whether or not the legitimate interest of the Data Controller prevails.
- Right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only in cases where the processing is based on consent or on a contract and only for data processed by electronic means.
- Right not to be subject to automated decisions: right to obtain from the Data Controller the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning the Data Subject or significantly affect the Data Subject, unless such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the Data Subject.
- Right to lodge a complaint to a supervisory authority: without prejudice to any other administrative or judicial remedy, if the Data Subject believes that the processing of his/her personal data is in breach of the GDPR, he/she has the right to lodge a complaint to a supervisory authority.
In order to exercise the rights provided by the GDPR, the Data Subject may write to firstname.lastname@example.org, indicating "Privacy" in the subject line.