PRIVACY POLICY
Art. 13 of Regulation (EU) 2016/679 (GDPR)
SUBJECT
information on the processing of personal data pursuant to art. 13 of Regulation (EU) 2016/679
INTRODUCTION
Regulation (EU) 2016/679 («General Data Protection Regulation», hereinafter GDPR) provides for the protection of natural persons with regard to the processing of personal data. According to this regulation, the processing of personal data that refers to a subject, specifically to be defined as “data subject”, is based on the principles of correctness, lawfulness and transparency, as well as protection of the confidentiality and rights of the data subject. This is to inform you, in compliance with the aforementioned regulations, that in relation to the relationship or relation that you have with our organization, our organization is in possession of some data relating to you, which have been acquired, even verbally, directly or through third parties who carry out operations that concern you or who, to satisfy your request, acquire and provide us with information. Pursuant to the GDPR, such data being information that refers to you must be classified as "personal data", and must therefore benefit from the protection provided by said provisions. Specifically, according to said legislation, you are the interested party who benefits from the rights established to protect your personal data. Pursuant to art. 13 of the GDPR, our organization, as Data Controller, will process the personal data provided by you in compliance with the legislation, with the utmost care, implementing effective management procedures and processes to guarantee the protection of the processing of your personal data. To this end, the undersigned, using material and management procedures to safeguard the data collected, undertakes to protect the information communicated, in such a way as to avoid unauthorized access or disclosure, as well as to maintain accuracy of the data and also to guarantee the appropriate use of the same. In compliance with this premise, the following information is provided:
DATA CONTROLLER
Eccentric SRL
Via Luigi Vitali, 1 - 20122 Milan
info@romeogigli.it
PLACE OF PROCESSING OF PERSONAL DATA
The processing connected to the web services of this site takes place at the aforementioned headquarters of Eccentric SRL
and is handled only by personnel in charge of processing, or by any persons in charge of occasional maintenance operations. The data deriving from the web service may be communicated to the technological and instrumental partners that the "owner" uses to provide the services requested by visiting users. The personal data provided by visiting users who forward requests for the sending of informative material (requests for information, answers to questions, etc.) or other communications (orders) are used for the sole purpose of performing the service or performance requested and are communicated to third parties only if this is necessary for this purpose (provision of the services requested through the technological and instrumental partner).
METHODS OF PROCESSING OF PERSONAL DATA
The processing of personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR, for the purposes set out above, both on paper and electronic media, by means of electronic or otherwise automated tools, in compliance with the legislation in force in particular in terms of confidentiality and security and in accordance with the principles of correctness, lawfulness and transparency and protection of the rights of the Customer. The processing is carried out directly by the owner's organization, by its managers and/or agents. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. Eccentric SRL, to minimize the risks relating to the confidentiality, availability and integrity of the personal data collected and processed has adopted all the minimum security measures required by law.
PERSONAL DATA COLLECTED
The undersigned, as the Owner, uses your personal data to operate in the best possible way in the exercise of its business. The following data may be requested, even if only partially: - personal data, tax code, VAT number, name, registered office, residence and domicile and contact details; - data relating to the contractual relationship describing the type of contract, as well as information relating to its execution and necessary for the fulfillment of the contract itself; - accounting data relating to the economic relationship, the sums due and payments, their periodic trend, the summary of the accounting status of the relationship.
PURPOSE AND METHODS OF PROCESSING
The personal data provided by you will be processed exclusively for the following purposes:
- stipulation and execution of the contract and all activities connected to it, such as, for example, invoicing, credit protection, administrative, management, organizational and functional services for the execution of the contract; b. fulfillment of the obligations established by law, regulations, applicable legislation and other provisions issued by authorities invested by law and by supervisory and control bodies. The processing of personal data for the purposes indicated above does not require your express consent (art. 24, letters a) and b) of the Code and art. 6, letters b) and e) of the GDPR). The processing of personal data for the purposes indicated below requires your express consent (art. 23 of the Code and art. 7 of the GDPR). This consent concerns both the automated and traditional communication methods described above. You will always have the right to easily and freely object, in whole or in part, to the processing of your data for the aforementioned purposes, for example by excluding automated contact methods and expressing your desire to receive commercial and promotional communications exclusively through traditional contact methods. The purposes for which explicit consent is required are:
- carrying out marketing and promotional activities for the Data Controller's products and services, commercial communications, both by automated means without operator intervention (e.g. SMS, fax, MMS, email, etc.) and traditional means (via telephone, post); d. processing of market studies and research.
MANDATORY OR OPTIONAL NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF A POSSIBLE REFUSAL
The data requested for the purposes referred to in the previous letters a) and b) must be compulsorily provided for the fulfillment of legal obligations and/or for the conclusion and execution of the contractual relationship and the provision of the requested services. Therefore, your refusal, even partial, to provide such data would make it impossible for the Supplier to establish and manage the relationship itself and to provide the requested service. The provision of personal data necessary for the purposes referred to in the previous letters c) and d) is optional, therefore your refusal to provide such data would make it impossible to carry out the activities described therein.
TRANSFER OF PERSONAL DATA ABROAD
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
PERIOD OF RETENTION OF PERSONAL DATA
Personal data will be retained for the entire duration expressed by the contract stipulated with the Data Controller, after which the data will be retained for the completion of the terms established by law for the conservation of administrative documents, after which they will be deleted.
COMMUNICATION AND DISSEMINATION
Your personal data may be communicated, within the limits strictly relevant to the obligations, tasks and purposes set out above and in compliance with the legislation in force on the matter, to the following categories of subjects:
- subjects to whom such communication must be made in order to fulfill or to require the fulfillment of specific obligations established by laws, regulations and/or Community legislation; 2. companies belonging to the Group of the Data Controller or controlling, controlled or associated companies pursuant to Art. 2359 of the Civil Code, who act as data controllers or for administrative and accounting purposes (purposes related to the performance of internal organizational, administrative, financial and accounting activities, in particular, functional to the fulfillment of contractual and pre-contractual obligations); 3. external natural and/or legal persons who provide services instrumental to the activities of the Data Controller for the purposes referred to in the previous point 1. (e.g. call centers, suppliers, agents, consultants, companies, entities, professional firms). These subjects will operate as data controllers. The personal data will not be disclosed in any way.
RIGHTS UNDER ARTICLES 15 AND FOLLOWING, GDPR
In your capacity as interested party, as provided for by the GDPR, you have the rights to:
I. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
II. obtain the indication:
of the origin of the personal data; b. of the purposes and methods of processing; c. of the logic applied in the event of processing carried out with the aid of electronic instruments; d. of the identification details of the owner, managers and designated representative e. of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or agents; III. obtain: the updating, rectification or, when interested, integration of the data; b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c. certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data were communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected; IV. to object, in whole or in part, for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b. to the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. Please note that the interested party's right to object for direct marketing purposes through automated methods extends to traditional methods and that in any case the interested party remains entitled to exercise the right to object even only partially. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication. Where applicable, the interested party also has the rights to rectification, to be forgotten, to limit processing, to data portability, to object, as well as the right to lodge a complaint with the Guarantor Authority.
HOW TO EXERCISE YOUR RIGHTS
You may exercise your rights at any time by sending a specific request (Download the Model to exercise your Privacy rights) to the data controller or data processor by:
- a registered letter with return receipt to:
Eccentric SRL
Via Luigi Vitali, 1 - 20122 Milan
info@romeogigli.it