Contact us
Address
Social
via Lame 9
Brisighella (ra)
48013
Italy
Privacy Policy
Information on the processing of personal data
Pursuant to Article 13 of the Privacy Code (Legislative Decree 196/03) and Article 13 of EU Regulation No. 2016/679 (hereinafter, "GDPR"), we inform you that the company owning the website indicated at the bottom of the site is the data controller (hereinafter "Controller"). According to the aforementioned law, such processing will be based on the principles of fairness, lawfulness, and transparency, and on the protection of your privacy and your rights.
1. Subject of the processing
The Data Controller processes personal data, identifying and non-sensitive (in particular, name, surname, tax code, VAT number, email, telephone number – hereinafter, “personal data” or simply “data”) provided by you during registration on the Data Controller’s website and/or when subscribing to the newsletter service offered by the Data Controller.
2. Purpose of processing
Your personal data are processed:
A) without your express consent (art. 24 lett. a, b, c Privacy Code and art. 6 lett. b, e GDPR), for the following Service Purposes:
- allow you to register on the website;
- manage and maintain the website;
- allow you to subscribe to the newsletter service provided by the Data Controller and any additional Services you may request;
- fulfill the pre-contractual, contractual, and fiscal obligations arising from existing relationships with you;
- to comply with obligations established by law, regulation, EU legislation, or an order from the Authorities;
- prevent or detect fraudulent activities or abuse harmful to the website;
- exercise the rights of the Data Controller, for example the right of defense in court.
B) Only with your specific and separate consent (Articles 23 and 130 of the Privacy Code and Article 7 GDPR), for the following Marketing Purposes:
- send you newsletters, commercial communications and/or advertising material about products or services offered by the Controller via email
We inform you that if you are already our customer, we may send you commercial communications regarding services and products of the Data Controller similar to those you have already used, unless you object (art. 130 c. 4 Privacy Code).
3. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is processed both on paper and electronically and/or automatically.
The Data Controller will process personal data for the time necessary to fulfill the purposes mentioned above and, in any case, for no longer than 10 years from the termination of the relationship for Service Purposes and for no longer than 2 years from the collection of data for Marketing Purposes.
4. Data access
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the Controller, in their capacity as persons in charge and/or internal managers of processing and/or system administrators;
- to the company of which the Data Controller is a member (for example, for support activities in studying the feasibility of the client's project, for technical management activities of the project, for the storage of personal data, etc.) or to third parties (for example, providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
5. Communication of data
Without your express consent (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may disclose your data for the purposes referred to in art. 2.A) to supervisory bodies, judicial authorities, as well as to all other subjects to whom disclosure is mandatory by law for the fulfillment of said purposes. Your data will not be disseminated.6. Data transfer
The management and storage of personal data will take place on servers located within the European Union belonging to the Data Controller and/or third-party companies appointed and duly designated as Data Processors. Currently, the servers are located in the Netherlands. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In such cases, the Data Controller hereby ensures that any transfer of data outside the EU will take place in accordance with applicable legal provisions, entering into, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
7. Nature of data provision and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. Without them, we will not be able to guarantee either registration to the site or the Services of art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is instead optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications, and advertising material relating to the Services offered by the Data Controller. In any case, you will still be entitled to the Services referred to in art. 2.A).
8. Data subject's rights
As a data subject, you have the rights set out in Art. 7 of the Privacy Code and Art. 15 of the GDPR, specifically the rights to:
i. obtain confirmation of whether or not personal data concerning you exists, even if not yet recorded, and their communication in an intelligible form;
ii. obtain the following information: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors, and the representative designated pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representatives in the territory of the State, data processors, or persons in charge;
iii. to obtain: a) the updating, rectification or, when interested, the integration of the data; b) the erasure, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, including as regards their content, of those to whom the data have been communicated or disclosed, except where this proves impossible or involves a manifestly disproportionate effort compared to the right being protected;
iv. to object, in whole or in part: a) for legitimate reasons to the processing of your personal data, even if pertinent to the purpose of collection; b) to the processing of your personal data for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communications, through the use of automated calling systems without the intervention of an operator by email and/or by traditional marketing methods by telephone and/or paper mail. Please note that the data subject's right to object, as set out in the previous point b), for direct marketing purposes by automated means also extends to traditional methods and that, in any case, the data subject retains the right to object even only in part. Therefore, the data subject may choose to receive only communications by traditional methods or only automated communications or neither type of communication.
Where applicable, you also have the rights set out in Articles 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.
9. Methods of exercising rights
You may exercise your rights at any time by sending:
- a registered letter to the address of the owner;
- an email to the address indicated below.
10. Minori
This Site and the Owner's Services are not intended for minors under 18 years of age and the Owner does not intentionally collect personal information relating to minors. In the event that information about minors is unintentionally recorded, the Owner will promptly delete it at the users' request.
11. Data controller, data processor and persons in charge
The Data Controller is indicated at the bottom of the website itself.
The updated list of data controllers and processors is kept at the Data Controller's headquarters.
12. Changes to this Policy
This Policy may be subject to changes. Therefore, it is recommended to regularly check this Policy and refer to the most up-to-date version