Information pursuant to art. 13 EU Regulation 2016/679 (GDPR) for data processed through the site.
Types of data collected
Among the personal data collected by this site, either independently or through third parties, there are: data necessary for account registration, cookies, usage data, data communicated while using the services, name, surname, physical address for shipping, email, billing data, etc.
Personal data may be freely provided by the User or, in the case of usage data, collected automatically during navigation.
Unless otherwise specified, all personal data requested by this site are mandatory. If the User refuses to communicate them, it may be impossible to provide the requested services. In cases where the data are indicated as optional, Users are free to provide such data, without this having any consequence on the availability of services.
Method and place of processing of the collected data
Method of processing data
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.
The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties involved in the organization (administrative, commercial, marketing staff) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data. ) also appointed, if necessary, as Data Processors by the Owner. The updated list of Managers can always be requested from the Data Controller.
Legal basis of the processing
The Data Controller processes personal data relating to the User if one of the following conditions exists:
- the User has given consent for one or more specific purposes (e.g. consent flag for account registration);
- the processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures (eg request for a quote, order for a product);
- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject (eg tax obligations);
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.
Place of processing of personal data and transfer to third countries
The data are processed at the Data Controller's operating offices and in any other place where the parties involved in the processing are located. The Data Controller, if necessary, reserves the right to use cloud services and will have the right to use servers located in other EU and non-EU countries as well. In this case, the service providers will be selected exclusively from those who provide adequate guarantees, as required by art. 46 GDPR.
The data are processed and stored for the time required by the purposes for which they were collected. In particular:
- personal data will be kept for the periods imposed by specific sector regulations (for example administrative data will be kept for 10 years);
- customer / supplier contracts and related documentation (for example estimates, projects, etc.) will be kept for 5 years;
- in all other cases they will be kept for a maximum period of 24 months from the end of the relationship.
When the processing is based on the consent of the User, the Data Controller may keep personal data until such consent is revoked. Furthermore, the Data Controller may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, personal data will be deleted. Therefore, at the end of this term the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
Purpose of processing the collected data
User data is collected to allow the Owner to provide its Services in general and use the following services in detail (not all of them may already be active, or used, at the same time by this website):
1. Account registration
By registering the account, the User allows the site to identify him and give him access to dedicated services.
The User registers by filling out the registration form and providing their personal data.
Personal data processed: name; surname; user's email address.
By registering for the newsletter service, the User's email address can be used to send email messages containing information, including commercial and promotional information, relating to the services offered by this site. It is always possible to unsubscribe from the service. Personal Data processed: name; user's email address.
3. Payment management
Payment management services allow you to process payments by credit card or other payment tools.
The data used for the payment are acquired directly by the requested payment service manager without being processed in any way by this site.
Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding payment.
The User concerned always has the right, at any time, to exercise the rights recognized by art. 15 GDPR:
- Right to access personal data;
- Right to obtain the rectification or cancellation of the same or the limitation of the treatment concerning him;
- Right to object to processing;
- Right to data portability;
- Right to withdraw consent, where provided (the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal);
- Right to lodge a complaint with the supervisory authority ("Guarantor for the Protection of Personal Data" whose contact details are indicated on the website www.garanteprivacy.it).
Where applicable, it also has the rights referred to in Articles. 16-21 GDPR (right to be forgotten, right to limitation of processing, right to data portability, right to object).
How to exercise your rights
If the changes affect treatments whose legal basis is consent, the Data Controller will collect the User's consent again, if necessary.
Last updated: 15/10/2020