PRIVACY POLICY
This privacy policy (hereinafter, the “Privacy Policy”) relates to the processing of your personal data while browsing the website VAR_DOMINIO (hereinafter, the “Site”) carried out by VAR_CLIENTE, with registered office in VAR_SEDE, VAT number VAR_PIVA, email VAR_MAIL (hereinafter, the “Data Controller”), in accordance with the applicable data protection regulations, including the EU Regulation 2016/679 (“GDPR”).
1. Identity and contact details of the Representative
The Data Controller is VAR_TITOLARE.
Since the Data Controller is established in the territory of the EU, no representative has been appointed.
2. Means of processing
In order to complete the connection to the Site, some of your personal data are acquired. This set of data includes, for example:
- the IP address of the device you are using;
- the date and time of access;
- the type of browsing browser;
- the operating system used.
To subscribe to the newsletter, the Data Controller will process:
- first name, surname;
- email.
3. Purpose of processing and legal basis for processing
Your personal data will be processed for the following purposes:
- Personal data processed while browsing the Site: the provision of such personal data is a contractual obligation, without which the Site’s own services could not be made available properly.
- Personal data processed through newsletter subscription: the provision of such personal data is optional, and is based on your consent, without which you could not finalise your subscription to the newsletter service offered by the Data Controller.
- Personal data processed through the contact form: the communication of such personal data is optional and is based on the legitimate interest of the Data Controller in following up your contact requests through the contact form on the Site. In its absence, the Data Controller will not be able to respond to such requests.
4. Source of personal data
Only personal data provided in accordance with the Privacy Policy will be processed. The Data Controller will not process personal data from publicly accessible sources.
5. Recipients and categories of recipients of personal data
Personal data may be communicated to:
- companies offering information society services, including, in particular, those offering hosting services, newsletters;
- companies that provide commercial and marketing services on behalf of the Data Controller;
- The Data Controller.
6. Categories of personal data
Personal data necessary for completing your connection to the Site, subscribing to the newsletter and sending your request via the contact form will be processed. Under no circumstances may special personal data as defined in Article 9 of the GDPR be processed.
7. Data Transfer
The Data Controller intends to transfer Personal Data to entities established in a country outside the European Union or to an international organisation. Such entities could be represented, by way of example, by:
- communications companies that carry out communications activities on behalf of the Controller;
- companies offering information society services;
- companies offering hosting services;
- the service providers of the communication company.
The transfer of personal data to such entities, if established in a third country, or to an international organisation, is made in the presence of an adequacy decision of the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country, or the international organisation in question ensure an adequate level of protection of your rights. In the absence of such a decision, if deemed appropriate, the Data Controller reserves the right to enter into specific and separate agreements obliging such entities to adopt adequate security measures, including organisational measures, aimed at providing appropriate safeguards with respect to your rights.
Google Inc., in particular, is contractually obliged to ensure adequate protection of the rights of the data subject. The data may thus be transferred to the following countries: United States of America.
To obtain a copy of this data or the place where it was made available, simply send a request to the Data Controller at the addresses listed above.
8. Personal data retention period
- Personal data processed and stored for the purposes referred to in point 3.a (contractual purposes) shall be processed and stored by the Data Controller in accordance with the provisions of the legislation in force, in any case for a period of time not exceeding 10 years from the termination of the effects of the contract in the event of its conclusion, unless otherwise required by law.
- Personal data processed and stored for the purposes referred to in point 3.b (marketing purposes) are processed and stored by the Data Controller until consent is revoked, unless otherwise required by law.
- The personal data processed for the purposes referred to in point 3.c (purpose of responding to requests) voluntarily provided by email or form and processed to respond to your requests will be kept for a period of time strictly necessary to achieve this purpose and, in any event, no longer than 12 (twelve) months from the date of individual collection.
9. Optionality of consent and consequences of non-consent
- In relation to personal data processed for the purposes set out in point 3.a of this Privacy Policy (contractual purposes), the disclosure of personal data is an obligation. If you do not communicate such personal data, it will not be possible to provide the service of connecting and browsing the Site.
- With regard to personal data processed for the purposes set out in Section 3.b of this Privacy Policy (contractual purposes), the disclosure of personal data is optional. If you do not provide such personal data, it will not be possible to provide the newsletter service.
- With regard to personal data processed for the purposes set out in Section 3.c of this Privacy Policy (contractual purposes), the disclosure of personal data is optional. If you do not provide such personal data, it will not be possible to reply to requests via the contact form.
10. Right of opposition
As a Data Subject, you have the right to object in the following terms:
- the right to object at any time, on grounds relating to your particular situation, to the processing of Personal Data relating to you pursuant to Article 6(1)(e) or (f) of the GDPR. The Data Controller shall refrain from further processing your Personal Data, unless the Controller demonstrates the existence of compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;
- if personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you carried out for such purposes, including profiling insofar as it is related to direct marketing;
- if you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. You may object to the processing of your personal data for direct marketing purposes even in part, e.g. by objecting only to the sending of promotional communications by automated and/or digital means, or to the sending of paper communications and/or the receipt of telephone communications;
- if your personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out in the public interest.
11. Other Rights
The Data Controller also wishes to inform you of the existence of the following rights:
- Right of access: you have the right to obtain confirmation from the Data Controller as to whether or not personal data relating to you is being processed and to access your personal data and specific information, in accordance with Article 15 of the GDPR;
- Right of rectification: you have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 of the GDPR;
- Right to data deletion, including the right to withdraw consent: you have the right to obtain from the Data Controller the deletion of your personal data without undue delay or to withdraw your consent to the processing, if the grounds defined in Article 17 of the GDPR exist. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent you gave before the withdrawal;
- Right of restriction of processing: you have the right to obtain from the Data Controller the restriction of processing, when the cases defined in Article 18 of the GDPR apply;
- Right to data portability: you have the right to receive, in a structured, commonly used and machine-readable format, your personal data provided to the Data Controller and you have the right to transmit it to another Data Controller without hindrance from the Data Controller indicated in this Privacy Policy, as provided for in Article 20 of the GDPR;
- Contractor’s right to object to commercial communications: as a contracting party, you have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller;
- Right to lodge a complaint with the Data Protection Authority: you have the right to lodge a complaint with the Data Protection Authority to complain about a breach of data protection regulations, in accordance with Article 77 of the GDPR.
12. How to exercise your rights
You may exercise the rights indicated in the Privacy Policy by addressing your requests directly to the Data Controller at the e-mail address VAR_MAIL, or by sending the relevant communication by registered letter with return receipt to the address VAR_SEDE. You may lodge a complaint with the Personal Data Protection Authority in accordance with the procedures set out on the official website, addressing it to the contact details available at https://www.garanteprivacy.it/home/footer/contatti.
13. Accessibility of the Privacy Policy
The Privacy Policy is available within the Site or at the Data Controller’s premises. If expressly requested, the Data Controller may provide the information orally, subject to proof of your identity, with a telephone request to the following number: VAR_TELEFONO.
14. Modifications
The Data Controller may amend the Privacy Policy, also to adapt to changes in national and/or European Union legislation, or to technological innovations. Any new versions of the Privacy Policy will be posted on the Site. We encourage you to periodically check the Privacy Policy. Any changes will be communicated to you by means of a pop-up on the Site or by other methods and/or IT tools.
If the Data Controller substantially modifies the Privacy Policy, providing for new processing purposes and/or categories of personal data processed, it will inform you, requesting the necessary consents, by means of a pop-up on the site or different modalities and/or IT tools.