Information on the processing of personal data pursuant to the General Data Protection Regulation (EU) 2016/679
Personal data will be processed in compliance with all applicable legal provisions, taking into account the principles of data processing: transparency, lawfulness, purpose limitation, data minimisation, storage limitation, integrity and confidentiality.
A. Personal data and purposes of processing
The personal data that the Company may process for the purposes set out below and which may relate to website users, customers, as natural persons, or representatives and employees of customers, as legal persons, may be: data collected when browsing the Company’s website (e.g. IP address, browser type, device type), name and surname, qualification, contact data (address, e-mail, telephone number), identification data (if necessary for the conclusion of a contract or for tax purposes) such as: personal identification data, identity card series and number, date of birth, age, any other information collected in relation to and as necessary for each purpose set out below.
Personal data is processed for the following purposes:
- for the performance and exercise of rights arising from contracts entered into with the Company;
- for compliance with the laws and regulations in force, in particular with regard to tax and accounting requirements
- for the management of the Company’s website and access to the services it offers
- to provide answers to requests addressed to the Company and to maintain good communication with customers and users
- for sending direct marketing communications, subject to the user’s consent.
The processing of personal data may consist of: collection, recording, organisation, structuring, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction and will be carried out in paper form, on paper, or with the aid of computers and electronic devices, with instruments suitable to guarantee the security and confidentiality of personal data, in accordance with Articles 32 et seq. of the GDPR concerning security measures for the processing of personal data.
In particular, the Company shall adopt all the technical, IT, organisational, logistical and procedural security measures appropriate to the level of risk according to the nature of the personal data and the purposes of the processing.
The procedures applied also ensure that access to personal data is only allowed to the persons assigned to process them on behalf of our Company.
B. Data collection and legal basis for processing
Data collection is:
- Mandatory in order to fulfil obligations imposed by law or other binding regulations;
- Necessary for the execution and continuation of the relationship between the user and the Company or to respond to any requests from interested parties.
Personal data are processed according to the contract between the Company and its customers or users (with the acceptance of the Terms and Conditions of the website), according to the Company’s need to comply with the provisions of the law (in particular those concerning taxation) or according to the consent of users/customers to receive direct marketing communications.
Any refusal to provide the above personal data, even for legitimate reasons, could jeopardise the smooth running of the relationship with our Company, could make it impossible for the Company to provide answers to your queries and could also prevent the Company from executing your orders as well as carrying out the requested services and the related invoicing.
When the processing of personal data is based on your consent, the withdrawal of such consent, although possible at any time, does not affect the lawfulness of the processing carried out on the basis of such consent before its withdrawal.
C. Communication and dissemination of data Addresses of personal data
The communication of personal data to third parties other than the Company for the purposes set out in point A above may only take place in the following circumstances
- when such communication is necessary to ensure compliance with the law or other binding regulations;
- when such communication is necessary to ensure the proper establishment or continuation of the business relationship with you.
All personal data collected for the above-mentioned purposes may be communicated to public and private entities, natural or legal persons exclusively for commercial purposes for the management of databases or payment processing systems, also to third parties carrying out specific tasks on behalf of our Company.
In particular, the data may be communicated to the following categories: sales institutions, banking institutions and payment processing companies, legal and consulting firms, suppliers of IT services, auditors collaborating with the Company, public authorities or administrations carrying out legal tasks, Italian and foreign suppliers, financing or transport companies, third parties in charge of controlling the quality of the distribution flow, suppliers of direct marketing services, as well as other companies that are part of our Group.
Data may be processed, even if only in aggregate and anonymous form, for statistical purposes.
D. Data transfer abroad
For the narrow and necessary purposes of executing the contractual relationship with you in progress, your personal data may be communicated to third parties in foreign countries both within and outside the European Union, always in compliance with the regulations contained in Articles 44-50 of the GDPR.
E. Retention period
Depending on the purpose of the processing, the Company may process personal data for the duration of the contractual relationship, until the user’s browsing session, until the Company does not respond to the user’s requests or for the term imposed by legal provisions (e.g. in tax matters), until the user withdraws his or her consent, or until it is necessary to protect the Company’s rights and interests in the event of a disagreement between the Company and the user.
F. Your rights
Pursuant to Article 12 and Articles 15 to 22 of the GDPR, you have the right to request, subject to the requirements and limitations of that regulation, to
- access to your personal data
- Rectify inaccurate personal data
- Delete personal information
- Restrict the processing of your personal information until it is rectified
- To be notified in case of rectification, erasure or restriction of personal data.
- Transfer of personal data
- Object to the processing of personal data, including automated decision-making processes (including profiling).
- Obtain human intervention by the data controller
- Contest the decision
- File a complaint with the supervisory authority
For any request, to exercise any of your rights, you may contact the Company at its head office located in Romania – Iaşi, no. 12 Dr. Savini street, bl. H2, sc. B, ground floor, apt. 1, postal code 700381 or by e-mail at the address: email@example.com
H. Consent to processing
Finally, we wish to inform you that the provision of your personal data to the Company for processing in the manner and for the purposes indicated above is optional. In the event of your refusal, the Company will not be able to process your personal data and will only be able to use them in compliance with the duties defined by law and with the potential consequences described under point B.