a) What is the purpose of the notice?
The law on the protection of personal data, the so-called privacy law, i.e. EU Regulation 2016/679 (also known as “GDPR”) and, to the extent applicable, complementary national legislation, requires that all users are informed about the processing of their personal data by the Data Controller.
b) When do we collect your personal data?
This notice is provided for the personal data you provide by using the website, subscribing to our newsletter or purchasing our goods and products.
c) Who is the Data Controller? How to contact them?
The Data Controller is the organisation that uses your data, i.e. the company Telerie Spadari s.r.l. whose registered office is at Via Spadari 13, Milan, Tax identification/VAT number 01072880154, hereinafter referred to as the “Data Controller”. The Data Controller can be contacted at the postal address indicated above or at the following e-mail address: email@example.com.
d) What categories of personal data do we process?
To be able to provide you with the services offered on the website, we have to process some of your personal data, mainly relating to the following categories:
- common identification data that you may provide us with, such as: name, surname, address, e-mail address, telephone number, etc., for example when filling in forms;
- technical web identification data such as: IP address identification code of the device used to access the site etc.. These personal data are necessary for the use of the site and the services offered (see also the point below entitled “cookies”);
- data aimed at building a profile of your preferences, interests, habits, use of the site such as: browsing history, specific interests, geolocation etc., which you provide to us with your consent (see also the point below entitled “cookies”).
e) For what purposes are data processed? On what legal basis? And for how long are they stored?
Below we indicate the purposes of the processing, the legal basis legitimising the processing and the time of processing.
|1. Management of the contract, or of your request for information, services, and related contractual and/or pre-contractual relations||Performance of pre-contractual or contractual obligations||The data will be stored for no longer than the duration of the contractual relationship and the subsequent period of limitation of rights.|
|2. Sending newsletters, only on the basis of your specific request for subscription, with the possibility of unsubscribing at any time.||Execution of contractual obligations||The data will be stored until you request to unsubscribe from the newsletter.|
|3. Fulfilment of legal obligations, to meet any legal obligations required of the Data Controller.||Fulfilment of legal obligation||The data will be kept for the retention period required by tax and/or accounting regulations.|
|5. Marketing, promotional activities, sending of advertising material using traditional means (post, telephone, etc.) and/or electronic means (email, social networks, SMS, push notifications, online, etc.). This processing will be carried out only with your specific and explicit consent, which will be requested at the time of data collection for this specific purpose. In the absence of your express consent, processing for this purpose will not be carried out.||Consent is always revocable||The data will be kept until you object, request cancellation or withdraw your consent.|
f) What is the legitimate interest that permits the processing?
As regards the legitimate interest mentioned above, it relates to the Data Controller’s need to ensure and improve the user’s use of the site and its effectiveness, and does not prejudice the fundamental freedoms and rights of the data subject.
g) Is it compulsory to provide data? What happens if you don’t?
The provision of your personal data for the purposes of (1) Contract management and (2) Sending newsletters is a requirement for the conclusion of the contract and the provision of the services requested. The provision of your personal data for the purpose of (3) Compliance with legal obligations is mandatory in order to comply with legislation. Failure to provide information for these three purposes will make it impossible to conclude the contract or to provide the services you have requested; for the purpose (4) Site management, the provision of information is necessary for the pursuit of the legitimate interest indicated, however, if the information is not provided, the service may be degraded or we may not be able to improve it; for the purposes of (5) Marketing and (6) Profiling, the provision of your personal data is optional and failure to provide it will make it impossible for us to provide you with generalised promotional communications or information – for Marketing – or profiled and tailored to your actual interests – for Profiling -.
h) Who can observe your data? Who do we pass them on to?
Personal data relating to the processing in question, for the purposes mentioned above, may be communicated or disclosed:
- those persons within the Data Controller’s organisation who need to process the data because of their duties or position in the hierarchy of the company. Such persons are those authorised to process data under the direct authority of the Data Controller;
- to those persons to whom the provisions of the law grant the right of access, or to whom the transfer of the data is necessary for the purpose of compliance with the provisions of law or regulations or the contract itself, such as, for example, banks, hauliers, lawyers, auditors;
- to third parties who carry out processing on behalf of the Data Controller, related to the processing and purposes described above, such as, for example, administrative, accounting, tax, information system management, attendance and payroll management services, analysis of browsing and purchasing habits. These subjects are authorised to process them as Data Processors in accordance with the provisions of Article 28 of the GDPR.
i) Is personal data transferred outside the European Union (EU)?
Some gathered data may be transferred abroad to locations outside the European Union. However, such transfer will be carried out in compliance with the guarantees prescribed by the GDPR for this type of activity (Articles 45 to 49). These include: transfer to companies located in countries for which the existence of personal data protection guarantees comparable to those of the GDPR is recognised (countries on the White List); or to companies with which specific personal data protection contractual clauses approved by the Data Protection Authority or binding company regulations approved by the Data Protection Authority have been signed, or the transfer takes place on the basis of specific exceptions. For further information you can contact the Data Controller as indicated in the point below entitled “What are your rights as data subject”.
l) What are your rights as a data subject?
The GDPR grants you the following rights in relation to your personal data, which you may exercise within the limits and in accordance with the provisions of the legislation:
- Right of access to your personal data (Art. 15);
- Right of rectification (Article 16);
- Right to cancellation (right to be forgotten) (Art. 17);
- Right to restriction of processing (Article 18);
- Right to data portability (Art. 20);
- Right to object (Art. 21); the data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on legitimate interest, including profiling on the basis thereof. The Data Controller shall refrain from processing unless it demonstrates the existence of compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
- Right to object to a decision based solely on automated processing (Article 22);
- Right to withdraw, at any time, the consent given, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
You may do so by sending a written request addressed to the Data Controller at the postal address or by e-mail, as indicated in point a) above. In addition, you have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) if you believe that the processing of your data is contrary to the legislation in force (Art. 77) or to take legal action (Art. 79).
m) How are personal data protected?
Personal data will be processed both with and without electronic tools, using technical and organisational security measures appropriate to the nature of the data to ensure its integrity and confidentiality and to protect it against the risks of unlawful intrusion, loss, alteration, or disclosure to third parties who are not authorised to process it.
n) Cookies and other information
Specific information is provided for special processing:
The Owner reserves the right to modify and update this policy at any time. The changes will apply as soon as they appear. It is therefore necessary for you to regularly check the current Policy.
Edition of 18/11/2021