(version 1.3 dated 3 April 2020)
This Website and the services eventually offered through the Website are reserved to subjects over the age of 18 years old.
Hereby, the Controller does not collect personal data pertaining to subjects under the age of 18 years old.
At request of the Users, the Controller will promptly delete all the personal data, involuntary collected, pertaining to subjects under the age of 18 years old.
The Controller Company has appointed Shibumi S.r.l. as its Data Protection Officer (DPO), in the person of Mr. Lapo Curini Galletti, who can be contacted at the following e-mail address: firstname.lastname@example.org
1. Purposes of data processing
The Users’ personal data can be processed by the Controller lawfully pursuant to art. 6 of the Regulation for the following processing purposes:
- Contractual obligations and service’s supply, in order to consent to the Users the use of the Website.
The User’s data collected by the Controller to this end include all personal data whose transmission is implicit in the use of Internet communication protocols, that the computer systems and software procedures used to operate the Website acquire during their normal functioning: the IP addresses or domain names of the computers used by the Users, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.) and other parameters relating to the operating system and the User’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to allow its correct operation. Without prejudice to what is stipulated elsewhere, under no circumstances the Controller will make the personal data accessible to other Users and/or third parties.
- Accounting-administrative purposes, or in order to carry out organisational, administrative, financial and accounting activities, as internal organisational activities and activities aimed at fulfilling contractual and precontractual obligations.
- Legal obligations, or in order to fulfil obligations provided by the law or the European laws and regulations.
2. Processing methods and data retention
The Controller will carry out the processing of Users’ personal data by manual and IT instruments, applying logics strictly connected to the purposes and, in any case, so that the safety and confidentiality of the relevant data is guaranteed.
Users’ personal data will be retained for the time strictly necessary to carry out the relevant purposes described in the previous paragraph 1, and in any case for the time necessary for the protection of the civil interests of the Users and of the Controller.
3. Data disclosure and dissemination
Controller’s employees and/or workers appointed to manage personal data may become aware of any Users’ personal data. Such subjects, who are formally appointed by the Controller as persons in charge for the processing, will process the relevant User’s data exclusively for the purposes specified under this policy and in compliance with the provisions of the Applicable Law.
Furthermore, third parties which may process personal data for the account of the Controller may become aware of any Users’ personal data in their capacity as “external data processor”, such as, including, but not limited to, providers of logistics and IT services functional for the Website operational, outsourcing or cloud computing services providers, professionals and advisors, companies entrusted with the sending of marketing e-mails for the account of the Controller.
Users have the right to obtain a list of the data processor (if any) appointed by the Controller upon a specific request to be made to the Controller following the modalities specified under the following paragraph 4.
4. Data subjects’ rights
Users may exercise the rights granted to them by the Applicable Law, contacting the Controller with the following modalities:
By sending an e-mail to email@example.com.
Pursuant to the Applicable Law, the Controller hereby informs that any Users has the right to obtain the indication of
- the source of the personal data;
- the purposes and methods of the processing;
- the logic applied to the processing, if the latter is carried out with the help of electronic means;
- the identification data concerning data controller and data processors;
- the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated data processor(s) or person(s) in charge of the processing.
Furthermore, data subjects have the right to obtain:
- access, updating, rectification or, where interested therein, integration of the data;
- erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
- certification to the effect that the operations as per previous points have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
Furthermore, Users have:
- the right to withdraw the consent at any time, when the processing is based on consent;
- the right to data portability (if applicable), that is the right to receive all the personal data concerning the User, in a structured, commonly used and machine-readable format;
- the right to restriction of processing of the personal data; the right to erasure (right to be forgotten).
- the right to object:
- in whole or in part, on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- in whole or in part, to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
- if personal data are processed for direct marketing purposes, to object at any time to the processing for such marketing, which includes profiling to the extent that is related to such direct marketing.
- the right to lodge a complaint with a supervisory authority (in the Member State of him or her habitual residence, place of work or place of the alleged infringement) if the User considers that the processing of personal data relating to him/her infringes the Regulation.
The Italian Data Protection Authority is the Garante per la protezione dei dati personali, with registered office in Piazza Venezia, n. 11, 00186 – Rome (http://www.garanteprivacy.it).