Information on the processing of personal data
Pursuant to Article 13 of EU Regulation 2016/679, hereinafter referred to as GDPR (General Regulation for the Protection of Personal Data), also considered Legislative Decree 196/2003 amended by Legislative Decree 101/2018, we inform you about the following:
- The data controller is: Diabor S.r.l. in the person of its legal representative Gianni Lagni
- VAT: 02276160245
- Registered office: Via Barsanti n.34, 36034 Malo
- Phone +39 0445 602755
- Email: firstname.lastname@example.org
Purposes of processing and legal bases
The Data Controller will process some personal data of users who interact with the computer systems and software procedures used to operate the site. In particular, the navigation data that the computer systems automatically acquire during the use of the site will be processed, such as the IP address, domain names and browser types that are not accompanied by any additional personal information and are used to obtain anonymous statistical information on the use of the site, needs to control how it is used; as well as for the ascertainment of responsibility in case of hypothetical computer crimes.
Data provided voluntarily by the user
The personal data you provide will be processed exclusively for the following purposes:
- stipulation and execution of the contract (registration, use of the services of the site) and all activities related to it, such as, by way of example, invoicing, credit protection, protection of the rights and interests of the Data Controller, administrative, managerial, logistical / organizational services and functional to the execution of the contract;
- fulfillment of the obligations established by law, regulations, applicable legislation and other provisions issued by Authorities and Supervisory and Control Bodies required by law.
The legal bases for the processing of personal data for the purposes referred to in points a) and b) above are: the execution of a contract and / or the adoption of a pre-contractual measure at the request of the interested party, and the fulfillment of one or more legal obligations or exercise of legitimate interest.
c. carrying out promotional/advertising information activities by sending periodic newsletters or personalized advertising communications.
Only the processing of personal data for the purposes referred to in point c) above requires your express consent art. 7 of the GDPR. This consent concerns both the automated and traditional communication methods described above.
For interested parties already customers of the Data Controller, the sending of information for the purposes referred to in point c) above may also be based on the legitimate interest of the Data Controller in accordance with the provisions of art. 6, paragraph 1 letter f) and recital n. 47 of the GDPR. The interested party will always have the right to oppose easily and free of charge in full, or even in part, to the processing of your data for the purposes referred to in point c).
Methods of data processing
The processing of personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR, for the aforementioned purposes, both on paper and computerized / telematic, by means of electronic and / or automated tools, in compliance with current legislation in particular on confidentiality and security and in compliance with the principles of correctness, lawfulness and transparency and protection of the Customer’s rights. The processing is carried out directly by the organization of the Data Controller, by its Managers pursuant to Article 28 and by designated internal subjects.
Mandatory or optional nature of the provision of data and consequences of any refusal to provide personal data
The data required for the purposes referred to in the previous point must be provided for the fulfillment of legal obligations and / or for the conclusion and execution of the contractual relationship requested by you or for the exercise of the legitimate interest of the Data Controller. Therefore, your refusal, even partial, to provide such data would make it impossible for the Data Controller to establish and manage the relationship itself. The provision of personal data necessary for the purposes referred to in letter c) above is optional, therefore your refusal to provide such data may make it impossible to carry out the activities described therein (marketing and promotional).
Communication and dissemination
Your personal data may be communicated, within the limits strictly relevant to the obligations, tasks and purposes referred to above and in compliance with current legislation, to the following categories of subjects:
- subjects to whom such communication must be made in order to fulfill or to require the fulfillment of specific contractual obligations or provided for by laws, regulations and / or community legislation;
- external natural and/or legal persons who provide services instrumental to the activities of the Data Controller for the aforementioned purposes (e.g. business partners, suppliers, consultants, companies, institutions, professional firms). These subjects will operate as data processors pursuant to Article 28 GDPR.
Personal data will not be disseminated in any way without your explicit consent or request in writing.
Period of personal data
Personal data will be kept for the entire duration necessary for the execution of the contract stipulated with the Data Controller, after which the data will be kept to fulfill the obligations required by law and for the conservation of administrative documents in compliance with current legal provisions.
Personal data are stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission. If the User uses online payment methods, he may be redirected to platforms managed by third parties (such as Multisafepay, PayPal, others …) who operate as independent Data Controllers with all consequent obligations provided for by the GDPR and applicable legislation.
The Data Controller does not intentionally collect personal information relating to minors.
Rights of the interested party
In your capacity as an interested party, you have the rights referred to in the GDPR and precisely the rights of:
- obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in intelligible form;
- obtain the indication:
- the origin of personal data;
- the purposes and methods of processing;
- the logic applied in case of treatment carried out with the aid of electronic instruments;
- of the identification details of the owner, of the managers and of the designated representative pursuant to art. 3, paragraph 1, GDPR;
- the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;
- updating, rectification or, when interested, integration of data;
- the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated, except in the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right;
- object, in whole or in part:
- for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
- to the processing of personal data concerning you for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communication, through the use of call systems with the intervention of an operator, and / or by e-mail and / or through traditional marketing methods by telephone and / or paper mail.
Please note that each interested party has the right to object in whole or in part to the processing of data for marketing purposes. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication. Where applicable, it also has the rights referred to in Articles. 16-21 GDPR (right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority.
For the exercise of the above rights or for questions or information regarding the processing of your data and the security measures adopted, each interested party may in any case forward their requests to our company to the following address: email@example.com