EXTENDED DISCLOSURE PURSUANT TO ART. 12, 13 AND, REQUIRED, 14 DEL GDPR – REGULATION (EU) 2016/679 RELATIVE TO THE PROTECTION OF PHYSICAL PERSONS, REGARDING THE TREATMENT OF PERSONAL DATA (FOLLOWING THE GDPR)The owner of the treatment reports, below, the Information pursuant to articles 12, 13 and, if necessary, 14 of the GDPR relating to the processing of personal data provided by the Customer / interested by completing and signing the Contract to purchase the products / services offered for sale by the data controller himself, spontaneously uploading in this website data personal (in particular by filling in forms) or simply browsing in it.
1. Data controller and contact details
The controller owner is STUDIO ASSOCIATO GEM DI MELPIGNANO GIUSEPPE, con sede in Piazza Curtatone e Montanara, 44/46, 72017 Ostuni BR, P.I. 02805870348, tel. +39 3273366514, e-mail firstname.lastname@example.org, web https://www.studioassociatogem.eu (website below).
2. Principles applicable to processing
In accordance with the requirements of the GDPR, the data controller constantly strives to ensure that personal data is:
- processed lawfully, correctly and transparently;
- collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes;
- adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed;
- exact and, if necessary, updated;
- kept for a period of time not exceeding the achievement of the purposes for which they are processed;
- processed, through appropriate technical and organizational measures, so as to guarantee their safety;
- treaties, if by consensus, for a decision freely taken by the Client / interested party, based on a request presented in a clearly distinguishable way, in a comprehensible and easily accessible form, using simple and clear language.
The data controller adopts adequate technical and organizational measures in order to ensure the protection of personal data from the design stage and to ensure that, by default, only the data necessary for each specific processing purpose are processed.
The data controller collects and takes the utmost account of the indications, observations and opinions of the Customer / interested party forwarded to the contact details above, in order to implement a dynamic privacy management system that ensures effective protection of people, with regard to the processing of their data.
This Information Notice may be modified, in line with the evolution of the reference legislation and the technical and organizational measures gradually adopted by the data controller; the Customer / interested party is therefore requested to periodically visit this section of the Website, to view the updates and the Information in the text from time to time in force.
3. Methods of processing personal data
The processing of personal data is carried out manually and with electronic means, with logic strictly related to the purposes indicated below and, in any case, in order to guarantee the security and confidentiality of the data.
4. Purpose of the processing of personal data
(4a) Purpose for which data processing is necessary
The personal data provided by the Customer / interested party are mainly processed for the execution of the Contract and the management of the credit and, more generally, of the relationship arising from the Contract itself.
The provision of data in the Contract or later, during the contractual relationship, for the purposes of processing in question is mandatory; therefore, the failure, partial or incorrect conferment of such data makes it impossible to stipulate and / or execute the Contract and, for the Customer / interested party, to use the products / services offered by the data controller, potentially exposing the Customer / interested person. to liability for breach of contract.
The personal data provided by the Customer / interested party may also be processed if this is necessary to fulfill a legal obligation to which the data controller is subject, to safeguard the vital interests of the Customer / interested party or another person physical, for the performance of a task of public interest or connected to the exercise of public powers vested in the data controller, or for the pursuit of the legitimate interest of the data controller or third parties, provided that they do not prevail the interests or rights and fundamental freedoms of the Customer / interested party; even in these cases, the provision of data is obligatory and, therefore, the failure, partial or inexact communication of the data may expose the Customer / interested party to any liability and sanctions provided for by the legal Order.
(4b) Further purpose of the processing following the specific and explicit consent of the Customer / interested party
In addition to the aforementioned processing purposes, the personal data provided / acquired may be processed, subject to the consent of the Customer / interested party, to be expressed by checking the box <<Consent>> on the Contract or on the Website (or using other social applications or web of the data controller), also for conducting market surveys and for making commercial and promotional communications, by telephone (also using the mobile phone number provided) and automated systems of contact (e-mail, sms, mms, fax, etc.), on products / services of the data controller or Group companies to which the data controller may belong.
Consent for the processing purposes referred to in this point (4b) is optional; therefore, following a possible refusal, the data will be processed only for the purposes indicated in the previous point (4a), except as specified below with reference to the legitimate interests of the data controller or third parties.
5. Categories of personal data processed
The data controller mainly deals with identification / contact data (name, surname, address, type and number of identification documents, telephone numbers, e-mail addresses, tax / billing addresses, except for others) and, if they are provided commercial transactions, financial data (of a banking nature, in particular identification of current accounts, credit card numbers, except for other ones connected with the aforementioned commercial transactions).
The processing that the data controller carries out, both for the execution of the Contract and by virtue of the express consent of the Customer / interested party, does not generally concern particular categories of personal data, known as sensitive (which reveal the racial or ethnic origin) , political opinions, religious convictions, state of health or sexual orientation, etc.), nor genetic and biometric data or so-called judicial data (relating to criminal convictions and crimes).
However, it cannot be excluded that the data controller, in order to perform the obligations deriving from the Contract, must keep and / or have the need to process sensitive data, genetic and biometric or judicial, of the Customer / interested party or third parties, of which the Customer / interested party arranges as a data controller; in the hypothesis in question, the treatment by the data controller is carried out under the conditions and within the limits of the appointment of the data controller to the data controller, by the Customer / interested party.
The data controller treats, as data controller with reference to the Website, and potentially as the data processor responsible for the processing (in the terms mentioned above) by the Customer / interested party, also the so-called navigation data. The computer systems and software procedures used to operate the websites acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified subjects, but which, by their very nature, could make it possible to identify the person concerned. This category of information includes geolocation data, IP addresses, browser type, operating system, domain name and website addresses from which access or exit was made, information on the pages visited by users within of the site, access time, stay on the single page, internal route analysis and other parameters relating to the operating system and the user’s IT environment. Therefore, it is information that, by its very nature, allows users to be identified through processing and association even with data held by third parties.
On the Website, cookies may be used, both session (which are not stored on the computer of the person concerned and disappear when the browser is closed) and persistent cookies, for the transmission of personal information, or in any case of systems for the tracking of the interested parties.
6. Source of personal data
The personal data that the data controller processes is collected directly by the data controller at the Customer / interested party at the time of, and during, navigation of this on the Site (or using other social applications or web of the data controller), or , also through its own sales representatives, at the time of, or following, the signing of the Contract, during the execution of the same, or from public sources.
As stated above, the data controller, as data controller in charge of processing, in order to perform the obligations deriving from the Contract, can store and / or process data, particularly navigation, potentially sensitive, genetic and biometric or judicial, of third parties, of which the Client / interested party arranges as the data controller, acquired, with the prior consent of said third parties, at the time of, and during, navigation of the same third parties on the Site (or using other social or web applications referable to the owner of the treatment).
7. Legitimate interests
The legitimate interests of the data controller or third parties may constitute a valid legal basis for processing, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. In general, such legitimate interests can exist when a relevant and appropriate relationship exists between the data controller and the data subject, for example when the data subject is a customer of the data controller. In particular, it is in the legitimate interest of the data controller to process personal data of the Customer / interested party: for fraud prevention purposes, for direct marketing purposes, to ensure the free circulation of the same data within the business group to which the owner of the processing possibly belongs, or related to traffic, in order to guarantee network and information security, ie the ability of a network or system to withstand unforeseen events or unlawful acts that may compromise availability, authenticity, integrity and confidentiality of data.
8. Circulation of personal data
(8a) Communication of personal data – categories of recipients
In addition to employees and contractors in various capacities of the data controller (who are authorized by the data controller to process data according to adequate written operating instructions, in order to guarantee the confidentiality and security of data), some processing operations they can also be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, functional to the purposes referred to in point (4a), thus both in the execution of contractual and legal obligations, among which mention should be made, to title, however, inevitably, not exhaustive: commercial and / or technical partners; companies that provide banking and financial services; companies that perform document archiving services; debt collection company; accounting and auditing company; rating company; subjects who carry out, in favor of the data controller, professional assistance and consultancy activities; companies that carry out customer care activities; factoring company, credit securitization or other assignee of receivables; Group companies to which the data controller may belong; subjects who provide commercial information; IT services company. The subjects belonging to the aforementioned categories treat the same personal data as independent data controllers, or as data controllers, with reference to specific processing operations that fall within the contractual services that the subjects perform in favor / in the interest of the data controller; Data controllers are given adequate written operating instructions by the data controller, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of data.
Some processing operations may be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, even functionally to the purposes referred to in point (4b), among which mention must, in any case, inevitably, not exhaustive: commercial and / or technical partners; companies providing institutional marketing services; advertising agencies; subjects who provide assistance and consultancy with reference to competitions and prize operations. The subjects belonging to the aforementioned categories treat the personal data as autonomous data controllers, or as controllers, with reference to specific processing operations that fall within the contractual services that the subjects perform in favor of / in the interest of the data controller; Data controllers are given adequate written operating instructions by the data controller, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of data.
The list, subject to periodic updating, of the data controllers with whom the data controller himself has relations is available, upon written request to be sent to the data controller’s offices.
Personal data may also be communicated, in the event of a request, to the competent authorities, in fulfillment of obligations deriving from mandatory laws.
(8b) Transfer of personal data to third countries
The personal data of the Customer / interested party may also be transferred abroad, both in European Union countries and in countries outside the European Union and, in the latter case, or on the basis of an adequacy decision, or in the context and with the adequate guarantees provided for by the GDPR (therefore, in particular, in the presence of contractual clauses for the protection of data approved by the European Commission), or, outside the hypotheses mentioned above, by resorting to one or more of the exceptions provided for by the GDPR (in particular, by virtue of the explicit consent of the Client / interested party, or for the execution of the Contract concluded by the Customer / interested party, or for the execution of a contract stipulated between the data controller and another natural person or legal in favor of the Customer / interested party, in particular for the execution of activities entrusted to it by the data controller for the execution of the Contract concluded with the Customer / interests to). For the hypothesis of data transfers to countries outside the European Union, the Customer / interested party is allowed, upon written request to be sent to the office of the data controller, to know the appropriate guarantees, or the exceptions, which legitimize cross-border treatment. It is understood, in the event of transfer of data to countries outside the European Union, that for every request concerning the data, also for the exercise of the rights recognized by the GDPR to the Customer / interested party, this can always validly apply to the owner of the treatment.
9. Criteria for determining the retention period of personal data
For the purposes referred to in point (4a) above, the period of retention of personal data issued by the Customer / interested party, and the consequent potential treatment thereof, coincides with the period of prescription of rights / duties (legal, fiscal, etc. ) descendants of the Contract: tendentially 10 years, therefore, except for the occurrence of interruptive events of the prescription which could prolong, in fact, said period.
For the purposes referred to in point (4b) above, the period of retention of data released by the Client / interested party, and the consequent potential treatment thereof, ends with the revocation of the consent previously released by the Customer / interested party or, in the absence of this, however, one year after the termination of any relationship between the data controller and the Customer / interested party.
10. Rights of the Customer / interested party
The data controller recognizes – and facilitates the exercise, by the Customer / interested party, of – all the rights provided by the GDPR, in particular the right to request access to their personal data and to extract a copy (art. 15 GDPR ), to the rectification (art. 16 GDPR) and to the cancellation of the same (art. 17 GDPR), to the limitation of the processing that concerns it (art. 18 GDPR), to the portability of data (art. 20 GDPR, where the assumptions) and to oppose the processing that concerns him (articles 21 and 22 GDPR, for the hypotheses mentioned therein and, in particular, to the processing for marketing purposes or that results in an automated decision-making process, including profiling, which produces legal effects concerning him, if the conditions exist).
The data controller also acknowledges, to the Customer / interested party, if the processing is based on consent, the right to revoke said consent at any time, without affecting the lawfulness of the processing based on the consent given before the revocation. To do this, the Customer / interested party can unsubscribe at any time on the Site (or on other social applications or the data controller’s website) or by using the appropriate link at the bottom of every commercial communication received, or by contacting the data controller at contact details above.
The data controller also informs the Customer / interested party of the right to lodge a complaint with the Italian Data Protection Authority, as the supervisory authority operating in Italy, and to appeal to the courts, as much against a decision of the Guarantor Authority , as for the data controller and / or a data controller.
11. Security of systems and personal data
Taking into account the state of the art and the implementation costs, as well as the nature, object, context and purpose of the processing, as well as the risk, in terms of probability and seriousness, for the rights and freedoms of individuals , the data controller adopts technical and organizational measures deemed appropriate to guarantee an adequate level of security to the risk, in particular ensuring, on a permanent basis, the confidentiality, integrity, availability and resilience of the processing systems and services ( also through the encryption of personal data, where necessary) and the ability to promptly restore the availability of data in the event of a physical or technical accident, and by adopting internal procedures aimed at regularly testing, verifying and assessing the effectiveness of the technical and organizational measures employed .
In assessing the adequate level of security, the risks presented by the treatment are taken into account, deriving, in particular, from destruction, loss, modification, unauthorized disclosure or accidental or illegal access to personal data transmitted, stored or otherwise processed.
The data controller shall do his best to ensure that anyone acting under his authority and having access to personal data does not process such data unless he is instructed to do so by the data controller.
Having said this, the Customer / interested party acknowledges and accepts that no security system guarantees absolute protection in terms of certainty; therefore, the data controller does not respond for acts or acts of third parties who illegally, despite the appropriate precautions taken, should access the systems without the necessary authorizations.
12. Automated decision-making processes, including profiling
The data controller can perform automated treatments, including profiling, in relation to the purposes referred to in point (4b) above, to optimize the navigability of the Site (or the usability of other social applications or web of the data controller) and for improve the shopping experience, except as specified above with regard to the rights of opposition and withdrawal of consent from the Customer / interested party.
Profiling means any form of automated processing of personal data aimed at assessing certain aspects relating to a natural person, in particular to analyze or foresee aspects concerning, for example, personal preferences, interests or location of said person, also in order to create profiles, or homogeneous groups of subjects by characteristics, interests or behavior.
The data controller does not carry out any automated processing that produces legal effects that concern the Customer / interested party or that significantly affect his person, unless this is necessary for the conclusion or execution of the Contract, is authorized by law or is based on the explicit consent of the Client / interested party, in any case always acknowledging the right to obtain human intervention, to express his / her opinion and to challenge the decision.
Web Policy Privacy
Web Policy Privacy
The information is provided only for the aforementioned website and not for other websites or sections / pages / spaces owned by third parties – eventually consulted by the user through appropriate links inside the same.
1. TYPE OF DATA PROCESSED AND PURPOSE OF TREATMENT
1.1. Navigation data
The computer systems and applications dedicated to the functioning of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow the identification of users connecting to the site. The collected data includes the IP addresses or domain names of the computers used by the users, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are processed for the time necessary to achieve the purpose for which they were collected, for the sole purpose of obtaining anonymous statistical information on the use of the site (access to the same) and to check its regular operation.
The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
1.2. Data provided voluntarily by the user
If the users of this site are required, in order to access certain services, to provide their personal data, they will be released in advance, on the pages relating to the individual services, a specific and detailed Information on the relative treatment pursuant to art. 13 of the Privacy Code that will specify the limits, purposes and manner of the treatment itself.
What are cookie?
Cookies are small text files that are sent by the website visited by the user on the user’s device (usually the browser), where they are stored so that they can recognize this device at the next visit. In fact, at each subsequent visit, cookies are sent by the user’s device to the site.
Each cookie generally contains: the name of the server from which the cookie was sent; the deadline and a value, usually a unique number randomly generated by the computer The server of the website that transfers the cookie uses this number to recognize you when you return to visit a site or navigate from one page to another.
Cookies can be installed not only by the same site manager visited by the user(first-party cookies),but also by a different site that is installed cookies through the first site (third-party cookies) and is able to recognize them. This happens because the site visited may contain elements (images, maps, sounds, links to web pages of other domains, etc.) that reside on servers other than that of the site visited.
Depending on the purpose, cookies are divided into technical cookies and profiling cookies.
Technical cookies are those used for the sole purpose of “carry out the transmission of a communication over an electronic communication network, or as strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service” (see Article 122, paragraph 1 of the Privacy Code, as amended by Legislative Decree 69/2012). In particular, these cookies are usually used to allow an efficient browsing of the pages, to store the preferences (language, country, etc.) of the users, to carry out computerized authentication, to manage the shopping cart or to allow online purchases, etc. Some of these cookies (called essential or strictly necessary)enable functions without which some operations would not be possible. Pursuant to the aforementioned art. 122, co. 1 of the Privacy Code the use of technical cookies does not require the consent of the users.
Technical cookies are assimilated to cd. analytics cookies when used directly by the site manager to collect aggregateinformation about the number of users and how they visit the site itself. These cookies allow owners and / or website managers to understand how users interact with the site’s content for the purpose of optimizing it.
I profiling cookies they are used to track the user’s navigation, analyze his behavior for marketing purposes and create profiles on his tastes, habits, choices, etc. in order to transmit targeted advertising messages in relation to the interests of the user himself and in line with the preferences of these manifested in online browsing. These cookies can be installed on the user’s terminal only if they have given their consent with the simplified procedures indicated in the Measure.
Based on their duration, cookies are distinguished in persistent, which remain stored, until they expire, on the user’s device, saves removal by the latter, and session, which are not stored persistently on the user’s device and vanish with the closure of the browser.
What cookies are used by this site?
a. Technical cookies.
This site makes use of technical cookies,installed by the site itself in order to monitor the operation of the site and allow efficient navigation on the same.
The aforementioned cookies cannot be disabled using the functions of this website, but can be disabled through the settings of your browser at any time (in the manner indicated below). Their deactivation could preclude the optimal use of some areas of the site.
b. Performance and analytics cookies
Analytics cookies are also used in order to statistically analyze the traffic on the site, count the accesses or visits to the site itself and allow the owner, also thanks to the estimates on numbers and consumption models, to improve the structure, the navigation logics and the contents, to adapt it to the interests of users, to speed up searches, etc.
c. Profiling cookies.
Third-party profiling cookies
In any case, it should be noted that users can manage their preferences on online behavioral advertising (cd. “on-line behavioural advertising”) via the www.youronlinechoices.com/itwebsite, which lists the main providers of behavioral advertising. Through these websites, users can deactivate or activate all companies or alternatively adjust their preferences individually for each company.
How do I disable cookies?
By default, almost all web browsers are set to automatically accept cookies. It is however possible to change this default configuration via the browser settings. However, disabling / blocking cookies or deleting them may prevent the optimal use of some areas of the site, prevent the use of some services and make browsing slower.
The configuration of cookie management depends on the browser used. Usually, the cookie configuration is carried out from the “Preferences”, “Tools” or “Options” menu.
The following are links to the guides for managing the cookies of the main browsers:
Internet Explorer: http://support.microsoft.com/kb/278835
Internet Explorer [mobile]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
Safari [mobile]: http://support.apple.com/kb/HT1677
2. METHOD OF TREATMENT
The processing of personal data is carried out through automated tools (for example, using electronic procedures and supports) and / or manually (for example on paper) for the time strictly necessary to achieve the purposes for which the data was collected and , in any case, in compliance with the regulations in force on the subject.
3. HOLDER OF THE TREATMENT
The owner of the processing of personal data is STUDIO ASSOCIATO GEM DI MELPIGNANO GIUSEPPE.
4. RIGHTS OF INTERESTED PARTIES
The subjects to whom the personal data refer have the right, at any time, to obtain confirmation of the existence of the same data, to know its content and origin, verify its accuracy or request its integration or update, or rectification pursuant to art. 7 of the Privacy Code. Pursuant to the same article, the interested parties also have the right to request the deletion, transformation into anonymous form or blocking of data concerning them in violation of the law, as well as to oppose their processing for legitimate reasons.
For any information regarding the processing of the data, as well as for the exercise of ex rights. Article 7 of the Code Privacy, users can make a special request (also by e-mail) to the addresses indicated online on the Contacts page reachable by the footer of the site.