The Company will process personal data in its capacity as autonomous Data Controller.
The personal data will be processed in accordance with Italian Legislative Decree No. 196/2003 (Personal Data Protection Code) and, from 25 May 2018, EU Regulation No. 2016/679.
a) Types of data
In sending requests through the Contact Us form on this Website, the name, surname, and email address of the sender are collected.
b) Purposes and method of data processing
The Company will process collected personal data for the following purposes:
- to comply with the law and with the regulations of the competent authorities; and
- to record the personal data provided in submitting requests through the Contact Us form in order to respond to requests.
The data may be processed in paper or electronic form within the EU.
The data will be stored for the period necessary to fulfil the purposes for which they were collected, after which they will be destroyed or rendered unusable. More specifically, once the request has been responded to, the data will be deleted a year after the last contact between the Company and the person.
The Company has appropriate security measures in place to protect data from loss, unlawful and unfair use, and unauthorised access.
c) Obligatory or voluntary nature of providing the requested data and the consequences of not doing so
Providing personal data for the purposes listed above is necessary. If the data subject does not wish to have his or her personal data processed by the Data Controller for those purposes, it will be impossible to submit a request through the Contact Us form and, thus, for the Company to reply.
d) Subjects and categories of subjects to whom or which the personal data may be communicated and who or which may become aware of the data in their capacity as data processors or persons in charge of processing.
The data collected will be processed by the personnel in charge of processing or the Company’s Data Processor solely for the purposes listed in section b) above.
The personal data collected will not be disseminated.
e) Data subject’s rights
Data subjects may write to the Data Controller by registered mail with acknowledgement of receipt or by email to email@example.com to exercise their rights of access, amendment, erasure and objection described below, namely, to:
- receive confirmation as to whether his/her personal data exists, whether or not already recorded;
- receive an indication of the source of the personal data, the purposes and methods of the processing, the logic applied to the processing if carried out with the help of electronic means, the identification data of the Data Controller and the data processor, the subjects and categories of subjects to whom or which the personal data may be sent to and who or which may become aware of the data in their capacity as data processors or persons in charge of processing; and
- have the data updated, corrected, or supplemented, or to have data processed unlawfully anonymised, erased or blocked (including data whose retention is unnecessary for the purposes for which they were collected and subsequently processed), and to receive confirmation that the requests for the previously mentioned operations have been received (including the content of the requests) to the subjects to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves the use of means manifestly disproportionate to the protected right.
Data subjects have the right to object to the processing of their data for legitimate reasons, even though they are relevant to the purpose for which they were collected, and the right to object fully or partially (including regarding means of communication) to the processing of their personal data for the purpose of sending marketing materials, direct sales or for market research purposes or business communications.
Furthermore, data subjects have the right to request that their data be transferred to another data controller (right to data portability).
Lastly, data subjects also have the right to file a claim with the competent authority for the protection of personal data if a violation of his or her rights occurs.