INFORMATION AND REQUEST FOR CONSENT TO THE PROCESSING OF PERSONAL DATA
EU Regulation 2016/679 (GDPR)
Artesole srl protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation.
As required by European Union Regulation no. 679/2016 (“GDPR”), and in particular to art. 13, below we provide the user (“Data Subject”) with the information required by law relating to the processing of their personal data.
We provide this information for the purpose of fulfilling the legal obligations regarding the protection of personal data provided by Regulation (EU) 2016/679 or “Regulation”, but also because we believe that the protection of personal data is a fundamental value of our business and we want to provide you with any information that can help you protect your privacy and control the use that is made of your data.
Who we are and what data we process (art.13, 1st comma letter a, art.15, letter b GDPR)
Artesole srl in the person of its Legal Representative, based in Giarre, via Marsala 40, works as Data Controller and Data Processor and can be contacted at firstname.lastname@example.org, collects and / or receives information concerning the interested party for the execution of the various services offered. The data processed are “common” data and concern personal data such as name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, fax, tax code, e-mail address / s.
Artesole srl does not require the interested party to provide so-called data “Particular”, that is, according to the provisions of the GDPR (art. 9), personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, data biometrics intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested from Artesole srl requires the processing of such data, the interested party will receive a specific information in advance and will be asked to give specific consent.
For what purposes we need the data of the interested party (art. 13, 1st paragraph GDPR)
The data are used by the Data Controller to respond to the registration request and to the supply contract for the chosen Service and / or the product purchased, manage and execute the contact requests sent by the interested party, provide assistance, fulfill legal and regulatory obligations. which the Data Controller is required to work on.In no case Artesole srl resells the personal data of the interested party to third parties or uses them for undeclared purposes.
In particular, the data of the interested party will be processed for:
a) personal registration and requests for contact and / or information material
The processing of the personal data of the interested party takes place to carry out the preliminary and consequent activities of the request for registration, the management of requests for information and contact and / or sending information material, as well as for the fulfillment of any other obligation arising.
The legal basis for these treatments is the fulfillment of the services inherent in the request for registration, information and contact and / or sending information material and compliance with legal obligations.
b) the management of the contractual relationship
The processing of the personal data of the interested party takes place to carry out the preliminary and consequent activities to the purchase of a Service and / or a Product, the management of the related order, the provision of the Service itself and / or the production and / or the shipment of the purchased Product, its billing and payment management, the handling of complaints and / or reports to the assistance service and the provision of assistance to the customer by means of active services (e.g.:, email, telephone, etc.) fraud prevention, as well as the fulfillment of any other obligation deriving from the contract.
The legal basis for these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.
c) promotional activities / communications in general on Services / Products similar to those purchased by the Data Subject (Recital 47 GDPR)
The data controller, even without your explicit consent, may use the contact data communicated by the interested party, for the purpose of direct sale of its Services / Products, limited to the case in which it concerns Services / Products similar to those covered by the sale and contractual relationship (unless the interested party explicitly opposes) or for the purpose of sending communications by email for the provision of the service and management of any disservices and / or transmission of service communications and / or related updates.
d) commercial promotion activities on services / products different from those purchased by the interested party
As for the purposes of sending promotional messages and / or for profiling purposes, the data are processed only if you have expressed your specific consent.
The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to Services / Products that the Data Controller offers only if the interested party has authorized the treatment and does not object to this.
This treatment can take place automatically, in the following ways:
✓ telephone contact
and can be done:
1. if the interested party has not revoked his consent for the use of the data;
2. if, in the event that the processing takes place by contacting the telephone operator, the interested party is not registered in the register of oppositions referred to in D.P.R. n. 178/ 2010;
The legal basis for these treatments is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time ( see Section III ).
e) Photo publications
Free of charge, without time limits, also pursuant to articles 10 and 320 of the Italian Civil Code and articles 96 and 97 law 22.4.1941, n. 633, Law on copyright, the publication and / or diffusion in any form of one’s own images on the website, on social networks, on printed paper and / or on any other means of diffusion, as well as authorizing the conservation of the photos themselves in the computer archives and acknowledges that the purposes of these publications are merely advertising and promotional.
f) the protection of minors
The Services / Products offered by the Owner are reserved to subjects legally able, on the basis of the national reference legislation, to conclude contractual obligations. In order to prevent illegitimate access to its services, the Data Controller implements preventive measures to protect his legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data. identification documents of identity documents issued by the competent authorities.
Communication to third parties and categories of recipients (Article 13, 1st paragraph of the GDPR)
The communication of personal data of the interested party takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities related to the relationship established and to respond to certain legal obligations, such as:
|CATEGORIES OF RECIPIENTS||PURPOSE|
|Third party suppliers||Provision of services (assistance, maintenance, delivery / shipment of products, provision of additional services, network suppliers and electronic communication services) connected to the requested service|
|Credit and digital payment institutions, Bank / postal institutions||Management of collections, payments, refunds connected to the contractual performance|
|External professionals / consultants and consultancy companies||Fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery|
|Financial administration, public bodies, judicial authorities, supervisory and control authorities||Compliance with legal obligations, defense of rights; lists and registers kept by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance|
|Formally delegated subjects or with recognized legal title||Legal representatives, curators, guardians, etc.|
The Data Controller imposes on third parties its suppliers and Data Processors to comply with security measures equal to those adopted against the interested party by restricting the perimeter of action of the Data Processor to the processing related to the requested service.
The Data Controller does not transfer your personal data to countries where the GDPR is not applied (non-EU countries) unless specific indications to the contrary for which you will be previously informed and if necessary your consent will be requested.
The legal basis for these treatments is the fulfillment of the services inherent in the relationship established, compliance with legal obligations and the legitimate interest of Artesole srl to carry out treatments necessary for these purposes.
What happens if the interested party does not provide his data identified as necessary for the execution of the requested service?
The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested Product. If the interested party does not provide the personal data expressly provided as necessary in the order form or registration form, the Data Controller may not follow up on the processing related to the management of the requested services and / or the contract and the Services / Products related to it, nor to the obligations that depend on them
What happens if the interested party does not consent to the processing of personal data for commercial promotion activities on services / products different from those purchased?
In the event that the interested party does not give his consent to the processing of personal data for these purposes, said treatment will not take place for the same purposes, without this having effects on the provision of the requested services, nor for those for which he already has given consent, if requested.
In the event that the interested party has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, your data will no longer be processed for these activities, without this leading to consequences or detrimental effects for the interested party and for the performance required.
How we process the data of the interested party (art. 32 GDPR)
The Data Controller arranges for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the Data Subject’s personal data and imposes similar security measures on third party suppliers and Managers.
Where we process the data of the interested party
The personal data of the interested party are stored in paper, IT and telematic archives located in countries where the GDPR (EU countries) is applied.
How long are the data of the interested party kept?
Unless they explicitly express their will to remove them, the personal data of the interested party will be kept until they are necessary with respect to the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of your personal registration and in any case no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this term, there are no Associates of the Services and / or purchased of the Products through the the registry itself.
Furthermore, personal data will in any case be kept for the fulfillment of the obligations (e.g. tax and accounting) that remain even after the termination of the contract (art. 2220 of the Italian Civil Code); for these purposes, the Data Controller will retain only the data necessary for the relative pursuit.
This is without prejudice to the cases in which the rights deriving from the contract and / or from the personal registration should be brought to court, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit.
What are the rights of the interested party? (articles 15 – 20 GDPR)
The interested party has the right to obtain the following from the data controller:
a) confirmation that personal data concerning him or her is being processed and, in this case, to obtain access to personal data and to the following information:
1. the purposes of the treatment;
2. the categories of personal data in question;
3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations;
4. when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
5. the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the data subject, all information available on their origin;
8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the interested party.
9. the adequate guarantees provided by the third country (outside the EU) or an international organization to protect any data transferred
b) the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In case of further copies requested by the interested party, the data controller can charge a reasonable expense contribution based on administrative costs.
c) the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay
d) the right to obtain from the data controller the cancellation of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law always exist; and in any case if the treatment is not justified by another equally legitimate reason;
e) the right to obtain the limitation of processing from the data controller, in the cases provided for in art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in reasonable times, also of when the suspension period has been completed or the cause of the limitation of the treatment has ceased, and therefore the limitation itself revoked;
f) the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been sent, unless this proves impossible or involves a disproportionate effort.
g) the right to receive personal data concerning him in a structured, commonly used and machine-readable format and the right to transmit such data to another data controller without hindrance by the data controller to whom he has provided them , in the cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
For any further information and in any case to send your request you must contact the Data Controller at email@example.com. In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.
How and when can the interested party object to the processing of their personal data? (Art. 21 GDPR)
For reasons relating to the particular situation of the interested party, the same can object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller at firstname.lastname@example.org
The interested party has the right to delete their personal data if there is no prevailing legitimate reason for the owner compared to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.
To whom can the interested party submit a complaint? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or with the one that carries out its duties and exercises its powers in the Member State where the violation of the GDPR occurred.
General information, deactivation and management of cookies
Cookies are data that are sent from the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or its subdomains.