This document describes the methods of managing the user’s personal data, which is collected through visits to the website www.claudiocervelli.com and controlled by the company Idee… in Luce Snc di Claudio Cervelli & C..
It concerns only the website indicated, not any further sites that can be visited through the links within. The information contained is provided in conformity with the provisions of the EU Regulation on General Data Protection (EU Regulation 679/2016, “GDPR”) and Italian Legislative decree no. 196/2003.
Unless otherwise indicated, the contents of the Website, including data, news, information, images, graphics, drawings, trademarks and domain names, are the property of Idee… in Luce Snc di Claudio Cervelli & C. and are covered by copyright and industrial and intellectual property law.
The term “personal data” refers to any information that allows the Website managers to directly or indirectly identify the user (or a third party whose data the user provides), including information related to the purchase of goods or services, and any information the user chooses to communicate or share while using the Website.
1. DATA CONTROLLER
The “Data Controller” for the processing is the company Idee… in Luce Snc di Claudio Cervelli & C., with registered office in Montecchio Maggiore (VI), in Via Massimo D’Azeglio 5, Italy. The Data Controller can be contacted: by registered letter with return receipt; by e-mail message to email@example.com; by certified e-mail to firstname.lastname@example.org.
2. TYPES OF DATA PROCESSED and PURPOSES OF PROCESSING
The Data Processor will process some personal data of users who interact with the computer systems and software procedures used to operate the website, in particular the navigation data that the computer systems automatically acquire during the use of the website and which are not accompanied by any additional personal information, for example: the IP address, domain names and types of browsers on the user’s computer. This category of data can be used to obtain anonymous statistical information on the use of the website, to monitor the methods of use, as well as to ascertain responsibility in the event of any computer crimes involving the website.
Data provided voluntarily by the user
In the case that the user sends message to the addresses indicated on this site, this will result in the acquisition of the sender’s address, as well as any other personal data included in the message.
The personal data sent through compilation of any form may be processed, including without your consent, for the following purposes:
- performance of pre-contractual and/or contractual obligations;
- compliance with tax and accounting laws and regulations;
- compliance with other laws, regulations, and orders of authorities, including those of the European Community;
- prevention or detection of fraudulent activity, and abuse harmful to the website;
- exercise of the Data Controller’s rights, such as for example in legal defence.
The user’s data may also be processed for any other purposes of compliance provided under current law and incumbent on the Data Controller.
3. LEGAL BASIS
The personal data are legally processed in the following cases:
- the data subject has given consent for one or more purposes, and such processing is only in relation to the specific purposes to which consent refers;
- the processing is necessary for the performance of a contract concluded with the data subject or to carry out pre-contractual measures requested by the subject;
- processing is necessary for the legal interests of the Data Controller or of a third party, provided there are no prevailing interests or fundamental rights or freedoms of the data subject which require the protection of the data.
4. RECIPIENTS OF THE DATA
The personal data collected on the site may be processed by other parties in various ways, specifically by:
- those who process and have access to the data under the authority of the Data Controller or their designated Processing Manager;
- natural or legal persons processing the data on behalf of the Data Controller (so-called Data Processors).
At any time, the user can request an updated list of Data Processors by communication to the addresses indicated at point 1: “Data Controller”.
Apart from the cases mentioned above, the user’s personal data will not be communicated to third parties except in the following cases:
- the user has given their express consent to the communication;
- the communication is necessary to provide the product or service requested by the user;
- the communication is requested by a Judicial Authority or Public Safety Authority.
5. PROCESSING METHODS AND LOCATION
Personal data are collected by processes that are not completely automated, with the prior consent of the user. The user enters their data in the forms provided on the site. Personal data will be processed within the European Union.
A cookie is a small file of data that is stored by user’s web browser. It contains information that allows the Website to remember, for example, the user’s preferences, or the products in their cart. Italian Data Protection Authority Directive no. 229 of 8 May 2014, on “Simplified arrangements to provide information and obtain consent regarding cookies”, provides that cookies can be utilised only with the user’s consent.
7. DATA RETENTION
Personal data will be processed and stored for the time strictly necessary to achieve the purposes for which they were collected, and in particular as follows:
- For purposes relating to management of contracts: The data will be kept for the entire duration of the contract, and subsequently for the time the Data Controller is obligated to store the data for purposes of compliance with tax law and other laws or regulations. The data will in any case not be kept for more than 10 years from the end of the contract, in compliance with the ordinary time limitations provided under the Italian Civil Code.
- For marketing and profiling purposes: The data will be kept for 10 years after collection, without prejudice to the data subject’s rights to modify and/or revoke consent.
- For delivery of the Idee… in Luce Snc di Claudio Cervelli & C. newsletter: The data will be kept for 10 years from the date of collection, without prejudice to the data subject’s rights to modify and/or revoke consent.
Once the above-described purposes for processing and storing the data have been exhausted, or in the event that the subject exercises the right to object to processing or revokes their consent, the Data Processor may still be entitled to store the personal data in whole or in part, for the purposes provided by the GDPR (such as, for example, to fulfil a right to legal proceedings). After any such purposes have been exhausted, the data will be deleted or rendered anonymous.
8. DATA SUBJECT’S RIGHTS
The data subject has the right to be informed by the Data Controller if their personal data are being processed, and if so, to receive the following information:
- the purposes of processing;
- the types of data processed;
- the recipients of the personal data;
- the intended period of retention, or the criteria for determining retention;
- information on the existence of rights to correct or cancel the personal data, or to limit their processing;
- information on the existence of the right to lodge a complaint with a supervisory authority (i.e. Italian Data Protection Authority, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524)
- information on the origin of the data, in the case they are not collected from the data subject.
If personal data are transferred to a third country or an international organisation, the data subject shall have the right to be informed of the existence of adequate safeguards for the transfer.
The data subject has the right to receive the personal data relating to them in a structured, commonly used format that is readable using computerised means, and to request their transmission to another controller, where such transfer is technically feasible.
9. METHOD OF EXERCISING RIGHTS
The data subject can exercise their rights at any time, by sending:
- a registered letter with notice of receipt to the Data Controller, or
- a message to the Data Controller’s e-mail address, or
- a message to the Data Controller’s certified e-mail address.
The Data Controller will answer the data subject within 30 days, without prejudice to the latter’s right to lodge a complaint with the designated authority in the case of any violation.
If the changes involve processing with legal basis requiring renewed consent from the data subject, the Data Controller will provide for receiving the subject’s consent.