1. Who controls the data processing?
The “Data Controller” for the processing is the company Idee… in Luce Snc di Claudio Cervelli & C., owned by Valter Ballan, with registered office in Montecchio Maggiore (VI), in Via Massimo D’Azeglio 5, Italy. The Data Controller can be contacted: by registered letter with notice of receipt; by e-mail message to firstname.lastname@example.org; by certified e-mail to email@example.com
2. What types of data are processed and for what purposes?
The Data Processor will process some personal data of users who interact with the computer systems and software procedures used to operate the website, in particular the navigation data that the computer systems automatically acquire during the use of the website, and which are not accompanied by any additional personal information, for example: the IP address, domain names and types of browsers on the user’s computer. This category of data can be used to obtain anonymous statistical information on the use of the website, to monitor the methods used, as well as to ascertain responsibility in the event of any computer crimes involving the website.
Data provided voluntarily by the user
In the case that the user sends message to the addresses indicated on this site, this will result in the acquisition of the sender’s address, as well as any other personal data included in the message.
The personal data sent through compilation of any form may be processed, including without your consent, for the following purposes:
- performance of pre-contractual and/or contractual obligations;
- compliance with tax and accounting laws and regulations;
- compliance with other laws, regulations, and orders of authorities, including those of the European Community;
- prevention or detection of fraudulent activity, and abuse harmful to the website;
- exercise of the Data Controller’s rights, such as for example in legal defence.
The user’s data may also be processed for any other purposes of compliance provided under current law and incumbent on the Data Controller.
3. What is the legal basis for processing the data?
The personal data are legally processed in the following cases:
- the data subject has given consent for one or more purposes, and such processing is only in relation to the specific purposes to which the consent refers, and/or,
- the processing is necessary for the performance of a contract concluded with the data subject, or to carry out pre-contractual measures requested by the data subject, and/or
- the processing is necessary for the legal interests of the Data Controller or of a third party, provided there are no prevailing interests or fundamental rights or freedoms of the data subject which require the protection of the data.
4. Who can receive the data?
The personal data collected on the site may be processed by other parties, specifically by:
- those who process and have access to the data under the authority of the Data Controller or their designated Processing Manager;
- natural or legal persons processing the data on behalf of the Data Controller (so-called Data Processors).
- At any time, the user can request an updated list of Data Processors by communication to the addresses indicated in Question 1: “Who controls the data processing?”.
- Apart from the cases mentioned above, the user’s personal data will not be communicated to third parties except in the following cases:
- the user has given their express consent to the communication, and/or,
- the communication is necessary to provide the product or service requested by the user, and/or
- the communication is requested by a Judicial Authority or Public Safety Authority.
5. How and where are the data processed?
Personal data are collected by processes that are not completely automated, with the prior consent of the user. The user enters their data in the forms provided on the site.
Personal data will be processed within the European Union.
6. How long will the data be stored?
Personal data will be processed and stored for the time strictly necessary to achieve the purposes for which they were collected, and in particular as follows:
- For purposes relating to management of contracts: The data will be kept for the entire duration of the contract, and subsequently for the time the Data Controller is obligated to store the data for purposes of compliance with tax law and other laws or regulations. The data will in any case not be kept for more than 10 years from the end of the contract, in compliance with the ordinary time limitations provided under the Italian Civil Code.
- For marketing and profiling purposes: The data will be kept for 10 years after collection, without prejudice to the data subject’s rights to modify and/or revoke consent.
- For delivery of the Idee… in Luce Snc di Claudio Cervelli & C. newsletter: The data will be kept for 10 years from the date of collection, without prejudice to the data subject’s rights to modify and/or revoke consent.
Once the above-described purposes for processing and storing the data have been exhausted, or in the event that the subject exercises the right to object to processing or revokes their consent, the Data Processor may still be entitled to store the personal data in whole or in part, for the purposes provided by the GDPR (such as, for example, to fulfil a right to legal proceedings); after any such purposes have been exhausted, the data will be deleted or rendered anonymous.
7. What are the rights of the person concerned?
The data subject has the right to be informed by the Data Controller if their personal data are being processed, and if so, to receive the following information:
- the purposes of processing;
- the types of data processed;
- the recipients of the personal data;
- the intended period of retention;
- information on the existence of rights to correct or cancel the personal data, or to limit their processing;
- information on the existence of the right to lodge a complaint with a supervisory authority (i.e. Italian Data Protection Authority, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524)
- information on the origin of the data, in the case they are not collected from the data subject.
If personal data are transferred to a third country or an international organisation, the data subject has the right to be informed of the existence of adequate safeguards for the transfer.
The data subject has the right to receive the personal data relating to them in a structured, commonly used format that is readable using computerised means, and to request their transmission to another controller, where such transfer is technically feasible.
In the case of receiving any requests, the Data Controller will respond to the data subject as soon as possible, and in any case within 30 days, without prejudice to the latter’s right to lodge a complaint with the designated authority in case of violation.
8. How can these rights be exercised?
The data subject can exercise their rights at any time, by sending:
- a registered letter with notice of receipt to the Data Controller, or
- a message to the Data Controller’s e-mail address, or
- a message to the Data Controller’s certified e-mail address.
The Data Controller will answer the data subject within 30 days, without prejudice to the latter’s right to lodge a complaint with the designated authority in the case of any violation.
9. Changes to this Statement
If the changes involve processing with legal basis requiring renewed consent from the data subject, the Data Controller will provide for receiving the subject’s consent.