Privacy Policy

PRIVACY POLICY

Art. 13 of Regulation (EU) 2016/679 (GDPR)


SUBJECT

 Information on the processing of personal data in accordance with art. 13 of Regulation (EU) 2016/679


FOREWORD

Regulation (EU) 2016/679 ("General Data Protection Regulation", hereinafter GDPR) provides for the protection of individuals with regard to the processing of personal data. According to this legislation, the processing of personal data referring to a person, specifically to be defined as "data subject", is based on the principles of fairness, lawfulness and transparency, as well as protection of the confidentiality and rights of the data subject. This is to inform you, in compliance with the aforementioned regulations, that in connection with the relationship or relationship that you have with our facility, our organization is in possession of certain data relating to you, which have been acquired, even verbally, directly or through third parties who carry out operations concerning you or who, in order to comply with a request from you, acquire and provide us with information. According to the GDPR, since such data is information that relates to You, it must qualify as "personal data," and must therefore benefit from the protection provided by said provisions. Specifically, according to said legislation, you are the data subject who benefits from the rights placed on the protection of your personal data. Pursuant to Article 13 of the GDPR, our facility, as Data Controller, will process the personal data you provide in compliance with the regulations, with the utmost care, implementing effective management procedures and processes to ensure the protection of the processing of your personal data. To this end, the writer, using material and management procedures to safeguard the data collected, undertakes to protect the information disclosed, so as to prevent unauthorized access or disclosure, as well as to maintain accuracy of the data and also to ensure the appropriate use of the same. In observance of this premise, the following information is provided: 

DATA CONTROLLER

Company: {company_name}
P. VAT: {VAT}
Registered Office: {ADDRESS}
e-mail: info@masseriatorrelonga.it


PLACE OF PROCESSING OF PERSONAL DATA

The processing operations related to the web services of this site take place at the aforementioned head office of {company_name} and are only handled by staff in charge of processing, or by any persons in charge of occasional maintenance operations. The data resulting from the web service may be communicated to the technological and instrumental partners that the "owner" uses for the provision of services requested by user visitors. The personal data provided by visitor users who forward requests for the sending of informative material (requests for information, answers to questions, etc.) or other communications (orders) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose (provision of the services requested through the technological and instrumental partner).


MODE OF PROCESSING OF PERSONAL DATA

The processing of personal data is carried out by means of the operations indicated in Art. 4 Privacy Code and Art. 4 No. 2) RGPD, for the purposes mentioned above, both on paper and computer, by means of electronic or otherwise automated tools, in compliance with the regulations in force in particular on confidentiality and security and in accordance with the principles of fairness, lawfulness and transparency and protection of the rights of the Customer. The processing is carried out directly by the owner's organization, its managers and/or appointees. Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access. { COMPANY_NAME}, in order to minimize risks pertaining to the confidentiality, availability and integrity of personal data collected and processed has adopted all the minimum security measures required by law.


PERSONAL DATA COLLECTED

The writer, as Data Controller uses your personal data to operate as best as possible in the performance of its business. You may be asked, even partially, for the following data: - personal data, tax code, VAT number, name, registered office, residence and domicile and contact data; - data relating to the contractual relationship descriptive of the type of contract, as well as information relating to its execution and necessary for the fulfillment of the contract itself; - data of accounting type relating to the economic relationship, the amounts due and payments, their periodic progress, summary of the accounting status of the relationship.

 

PURPOSES AND METHODS OF PROCESSING

The personal data you provide will be processed exclusively for the following purposes: 

- conclusion and execution of the contract and all related activities, such as, but not limited to, invoicing, credit protection, administrative, management, organizational and functional services for the execution of the contract; b. fulfillment of obligations under the law, regulations, applicable legislation and other provisions issued by authorities vested with the law and supervisory and control bodies. The processing of personal data for the above purposes does not require your express consent (Article 24(a) and (b) of the Code and Article 6(b) and (e) of the GDPR). The processing of personal data for the purposes below requires your express consent (Art. 23 of the Code and Art. 7 of the GDPR). Said consent covers both the automated and traditional modes of communication described above. You will always have the right to object easily and free of charge, in whole or even in part, to the processing of your data for said purposes, for example, by excluding automated modes of contact and expressing your wish to receive commercial and promotional communications exclusively through traditional modes of contact. The purposes for which explicit consent is required are: 

- carrying out marketing and promotional activities of the Owner's products and services, commercial communications, both by automated means without operator intervention (e.g., sms, fax, mms, e-mail, etc.) and traditional means (via telephone, mail); d. processing of studies and market research. 


COMPULSORY OR OPTIONAL NATURE OF PROVIDING DATA AND CONSEQUENCES OF REFUSAL

The data requested for the purposes referred to in letters a) and b) above must be compulsorily provided for the fulfillment of legal obligations and/or for the conclusion and execution of the contractual relationship and the provision of the services requested. Therefore, your refusal, even partial, to provide such data would make it impossible for the Supplier to establish and manage the relationship itself and to provide the requested service. The provision of personal data necessary for the purposes referred to in letters c) and d) above is optional, therefore, your refusal to provide such data would result in the impossibility of implementing the activities described therein.

 

TRANSFER OF PERSONAL DATA ABROAD

Personal data are stored on servers located within the European Union. It is in any case understood that the Data Controller, should it become necessary, will be entitled to move the servers outside the EU as well. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

 

PERSONAL DATA RETENTION PERIOD

Personal data will be retained for the entire duration expressed by the contract entered into with the Controller concluded which data will be retained for the completion of the terms provided by law for the retention of administrative documents after which they will be deleted.
COMMUNICATION AND DISSEMINATION

Your personal data may be communicated, within the limits strictly pertinent to the above obligations, tasks and purposes and in compliance with the relevant regulations, to the following categories of subjects: 

- Subjects to whom such communication must be made in order to fulfill or to require the fulfillment of specific obligations under laws, regulations and/or EU legislation; 2. companies belonging to the Owner's Group or parent, subsidiary or associated companies pursuant to Art. 2359 of the Civil Code, which act as data processors or for administrative accounting purposes (purposes related to the performance of activities of an internal organizational, administrative, financial and accounting nature, in particular, functional to the fulfillment of contractual and pre-contractual obligations); 3. external natural and/or legal persons who provide services instrumental to the activities of the Owner for the purposes referred to in point 1. above (e.g. call centers, suppliers, agents, consultants, companies, entities, professional firms). These subjects will operate as data processors. Personal data will not be disseminated in any way.

 

RIGHTS UNDER ARTICLES 15 ET SEQ., GDPR

In your capacity as a data subject, as provided by the GDPR you have precisely the rights to:

I. obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
II. obtain an indication of:

of the origin of the personal data; b. the purposes and methods of processing; c. the logic applied in case of processing carried out with the aid of electronic instruments; d. the identification details of the owner, managers and designated representative; e. the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, managers or agents; III. obtain: a. the updating, rectification or, when interested, integration of data; b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; IV. to object, in whole or in part; for legitimate reasons, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection; b. to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject's right to object for direct marketing purposes by automated means extends to traditional marketing methods and that, in any case, the data subject's right to object remains unaffected, even in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication. Where applicable, he/she also has the rights to rectification, to be forgotten, to restrict processing, to data portability, to object, as well as the right to complain to the Data Protection Authority.

 

WAYS TO EXERCISE YOUR RIGHTS

You may at any time exercise your rights by sending an appropriate request (Download Template to exercise your Privacy rights) to the data controller or processor by:

- a registered letter with return receipt to:

{COMPANY_NAME}

{ADDRESS}

- pec e-mail to: