PRIVACY POLICY
Information pursuant to art. 13 of the European Regulation 679/2016 on the protection of personal data [GDPR])
In accordance with the requirements set by the General Regulation on the protection of personal data, the Data Controller provides the Data Subject with the following information in relation to the processing of personal data carried out.
| TITOLARE DEL TRATTAMENTO | |
| Owner | Zucchero e Scimmie S.R.L. |
| Address | Via di Scolivigne N. 2/A – 50012 Bagno a Ripoli (FI) |
| VAT number | 05700530487 / 05700530487 |
| Contact | PEC: zes@pec.it |
| Legal representative | Da Fano Vieri |
| Privacy referent | Da Fano Vieri (ZES@PEC.IT) |
| Data protection officer | Not present |
|
|
|
If you intend to ask for further information on the processing of your personal data or for the possible exercise of your rights, you can contact the mentioned Privacy Referent directly. |
|
Categories of interested parties |
||
|
Customers or Users [I will be processed by anyone who intends to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.], Prospective customers [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.] , Consumers [I will be processed by anyone who intends to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.], Employees [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Self-employed [I will be processed anyone who intends to provide their data , prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Consultants and freelancers [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.], Agents and representatives [I will be processed anyone who intends to provide their data prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.], Partners, associates and subscribers [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Subscribers [I will be processed anyone who intends to provide their data , prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Merchants [I will be processed by anyone who intends to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.], Entrepreneurs [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Family members of the interested party [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Students [I will be processed anyone who intends to provide their data , prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Minors [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.], Underage students [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Parents or those who exercise parental responsibility [I will be processed anyone who intends to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.], Other subjects – individuals [I will be processed anyone who intends to provide their data , prior to viewing and explicit consent to the processing the purposes related and correlated to the provision of the service.], Employees, collaborators, visitors, people who have access to the company premises [I will be processed by anyone intend to provide their data, prior to viewing and explicit consent to the processing, the purposes related and correlated to the provision of the service.] |
|
PROCESSING CARRIED OUT |
||
|
Online businesses with or without customer loyalty |
||
|
Description |
|
|
ORIGIN, PURPOSE, LEGAL BASIS AND NATURE OF THE DATA PROCESSED |
||
|
Origin |
|
|
|
Purpose |
1. Mail order or telephone sales – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out 2. Sale by electronic or radio and television – consent explicitly acquierd from the interested party in the lack of which the activities described won’t be carried out. 3. Customer management – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out.4. Fulfillment of tax and accounting obligations – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out.5. Management of litigation – consent explicitly acquierd from the data subject in the lack of which the activities described won’t be carried out.6. Monitoring of contractual obligations – consent explicitly acquierd from interested party, in the lack of which the activities described won’t be carried out.7. Internal control services – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out.8. Services to protect consumers and users – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out. 9.Marketing (analysis and market surveys) – Consent is unnecessary in that communications, for the purpose of direct sale of its products/services or for the purpose of satisfaction analysis or market surveys, use the e-mail coordinates collected by the data subject in the context of the sale of a product or a service similar to those subject to sale and without the expicit refusal of the interested party to such use, initially or in the event of subsequent communications. The information of the possibility to oppose the processing at any time is given in each communication (so-called opt out). 10. Advertising – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out.11. Promotional activities – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out.12. Detection of the degree of customer satisfaction – consent explicitly acquierd from the interested party, in the lack of which the activities described won’t be carried out.13. Radio and television information – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out.14. Information to customers of new services /products – consent explicitly acquierd from the interested party, in the lack of which the activities described won’t be carried out.15. Sending of informative and / or advertising material also by telephone or internet – consent explicitly acquierd from the interested party, in the lack of which the activities described won’t be carried out.16. Information by electronic means – consent explicitly acquierd from the interested party, in the lack of which the activities described won’t be carried out.17. Consulting activities – consent explicitly acquierd from the data subject in the lack of which the activities described won’t be carried out.18. Electronic payment instruments – consent explicitly acquierd from the data subject, in the lack of which the activities described won’t be carried out.19. Provision of the service – consent explicitly acquierd from the interested party in the lack of which the activities described won’t be carried out | |
|
Legal basis |
For purposes 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19: Consent of the interested party For the purpose 9: The processing is necessary for the pursuit of the legitimate interest of the data controller or third parties | |
|
Personal data processed |
Topics of interest, Tax code and other personal identification numbers, Telephone contact, Bank details, Contact and communication data, Behavior data, profiles of users, consumers, taxpayers, etc., Address of residence, e-mail address, Name, address or other elements of personal identification, Declared profession, Video surveillance video recordings, Gender m / f |
|
|
The “particular” data (sensitive data) are those defined by articles. 9 and 10 of Regulation 2016/679 / EU (“GDPR”). These data are processed, in compliance with the provisions of the GDPR as well as in view of the General Authorizations issued by the Guarantor Authority for the protection of personal data. |
||
|
Particular data processed |
– | |
|
Legal basis art. 9 |
|
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA |
||
|
Categories of recipients |
|
|
| Judicial offices, consultants and freelancers also in associated form, Companies and Business, Armed Forces, Police Forces, Employers, Associations of entrepreneurs and companies, Parent companies, Subsidiaries and affiliates, Associations and foundations, Associated and registered members, Judicial Authorities, Revenue Agency, Internal Managers, External Managers, Authorized Subjects, Private Subjects (natural or legal persons) , maintenance or supply companies of goods and services | ||
|
These entities, institutions, companies and professionals act as Data Controllers appointed by Mr. Zucchero e Scimmie S.R.L. and are themselves data controllers of the personal data transmitted to them. |
||
|
Your personal data, or the personal data of third parties in its ownership, may also be communicated to external companies, identified from time to time, such as Zucchero e Scimmie S.R.L. entrust the execution of obligations deriving from the assignment received to which only the data necessary for the activities requested of them will be transmitted. All employees, consultants, temporary and/or any other “individual” who, authorized to process, carry out their activity on the basis of the instructions received from Zucchero e Scimmie S.R.L., pursuant to art. art. 29 of the GDPR, are designated “Data Controllers” (in the following also “Appointees”). To the Appointees or Managers, possibly designated, Zucchero e Scimmie S.R.L. provides adequate operating instructions, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of data. Precisely with reference to the aspects of protection of personal data, you are invited, pursuant to art. 33 of the GDPR to report to Zucchero e Scimmie S.R.L. any circumstances or events from which a potential “violation of personal data (data breach)” may result in order to allow an immediate evaluation and the adoption of any actions aimed at countering this event by sending a communication to Zucchero e Scimmie S.R.L. to the addresses indicated above. The obligation of Zucchero e Scimmie S.R.L. remains unchanged. to communicate the data to Public Authorities upon specific request. |
|
TRANSFERABROAD |
|
|
Transfers to foreign countries (non-EU) or to international organizations |
Transfer subject to adequate safeguards (Art. 46) Code of Conduct approved pursuant to Article 40, together with the binding and enforceable commitment by the Data Controller or the Policy Referent in the third country to apply the appropriate safeguards, including with respect to the rights of data subjects. Personal data are transmitted to a country of the United States of America through a CRM software owned by a third party residing in the U.S.A. |
|
The transfer abroad of your personal data may take place if it is necessary for the management of the assignment received. For the processing of information and data that may be communicated to these subjects, the equivalent levels of protection adopted for the processing of personal data of its employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory instruments provided for by Chapter V of the GDPR will be applied. |
|
METHODS, PROCESSING LOGICS AND STORAGE TIMES |
||
|
The data for the purpose of loyalty in the strict sense, is necessary to allow adherence to the loyalty program and for the management of the fidelity card will be processed and stored until the administrative duration of the related program, or in any case until cancellation and / or termination by the member intervenes. In the case of any withdrawal, disabling for non-use within a certain period of time, expiration or return of the card (according to the provisions of the separate Loyalty Program Regulation), the retention period of personal data for exclusive administrative purposes (and not also profiling or marketing) will not exceed one quarter (without prejudice to any specific legal obligations on the conservation of accounting documentation). The Data Controller, in such circumtances, has implemented suitable mechanisms for automatic deletion of data, also by third parties to whom they have been eventually communicated). For other purposes, the processing will last no longer than is necessary for the purposes for which the data were collected. The shooting data are kept for a maximum duration of 24 hours, with subsequent automatic cancellation. |
|
|
Your data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and provisions of art. 5 c 1 gdpr. The processing of personal data takes place using manual, computerized and telematic tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee security and confidentiality. |
|
NATURE OF THE CONFERMENT |
|
|
The processing of personal data will be carried out for the following purposes: |
|
|
Purpose that do not require consent |
– Marketing (analysis and market surveys) – Consent is unnecessary in that communications, for the purpose of direct sale of its products/services or for the purpose of satisfaction analysis or market surveys, use the e-mail coordinates collected by the data subject in the context of the sale of a product or a service similar to those subject to sale and without the expicit refusal of the interested party to such use, initially or in the event of subsequent communications. The information of the possibility to oppose the processing at any time is given in each communication (so-called opt out) |
|
Purposes that require consent |
– Sale by mail order or telephone – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Sale by electronic or radio and television – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Customer management – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Fulfillment of tax and accounting obligations – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Management of litigation – consent explicitly acquired from the data subject in the lack of which the activities described won’t be carried out. – Monitoring of contractual obligations – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Internal control services – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Services to protect consumers and users – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Advertising – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Promotional activities – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Detection of the degree of customer satisfaction – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Radio and television information – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Information to customers of new services / products – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Sending of informative and / or advertising material also by telephone or internet – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Information by electronic means – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Consulting activities – consent explicitly acquired from the data subject in the lack of which the activities described won’t be carried out. – Electronic payment instruments – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out. – Provision of the service – consent explicitly acquired from the data subject, in the lack of which the activities described won’t be carried out |
|
Only with your explicit consent to be expressed at the bottom of this information, the data, whose purposes require consent, will be processed. The provision of data is in any case optional and will not result in prejudice in relation to the contractual relationship in place with the Data Controller |
|
|
For the data collected and used for needs related to the execution of activities related to the contractual relationship and compliance with the legal obligations indicated, your consent is not required. Failure to communicate the personal data referred to above will make it impossible to follow up on the relationship in question. For the data collected and used for the legitimate interest of the Data Controller, your consent is not required (letter f, art. 6, of the GDPR). The communication of the personal data referred to above is optional but necessary for the execution of the services offered by the Data Controller. Any refusal to communicate such data will make it impossible to provide all or part of the requested services. |
|
RIGHTS OF THE INTERESTED PARTIES (Artt. da 15 a 22 del GDPR) |
||
|
Right of access |
The interested party has the right, according to the provisions of articles. from 15 to 22 of the GDPR to request from the owner access to their personal data. |
|
|
The interested party has the right, according to the provisions of articles. from 15 to 22 of the GDPR to request the owner to rectify their personal data. |
|
|
Right to erasure |
The interested party has the right, according to the provisions of articles. from 15 to 22 of the GDPR to request the owner to delete their personal data. |
|
|
Right of limitation |
The interested party has the right, according to the provisions of articles. from 15 to 22 of the GDPR to request the owner to limit the data concerning him. |
|
|
Right to object |
The interested party has the right, according to the provisions of articles. from 15 to 22 of the GDPR to oppose their processing. |
|
|
Right of portability |
The interested party has the right, according to the provisions of articles. from 15 to 22 of the GDPR to exercise your right to data portability. |
|
|
The interested party has the right, according to the provisions of articles. from 15 to 22 of the GDPR to exercise your right to withdraw consent. |
|
|
Right to complain |
The interested party has the right, according to the provisions of art. 77 of the GDPR to exercise your right to lodge a complaint with the supervisory authority. |
|
AUTOMATED PROCESS |
|
|
Is there an automated process? |
Yes |
|
Automated processes or profiling methods |
Notwithstanding that even in case of consent of the interested party we will not proceed with the processing (however prohibited for profiling purposes) of data suitable for revealing the state of health and sex life, we inform you that the processing methods will in any case be relevant and not excessive with respect to the type of goods marketed or services rendered.The profiling activity may concern “individual” personal data or “aggregated” personal data deriving from detailed individual personal data. These processings may be carried out using personal data that are also aggregated according to predefined parameters depending on business needs. These data may include various personal information, including contractual data and data relating to consumption made, purchases made, habits and volumes of expenditure, levels of supply of goods and / or services, etc. from which it is possible to infer further indications referable to each interested party (for example, consumption range, level of expenditure incurred at regular intervals, etc.).We draw particular attention to the fact that the provision of personal data and consent to communication to third parties for the purposes described above are absolutely optional and optional (and in any case revocable without formalities even after the service), and failure to provide it will not determine consequences other than the impossibility for the data controller to proceed with the aforementioned profiling.Even if you have given your consent to authorize the Data Controller to pursue the purposes of profiling, you will still be free at any time to revoke it, sending without formalities any clear communication to this effect. Following receipt of this opt-out request, the Data Controller will promptly proceed with the removal and deletion of its data from the databases (the latter in any case not interconnected or a source of interweaving and comparison of data with those used for loyalty in the strict sense) and inform for the same purposes of cancellation any third parties to whom the data have been communicated. The simple receipt of your cancellation request will automatically be valid as confirmation of cancellation. |
|
Base legale |
Consent explicitly acquired from the data subject |
The Data Controller reserves the right to make to this policy all changes deemed appropriate or made mandatory by the regulations in force, at its sole discretion and at any time. On such occasions, users will be duly informed of the changes that have occurred.
Data Controller
Zucchero e Scimmie S.R.L.
———–
LDA FASHION S.R.L. Via delle Genziane, 13/E 00012 Guidonia Montecelio (RM) P. IVA 14345861000 Information pursuant to art. 13 and Art. 14 of European Regulation 679/2016 on the protection of personal data [GDPR]) In accordance with the requirements laid down by the General Regulation on the protection of personal data, the Data Controller provides the data subject with the following information in relation to the processing of personal data carried out.| DATA CONTROLLER | |
| Owner | Mr Ravicini Andrea |
| Address | Via delle Genziane 13/E – 00012 Guidonia Montecelio (Rome) |
| VAT NUMBER / FC | RVCNDR82P05L182C |
| Contacts | ldafashionsrl@pec.gocciagroup.it |
| Legal representative | Ravicini Andrea |
| Privacy referent | Ravicini Andrea (ldafashionsrl@pec.gocciagroup.it) |
| Data protection officer | Not present |
| Treatment contitors | · No accounting present |
| If you intend to request further information on the processing of your personal data or for the possible exercise of your rights, you may contact the Privacy Representative in writing. |
| CATEGORIES OF PERSONS CONCERNED | |
| List of categories of persons concerned | Customers or Users, Potential Customers, Members, Associates and Subscribers, Minors |
| TREATMENT CARRIED OUT | |
| Online business with customer loyalty | |
| Description | Activity related to the processing of personal data for the production, distribution and sale of goods or services online and customer loyalty through registration to a loyalty program. |
| ORIGIN, FINALITY, LEGAL BASIS AND NATURE OF THE DATA PROCESSED | |
| Origin | The data are partly collected from the data subject and partly collected from third parties. Description of the source: the data can be collected through a website(s) of ours or third parties and managed by us and through our management. The data comes from a source accessible to the public |
| Purpose | 1. Sale by mail order or telephone – Consent received by the data subject during the collection of personal data by acceptance inserted in the information. In case of non-consent, the sale by mail order or by telephone will not be made. 2. Sale electronically or by radio and television – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the sale will not be made electronically or by radio and television. 3. Customer management – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 4. Fulfillment of tax and accounting obligations – Acquisition of data for printing and sending the invoice both in paper and digital form. 5. Litigation Management – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 6. Monitoring of contractual obligations – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 7. Activity planning – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 8. Marketing (market analysis and investigation) – Unnecessary consent in that communications, for the purpose of direct sale of its products/services or for the purposes of satisfaction analysis or market surveys, use the e-mail coordinates collected by the data subject in the context of the sale of a product or service similar to those subject to sale and without the express refusal by the interested party to such use, initially or in the event of subsequent communications. In each communication is given the information of the possibility to oppose the processing at any time (so-called opt out). 9. Advertising – Consent explicitly acquired by the data subject, stored in our management and in our specific assetsotherwise that the activities described are not carried out. 10. Promotional activities – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, profiling for promotional purposes of the data subject will not be carried out. 11. Customer satisfaction detection – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 12. Radio and television information – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 13. Customer information of new services/products – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 14. Sending of information and/or advertising material also by telephone or internet – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the information and/or advertising material will not be sent. 15. Information electronically – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 16. Consulting activities – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 17. Provision of the service – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out |
| Legal basis | For purposes 1, 2, 3, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17: Consent of the Data Subject. For purposes 4: Processing is necessary to fulfill a legal obligation to which the data controller is subject. For purposes 8: Processing is necessary for the pursuit of the legitimate interest of the data controller or third parties. |
| Personal data processed | Topics of interest, Tax Code and other personal identification numbers, Telephone contact, Bank details, Contact and communication data, Data relating to images collected and processed through video surveillance systems, Behavior data, user profiles, consumers, taxpayers, etc., Address of residence, E-mail address, Name, address or other elements of personal identification, Profession declared, Video surveillance film recordings, Sex m/f |
| The “particular” data (sensitive data) are those defined by Art. 9 and 10 of Regulation 2016/679/EU (“GDPR”). These data are processed, in compliance with the GDPR as well as in the light of the General Authorizations issued by the Supervisory Authority for the protection of personal data. | |
| Particular data processed | – |
| Legal basis art. 9 |
| RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA | |
| Target categories | It is provided for the communication of your personal data, made on the legal bases provided for in Article 6 of Regulation 2016/679/EU, to the following third parties: |
| Judicial offices, Consultants and freelancers also in an associated form, Companies and Companies, Armed Forces, Police Forces, Employers, Associations of Entrepreneurs and Companies, Parent Companies, Subsidiaries and Related Companies, Associations and Foundations, Associate and Members, Judicial Authorities, Revenue Agency, Internal Managers, External Managers, Authorized Subjects, Private Subjects (Natural or Legal Persons) , maintenance or supply companies for goods and services | |
| These bodies, bodies, companies and professionals act as Data Controllers appointed by Mr. Ravicini Gabriele or are themselves data controllers transmitted to them. | |
| Your personal data, or the personal data of third parties in its ownership, may also be communicated to external companies, identified from time to time, to which Mr. Ravicini Gabriele entrusts the execution of obligations deriving from the assignment received to which only the data necessary for the activities requested of them will be transmitted. All employees, consultants, temporary and/or any other “natural person” who, authorized to process, carry out their activity on the basis of the instructions received from Mr. Ravicini Gabriele, pursuant to art. art. 29 of the GDPR, are designated “Data Controllers” (in the following also “Appointees”). To the Appointees or Managers, possibly designated, Mr. Ravicini Gabriele gives appropriate operational instructions, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of data. Precisely with reference to the protection aspects of personal data, you are invited, pursuant to art. 33 of the GDPR to report to Mr. Ravicini Gabriele any circumstances or events from which a potential “breach of personal data (data breach) may result” in order to allow an immediate evaluation and the adoption of any actions aimed at countering this event by sending a communication to Mr. Ravicini Gabriele to the contact details indicated above. The obligation of Mr. Ravicini Gabriele to communicate the data to Public Authorities on specific request remains compulsory. |
| TRANSFER ABROAD | |
| Transfers to foreign countries (non-EU) or international organisations | · U.S. · Transfer subject to adequate guarantees (Article 46) · Code of conduct approved pursuant to Article 40, together with a binding and enforceable undertaking by the data controller or data controller in the third country to apply the appropriate safeguards, including with regard to the rights of the persons concerned · The data is processed through a CRM owned by a third party residing in the U.S.A. or based in the United States of America. |
| The transfer of your personal data abroad may take place if it is necessary for the management of the assignment received. For the processing of information and data that will be communicated to these subjects, the equivalent levels of protection adopted for the processing of the personal data of their employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided for by Chapter V of the GDPR will be applied. |
| MODALITIES, TREATMENT LOGICS AND STORAGE TIMES | |
| Duration of treatment | The data for the purpose of loyalty in the strict sense, that is, necessary to allow adherence to the loyalty program and for the management of the fidelity card will be processed and stored until the administrative duration of the relative program, or in any case until cancellation and /or cancellation by the member. In the case of possible cancellation, disabling for non-use within a certain time frame, expiry or return of the card (according to the provisions of the separate Regulation of the Loyalty Program), the deadline for the storage of personal data for exclusive administrative purposes (and not even profiling or marketing) will not exceed one quarter (without prejudice to any specific legal obligations on the storage of accounting documentation). The Data Controller, in such cases, has implemented appropriate mechanisms for the automatic deletion of data, including by third parties to whom they have been communicated. For the other purposes, the processing will last no longer than that necessary for the purposes for which the data were collected. The shooting data is stored for a maximum duration of 24 hours, with subsequent automatic deletion. |
| Your data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and requirements of art. 5 and 1 of the GDPR. The processing of personal data takes place through manual, IT and telematic tools with logics closely related to the purposes themselves and, in any case, in order to guarantee their security and confidentiality. |
| NATURE OF THE CONTRIBUTION | |
| The processing of personal data will be carried out for the following purposes: | |
| Purposes that do not require consent | – Fulfillment of tax and accounting obligations – Acquisition of data for printing and sending the invoice both in paper and digital form.- Marketing (analysis and market surveys) – Unnecessary consent in that communications, for the purpose of direct sale of its products/services or for the purpose of satisfaction analysis or market surveys, use the e-mail coordinates collected by the data subject in the context of the sale of a product or service similar to those sold and without the express refusal by the interested party to such use, initially or on the occasion of subsequent communications. In each communication is given the information of the possibility to oppose the processing at any time (so-called opt out) |
| Purposes that require consent | – Mail order or telephone sales – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the sale by mail order or by telephone will not be made. – Sale electronically or by radio and television – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the sale will not be made electronically or by radio and television. – Customer management – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Litigation management – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Monitoring of contractual obligations – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Planning of activities – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Advertising – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Promotional activities – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, profiling for promotional purposes of the data subject will not be carried out. – Detection of the degree of customer satisfaction – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Radio and television information – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Customer information of new services/products – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Sending of information material and/or advertising also by telephone or internet – Consent received by the data subject during the collection of personal data through acceptance included in the information. In case of non-consent, the information and/or advertising material will not be sent. – Information electronically – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Consulting activities – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Provision of the service – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out |
| Only with your explicit consent to be manifested at the bottom of this information, the data, the purposes of which require consent, will be processed. The provision of data is however optional and will not prejudice in relation to the contractual relationship in place with the Data Controller | |
| Your consent is not required for the data collected and used for needs related to the execution of activities related to the contractual relationship and compliance with the legal obligations indicated. Failure to communicate the above personal data will make it impossible to follow up the report in question. For the data collected and used for the legitimate interest of the Data Controller, your consent is not required (paragraph f, art. 6, of the GDPR). The communication of the above personal data is optional but necessary for the execution of the services offered by the Data Controller. Any refusal to disclose such data will make it impossible to provide all or part of the requested services. |
| RIGHTS OF DATA SUBJECTS (Articles 15 to 22 of the GDPR) | |
| Right of access | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to request access to their personal data from the holder. |
| Right of rectification | The person concerned is entitled, in accordance with the provisions of Art. from 15 to 22 of the GDPR to request the owner to rectify their personal data. |
| Right of cancellation | The person concerned is entitled, in accordance with the provisions of Art. from 15 to 22 of the GDPR to request the owner to delete their personal data. |
| Right of limitation | The person concerned is entitled, in accordance with the provisions of Art. from 15 to 22 of the GDPR to request the data controller to limit the data concerning him. |
| Right of objection | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to oppose their treatment. |
| Portability right | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to exercise their right to data portability. |
| Right of revocation | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to exercise their right to revocation consent. |
| Right of complaint | The person concerned is entitled, in accordance with art. 77 of the GDPR to exercise its right to lodge a complaint with the supervisory authority. |
| AUTOMATED PROCESS | |
| Is there an automated process? | Yes |
| Automated processes or profiling methods | It being understood that even in the event of consent of the data subject we will not proceed with the processing (however prohibited for profiling purposes) of data suitable to reveal the state of health and sex life, we inform you that the methods of processing will in any case be relevant and not exceeding the type of goods marketed or services rendered. Profiling activity may concern “individual” personal data or “aggregated” personal data deriving from detailed individual personal data. These processings can be carried out using personal data that are also aggregated according to predefined parameters depending on the company’s needs. Such data may include personal information of a varied type, including contractual data and data relating to consumption made, purchases made, habits and volumes of expenditure, levels of supply of goods and/or services, etc. from which it is possible to inferred further indications referring to each data subject (for example, consumption range, level of expenditure incurred at regular intervals, etc.). We focus with particular attention on the fact that the provision of personal data and consent to communication to third parties for the purposes described above are absolutely optional and optional (and in any case revocable without formalities even after the performance), and failure to provide will not result in consequences other than the impossibility for the data controller to proceed with the mentioned profiling. Even where you have given consent to authorize the Data Controller to pursue profiling purposes, you will still remain free at any time to revoke it, sending without formality any clear communication to this effect. Following the receipt of this opt-out request, it will be the responsibility of the Data Controller to promptly remove and delete its data from the databases (the latter however not interconnected or source of data weaves and comparisons with those used for loyalty in the strict sense) and inform for the same deletion purposes any third parties to whom the data have been communicated. The simple receipt of your cancellation request will automatically apply as confirmation of cancellation. |
| Legal basis | Explicit consent of the data subject |
| DATA CONTROLLER | |
| Owner | Mr Ravicini Gabriele |
| Address | Via Tiburtina km 20,500 – U74, 00012 Guidonia Montecelio (Rome) |
| VAT Number | RVCGRL50S06I284Z |
| Contacts | gocciasrl@legalmail.it |
| Legal representative | Ravicini Gabriele |
| Privacy referent | Ravicini Gabriele (gocciasrl@legalmail.it) |
| Data protection officer | Not present |
| Treatment contitors | · No accounting present |
| If you intend to request further information on the processing of your personal data or for the possible exercise of your rights, you may contact the Privacy Representative above. |
| CATEGORIES OF INTERESTED PARTIES | |
| List of categories of interested parties | Customers or Users, Potential Customers, Members, Associates and Subscribers, Minors |
| TREATMENT CARRIED OUT | |
| Business with customer loyalty | |
| Description | Activity related to the processing of personal data for the production, distribution and sale of goods or services and customer loyalty through the registration to a loyalty program and points. |
| ORIGIN, FINALITY, LEGAL BASIS AND NATURE OF THE DATA PROCESSED | |
| Origin | Data collected from the data subject. |
| Purpose | 1. Sale by mail order or phone – Consent received by the data subject during the collection of personal data by acceptance inserted in the information. In case of non-consent, the sale by mail order or by telephone will not be made. 2. Sale electronically or by radio and television – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the sale will not be made electronically or by radio and television. 3. Customer management – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 4. Fulfillment of tax and accounting obligations – Acquisition of data for printing and sending the invoice both in paper and digital form. 5. Litigation Management – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 6. Monitoring of contractual obligations – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 7. Activity planning – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 8. Marketing (market analysis and investigation) – Unnecessary consent in that communications, for the purpose of direct sale of its products/services or for the purposes of satisfaction analysis or market surveys, use the e-mail coordinates collected by the data subject in the context of the sale product or service similar to those subject to sale and without the express refusal by the interested party to such use, initially or in the event of subsequent communications. In each communication is given the information of the possibility to oppose the processing at any time (so-called opt out). 9. Advertising – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 10. Promotional activities – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, profiling for promotional purposes of the data subject will not be carried out. 11. Customer satisfaction detection – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 12. Radio and television information – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 13. Customer information of new services/products – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 14. Sending of information and/or advertising material also by telephone or internet – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the information and/or advertising material will not be sent. 15. Information electronically – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, in the absence of which the activities described are not carried out. 16. Consulting activities – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. 17. Provision of the service – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out |
| Legal basis | For purposes 1, 2, 3, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17: Consent of the Data Subject. For purposes 4: Processing is necessary to fulfill a legal obligation to which the data controller is subject. For purposes 8: Processing is necessary for the pursuit of the legitimate interest of the data controller or third parties. |
| Personal data processed | Topics of interest, Tax Code and other personal identification numbers, Telephone contact, Bank details, Contact and communication data, Data relating to images collected and processed through video surveillance systems, Behavior data, user profiles, consumers, taxpayers, etc., Address of residence, E-mail address, Name, address or other elements of personal identification, Profession declared, Video surveillance film recordings, Sex m/f |
| The “particular” data (sensitive data) are those defined by Art. 9 and 10 of Regulation 2016/679/EU (“GDPR”). These data are processed, in compliance with the GDPR as well as in view of the General Authorizations issued by the Supervisory Authority for the protection of personal data. |
| Particular data processed | – |
| Legal basis art. 9 |
| RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA | |
| Target categories | It is provided for the communication of your personal data, made on the legal bases provided for in Article 6 of Regulation 2016/679/EU, to the following third parties: |
| Judicial offices, Consultants and freelancers also in an associated form, Companies and Companies, Armed Forces, Police Forces, Employers, Associations of Entrepreneurs and Companies, Parent Companies, Subsidiaries and Related Companies, Associations and Foundations, Associate and Members, Judicial Authorities, Revenue Agency, Internal Managers, External Managers, Authorized Subjects, Private Subjects (Natural or Legal Persons) , maintenance or supply companies for goods and services | |
| These bodies, bodies, companies and professionals act as Data Controllers appointed by Mr. Ravicini Gabriele or are themselves data controllers transmitted to them. | |
| Your personal data, or the personal data of third parties in its ownership, may also be communicated to external companies, identified from time to time, to which Mr. Ravicini Gabriele entrusts the execution of obligations deriving from the assignment received to which only the data necessary for the activities requested of them will be transmitted. All employees, consultants, temporary and/or any other “natural person” who, authorized to process, carry out their activity on the basis of the instructions received from Mr. Ravicini Gabriele, pursuant to art. art. 29 of the GDPR, are designated “Data Controllers” (in the following also “Appointees”). To the Appointees or Managers, possibly designated, Mr. Ravicini Gabriele gives appropriate operational instructions, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of data. Precisely with reference to the protection aspects of personal data, you are invited, pursuant to art. 33 of the GDPR to report to Mr. Ravicini Gabriele any circumstances or events from which a potential “breach of personal data (data breach) may result” in order to allow an immediate evaluation and the adoption of any actions aimed at countering this event by sending a communication to Mr. Ravicini Gabriele to the contact details indicated above. The obligation of Mr. Ravicini Gabriele to communicate the data to Public Authorities on specific request remains compulsory. |
| TRANSFER ABROAD | |
| Transfers to foreign countries (non-EU) or international organisations | · U.S. · Transfer subject to adequate guarantees (Article 46) · Code of conduct approved pursuant to Article 40, together with a binding and enforceable undertaking by the data controller or data controller in the third country to apply the appropriate safeguards, including with regard to the rights of the persons concerned · The data is processed through a CRM owned by a third party residing in the U.S.A. or based in the United States of America. |
| The transfer of your personal data abroad may take place if it is necessary for the management of the assignment received. For the processing of information and data that will be communicated to these subjects, the equivalent levels of protection adopted for the processing of the personal data of their employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory tools provided for by Chapter V of the GDPR will be applied. |
| MODALITIES, TREATMENT LOGICS AND STORAGE TIMES | |
| Duration of treatment | The data for the purpose of loyalty in the strict sense, that is, necessary to allow adherence to the loyalty program and for the management of the fidelity card will be processed and stored until the administrative duration of the relative program, or in any case until cancellation and /or cancellation by the member. In the case of possible cancellation, disabling for non-use within a certain time frame, expiry or return of the card (according to the provisions of the separate Regulation of the Loyalty Program), the deadline for the storage of personal data for exclusive administrative purposes (and not even profiling or marketing) will not exceed one quarter (without prejudice to any specific legal obligations on the storage of accounting documentation). The Data Controller, in such cases, has implemented appropriate mechanisms for the automatic deletion of data, including by third parties to whom they have been communicated. For the other purposes, the processing will last no longer than that necessary for the purposes for which the data were collected. The shooting data is stored for a maximum duration of 24 hours, with subsequent automatic deletion. |
| Your data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and requirements of art. 5 and 1 of the GDPR. The processing of personal data takes place through manual, IT and telematic tools with logics closely related to the purposes themselves and, in any case, in order to guarantee their security and confidentiality. |
| NATURE OF THE CONTRIBUTION | |
| The processing of personal data will be carried out for the following purposes: | |
| Purposes that do not require consent | – Fulfillment of tax and accounting obligations – Acquisition of data for printing and sending the invoice both in paper and digital form.- Marketing (analysis and market surveys) – Unnecessary consent in that communications, for the purpose of direct sale of its products/services or for the purpose of satisfaction analysis or market surveys, use the e-mail coordinates collected by the data subject in the context of the sale of a product or service similar to those sold and without the express refusal by the interested party to such use, initially or on the occasion of subsequent communications. In each communication is given the information of the possibility to oppose the processing at any time (so-called opt out) |
| Purposes that require consent | – Mail order or telephone sales – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the sale by mail order or by telephone will not be made. – Sale electronically or by radio and television – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, the sale will not be made electronically or by radio and television. – Customer management – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Litigation management – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Monitoring of contractual obligations – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Planning of activities – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Advertising – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Promotional activities – Consent received by the data subject during the collection of personal data by acceptance included in the information. In case of non-consent, profiling for promotional purposes of the data subject will not be carried out. – Detection of the degree of customer satisfaction – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Radio and television information – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Customer information of new services/products – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Sending of information material and/or advertising also by telephone or internet – Consent received by the data subject during the collection of personal data through acceptance included in the information. In case of non-consent, the information and/or advertising material will not be sent. – Information electronically – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Consulting activities – Consent acquired explicitly by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out. – Provision of the service – Consent explicitly acquired by the data subject, stored in our management and in our specific assets, otherwise that the activities described are not carried out |
| Only with your explicit consent to be manifested at the bottom of this information, the data, the purposes of which require consent, will be processed. The provision of data is however optional and will not prejudice in relation to the contractual relationship in place with the Data Controller | |
| Your consent is not required for the data collected and used for needs related to the execution of activities related to the contractual relationship and compliance with the legal obligations indicated. Failure to communicate the above personal data will make it impossible to follow up the report in question. For the data collected and used for the legitimate interest of the Data Controller, your consent is not required (paragraph f, art. 6, of the GDPR). The communication of the above personal data is optional but necessary for the execution of the services offered by the Data Controller. Any refusal to disclose such data will make it impossible to provide all or part of the requested services. |
| RIGHTS OF DATA SUBJECTS (Articles 15 to 22 of the GDPR) | |
| Right of access | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to request access to their personal data from the holder. |
| Right of rectification | The person concerned is entitled, in accordance with the provisions of Art. from 15 to 22 of the GDPR to request the owner to rectify their personal data. |
| Right of cancellation | The person concerned is entitled, in accordance with the provisions of Art. from 15 to 22 of the GDPR to request the owner to delete their personal data. |
| Right of limitation | The person concerned is entitled, in accordance with the provisions of Art. from 15 to 22 of the GDPR to request the data controller to limit the data concerning him. |
| Right of objection | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to oppose their treatment. |
| Portability right | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to exercise their right to data portability. |
| Right of revocation | The person concerned is entitled, in accordance with the provisions of Art. 15 to 22 of the GDPR to exercise their right to revocation consent. |
| Right of complaint | The person concerned is entitled, in accordance with art. 77 of the GDPR to exercise its right to lodge a complaint with the supervisory authority. |
| AUTOMATED PROCESS | |
| Is there an automated process? | Yes |
| Automated processes or profiling methods | It being understood that even in the event of consent of the data subject we will not proceed with the processing (however prohibited for profiling purposes) of data suitable to reveal the state of health and sex life, we inform you that the methods of processing will in any case be relevant and not exceeding the type of goods marketed or services rendered. Profiling activity may concern “individual” personal data or “aggregated” personal data deriving from detailed individual personal data. These processings can be carried out using personal data that are also aggregated according to predefined parameters depending on the company’s needs. Such data may include personal information of a varied type, including contractual data and data relating to consumption made, purchases made, habits and volumes of expenditure, levels of supply of goods and/or services, etc. from which it is possible to inferred further indications referring to each data subject (for example, consumption range, level of expenditure incurred at regular intervals, etc.). We focus with particular attention on the fact that the provision of personal data and consent to communication to third parties for the purposes described above are absolutely optional and optional (and in any case revocable without formalities even after the performance), and failure to provide will not result in consequences other than the impossibility for the data controller to proceed with the mentioned profiling. Even where you have given consent to authorize the Data Controller to pursue profiling purposes, you will still remain free at any time to revoke it, sending without formality any clear communication to this effect. Following the receipt of this opt-out request, it will be the responsibility of the Data Controller to promptly remove and delete its data from the databases (the latter however not interconnected or source of data weaves and comparisons with those used for loyalty in the strict sense) and inform for the same deletion purposes any third parties to whom the data have been communicated. The simple receipt of your cancellation request will automatically apply as confirmation of cancellation. |
| Legal basis | Explicit consent of the data subject |