Disclosure pursuant to articles 13 and 14 of Regulation (EU) 2016/679 - WEB
version n.2 dated 03-05-2021
Download the PDF version
With this document ("Information") the Data Controller, as defined below, wishes to inform you on the purposes and methods of processing your personal data and on the rights granted to you by Regulation (EU) 2016/679 relating to the protection of natural persons, with regard to the processing of personal data and their free movement ("GDPR"). This Information may be integrated by the Data Controller where any additional services requested by you should involve further processing.
OWNER OF THE TREATMENT
Francesca Acanfora VAT number: 15981871005 with headquarters in Via Edita Broglio, 27 - 00125 Rome, Italy, Email: amministrazione@atelierdelbarboncino.it
TYPES OF DATA PROCESSED
The processing activities carried out are aimed at acquiring the following personal data:
|
Category
|
Guy
|
|
Common data
|
Personal data
|
|
Common data
|
Navigation logs
|
|
Common data
|
Profiling cookies
|
|
Economic data
|
Tax them
|
CATEGORIES OF INTERESTED PARTIES
The processing activities carried out are aimed at the following categories of data subjects:
PURPOSE OF THE TREATMENT AND CONDITION WHICH MAKES THE TREATMENT LEGAL
- Fulfillments of Law
The processing of personal data is necessary for the fulfillment of obligations established by laws, regulations and/or community regulations, by supervisory/control bodies or by other legitimate authorities, such as for example administrative, accounting and tax obligations.
The data you provide will be processed for the following purposes:
|
Condition Lawfulness Treatment
|
Purpose
|
Description
|
|
Legal Obligation - Art. 6, c.1, let. c. GDPR
|
Conservation of documents in paper form.
|
Conservation of accounting and administrative documents in paper form.
|
|
Legal Obligation - Art. 6, c.1, let. c. GDPR
|
Storage of documents in digital form.
|
Conservation of accounting and administrative documents in digital form.
|
|
Legal Obligation - Art. 6, c.1, let. c. GDPR
|
Storage of invoices issued/received.
|
Digital storage of invoices issued/received (electronic invoicing).
|
Nature of the contribution: Mandatory
Consequences of refusing to provide data: Failure to provide data will make it impossible for the Data Controller to execute the contract.
Personal data retention period: Personal data will be processed for this purpose for the time necessary to fulfill the legal obligations established by current legislation. In this regard, personal data will be kept for 10 years starting from the termination of the contract or, if later, from a binding decision issued by a competent authority, without prejudice to any conservation obligations relating to particular categories of data, for longer periods of time, prescribed by the legal system.
Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing
Type of data processed: common and economic data
Processing methods: The processing is mainly performed with IT tools.
Information on minors: data of minors will not be processed
Transfer to third countries: data will not be transferred outside the EU
- Marketing and Soft Spam
The Data Controller intends to process your personal data in order to send commercial communications of the Data Controller's products and services, including direct marketing through the use of instant messaging services such as WhatsApp, Messenger, Telegram, social media, also using traditional or electronic means such as for example the inclusion in the newsletter or the sending of emails, or for the transmission of commercial offers promoted by the Data Controller. Transmission of newsletters concerning similar products already purchased by customers.
The data you provide will be processed for the following purposes:
|
Condition Lawfulness Treatment
|
Purpose
|
Description
|
|
Consent - Art. 6, c.1, let. to. GDPR
|
Newsletter transmission.
|
Transmission of commercial newsletters to the e-mail addresses of customers and/or potential customers.
|
|
Consent - Art. 6, c.1, let. to. GDPR
|
Transmission of Instant Messages.
|
Transmission of instant messages using tools such as SMS, Whatsapp, Telegram.
|
Nature of the provision: Optional
Consequences of refusal to provide data: Failure to provide data will make it impossible for the interested party to receive messages relating to promotions offered by the Data Controller
Personal data retention period: The deleted data will be deleted immediately following the termination of the contract or revocation of consent.
The data relating to prospects, for which the contract will not be finalized, will be canceled within 24 months of registration.
Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing.
Type of data processed: common data
Processing methods: The processing is mainly performed with IT tools.
Information on minors: data of minors will not be processed
Transfer to third countries: Data will not be transferred outside the EU
|
3. Browsing and Web data
Obtain anonymous statistical information on use, check the correct functioning of the site, ascertain responsibility in the event of hypothetical computer crimes against the Owner.
The data you provide will be processed for the following purposes:
|
Condition Lawfulness Treatment
|
Purpose
|
Description
|
|
Legitimate Interest - Art. 6, c.1, let. f. GDPR
|
Technological maintenance of the site.
|
Data analysis to perform the evolution and maintenance of the website.
|
|
Legitimate Interest - Art. 6, c.1, let. f. GDPR
|
Illegal use of the site.
|
Ascertainment of responsibility in the event of potential computer crimes against the site and/or the Data Subjects.
|
|
Legitimate Interest - Art. 6, c.1, let. f. GDPR
|
Statistical analysis.
|
Statistical analysis, anonymous, on the use of the site.
|
Nature of the contribution: Mandatory
Consequences of refusing to provide data: Failure to provide data will make it impossible for the company to provide the web service provided.
Personal data retention period: The data is kept for 30 days.
Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing
Type of data processed: common data
Methods of Treatment: The treatment is performed with IT tools.
Information on minors: data of minors will not be processed
Transfer to third countries: Data will not be transferred outside the EU
|
|
- Requests from the Website and Social Media
Processing connected to the management of customer care activities on the web, such as for example: managing responses to requests sent via form, commenting on a facebook post or managing a problem reported online. The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are necessary for the use of web services.
The data you provide will be processed for the following purposes:
|
Condition Lawfulness Treatment
|
Purpose
|
Description
|
|
Legitimate Interest - Art. 6, c.1, let. f. GDPR
|
Fulfill user requests
|
The interest of the owner and of the interested party in processing personal data is legitimate for the purpose of fulfilling requests received via the web
|
Nature of the provision: Optional
Consequences of refusal to provide data: Failure to provide the requested data will make it impossible for the Data Controller to provide services and satisfy requests received from social channels (Facebook, Instagram, etc.) and will not allow the Data Controller to use personal data to respond to questions from the interested party.
Personal data retention period: The data collected will be processed for the time strictly necessary for the achievement of the purposes described above, as specified in the reference policies of the social channels used. Personal data will be actively processed for the time necessary to manage the existing relationship. The information collected will be deleted within 60 days.
Public Posts shared independently on web platforms may be deleted according to the rules provided by the manager (facebook, instagram, youtube, etc) or by making a request to the Data Controller.
Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing
Type of data processed: common data
Methods of Treatment: The treatment is performed with IT tools.
Information on minors: Data of minors will not be processed
Transfer to third countries: Data will not be transferred outside the EU
Remarketing
Use of the Google AdWords and Facebook advertising platforms to advertise the products/services offered by the Data Controller on third-party websites.
The remarketing activity could consist in conducting advertising campaigns, carried out on the Google search results page, on a site in the Google Display Network (Google Adsense) or within the Facebook social network, aimed at site visitors who they will have granted consent for this purpose.
Third party vendors, including Google and Facebook, use cookies to serve ads based on previous visits to our website. Of course, all data collected will be used in accordance with our privacy policy, as well as the privacy policies of Google and Facebook.
You can object to remarketing advertising campaigns via the following links:
for Google:
- https://support.google.com/ads/answer/2662922?hl=it
- https://adssettings.google.com/authenticated?hl=en#display_optout
for Facebook:
https://www.facebook.com/ads/website_custom_audiences/
The data you provide will be processed for the following purposes:
|
Condition Lawfulness Treatment
|
Purpose
|
Description
|
|
Consent - Art. 6, c.1, let. to. GDPR
|
Use of cookies for remarketing activities
|
Use of cookies for the configuration and management of advertising campaigns carried out on the facebook platform and google display network.
|
Nature of the provision: Optional
Consequences of refusing to provide data: Failure to provide consent will make it impossible for the Data Controller to promote products/services on third party sites other than that of the Data Controller.
Personal data retention period: The period of use of the remarketing cookie, used by this site, is 30 days for google adwords and 30 days for the social network Facebook.
Minimum Data Protection Measures: Standard Protection Measures
Type of data processed: common data profiling cookies
Processing methods: The data will be processed mainly with IT tools
Information on minors: data of minors will not be processed
Transfer to third countries: data will not be transferred outside the EU.
E-Commerce site
The data controller intends to use your data in order to send the products purchased on the website.
The data you provide will be processed for the following purposes:
|
Condition Lawfulness Treatment
|
Purpose
|
Description
|
|
Contract execution - Art. 6, c.1, let. b. GDPR
|
Ship products requested on the website via e-commerce.
|
In order to be able to satisfy customer requests, it is necessary to use personal data.
|
Nature of the contribution: Mandatory
Consequences of refusal to provide data: In the event of revocation it will not be possible for the data controller to send the products purchased on the website.
Personal data retention period: Personal data will be processed for this purpose for the time necessary to fulfill the legal obligations established by current legislation.
In this regard, personal data will be kept for 10 years starting from the termination of the contract or, if later, from a binding decision issued by a competent authority, without prejudice to any conservation obligations relating to particular categories of data, for longer periods of time, prescribed by the legal system.
Minimum Data Protection Measures: Standard Protection Measures
Type of data processed: common data profiling cookies
Processing methods: The data will be processed mainly with IT tools
Information on minors: data of minors will not be processed
Transfer to third countries: data will not be transferred outside the EU.
RECIPIENTS OF THE TREATMENT
|
Role
|
Recipient or Recipient Category
|
Economic sector
|
|
Responsible for the treatment
|
Hosting Service Providers
|
Web
|
|
Responsible for the treatment
|
Webmasters
|
Communication
|
|
Responsible for the treatment
|
Administrative and Fiscal Consulting
|
Financial advisor
|
|
Data Controller
|
Legal representative
|
Legal representative
|
|
RIGHTS OF THE INTERESTED PARTY - COMPLAINT TO THE SUPERVISORY AUTHORITY
|
|
In relation to the treatments described in this Information, as an interested party you may, under the conditions set out in the GDPR, exercise the rights set out in articles 15 to 22 of the GDPR and, in particular, the following rights:
โ right of access โ article 15 GDPR: right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, obtain access to your personal data;
โ right of rectification - article 16 GDPR: right to obtain, without unjustified delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;
โ right to cancellation (right to be forgotten) โ article 17 GDPR: right to obtain, without unjustified delay, the cancellation of personal data concerning you. The right to erasure does not apply to the extent that the processing is necessary for compliance with a legal obligation or for the performance of a task performed in the public interest or for the establishment, exercise or defense of legal claims. in court.
โ right to limitation of processing โ article 18 GDPR: right to obtain limitation of processing, when: a) the data subject disputes the accuracy of the personal data; b) the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that their use be limited; c) personal data are necessary for the interested party to ascertain, exercise or defend a right in court; d) the interested party has opposed the processing pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
โ right to data portability - article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without impediments , if the treatment is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from this holder to another holder if this is technically feasible;
โ right to object - article 21 GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court.
โ right not to be subjected to an automated decision-making process - article 22 GDPR: the interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which affects similarly significantly on your person, unless this is necessary for the conclusion or execution of a contract or you have given your consent. In any case, an automated decision-making process cannot concern your personal data and you can at any time obtain human intervention from the data controller, express your opinion and contest the decision.
โ right to lodge a complaint with the Guarantor Authority for the protection of personal data: http://www.garanteprivacy.it ;
โ revoke the consent given on every occasion and with the same ease with which it was provided without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
The above rights may be exercised, against the Data Controller, by contacting the references indicated in point 1 above.
The exercise of your rights as an interested party is free in accordance with article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller could charge a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.
Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the interested party.
โ RIGHT OF WITHDRAWAL:
The interested party has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent before the withdrawal.
โ RIGHT TO COMPLAINT:
At any time, the interested party has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, www.garanteprivacy.it
|
Date: 03/05/2021
|
|