version n.2 dated 03-05-2021
With this document ("Information") the Data Controller, as defined below, wishes to inform you on the purposes and methods of processing your personal data and on the rights granted to you by Regulation (EU) 2016/679 relating to the protection of natural persons, with regard to the processing of personal data and their free movement ("GDPR"). This Information may be integrated by the Data Controller where any additional services requested by you should involve further processing.
OWNER OF THE TREATMENT
Francesca Acanfora VAT number: 15981871005 with headquarters in Via Edita Broglio, 27 - 00125 Rome, Italy, Email: amministrazione@atelierdelbarboncino.it
TYPES OF DATA PROCESSED
The processing activities carried out are aimed at acquiring the following personal data:
Category |
Guy |
Common data |
Personal data |
Common data |
Navigation logs |
Common data |
Profiling cookies |
Economic data |
Tax them |
CATEGORIES OF INTERESTED PARTIES
The processing activities carried out are aimed at the following categories of data subjects:
Category |
Individuals. |
PURPOSE OF THE TREATMENT AND CONDITION WHICH MAKES THE TREATMENT LEGAL
The processing of personal data is necessary for the fulfillment of obligations established by laws, regulations and/or community regulations, by supervisory/control bodies or by other legitimate authorities, such as for example administrative, accounting and tax obligations.
The data you provide will be processed for the following purposes:
Condition Lawfulness Treatment |
Purpose |
Description |
Legal Obligation - Art. 6, c.1, let. c. GDPR |
Conservation of documents in paper form. |
Conservation of accounting and administrative documents in paper form. |
Legal Obligation - Art. 6, c.1, let. c. GDPR |
Storage of documents in digital form. |
Conservation of accounting and administrative documents in digital form. |
Legal Obligation - Art. 6, c.1, let. c. GDPR |
Storage of invoices issued/received. |
Digital storage of invoices issued/received (electronic invoicing). |
Nature of the contribution: Mandatory
Consequences of refusing to provide data: Failure to provide data will make it impossible for the Data Controller to execute the contract.
Personal data retention period: Personal data will be processed for this purpose for the time necessary to fulfill the legal obligations established by current legislation. In this regard, personal data will be kept for 10 years starting from the termination of the contract or, if later, from a binding decision issued by a competent authority, without prejudice to any conservation obligations relating to particular categories of data, for longer periods of time, prescribed by the legal system.
Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing
Type of data processed: common and economic data
Processing methods: The processing is mainly performed with IT tools.
Information on minors: data of minors will not be processed
Transfer to third countries: data will not be transferred outside the EU
The Data Controller intends to process your personal data in order to send commercial communications of the Data Controller's products and services, including direct marketing through the use of instant messaging services such as WhatsApp, Messenger, Telegram, social media, also using traditional or electronic means such as for example the inclusion in the newsletter or the sending of emails, or for the transmission of commercial offers promoted by the Data Controller. Transmission of newsletters concerning similar products already purchased by customers.
The data you provide will be processed for the following purposes:
Condition Lawfulness Treatment |
Purpose |
Description |
Consent - Art. 6, c.1, let. to. GDPR |
Newsletter transmission. |
Transmission of commercial newsletters to the e-mail addresses of customers and/or potential customers. |
Consent - Art. 6, c.1, let. to. GDPR |
Transmission of Instant Messages. |
Transmission of instant messages using tools such as SMS, Whatsapp, Telegram. |
Nature of the provision: Optional
Consequences of refusal to provide data: Failure to provide data will make it impossible for the interested party to receive messages relating to promotions offered by the Data Controller
Personal data retention period: The deleted data will be deleted immediately following the termination of the contract or revocation of consent.
The data relating to prospects, for which the contract will not be finalized, will be canceled within 24 months of registration.
Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing.
Type of data processed: common data
Processing methods: The processing is mainly performed with IT tools.
Information on minors: data of minors will not be processed
Transfer to third countries: Data will not be transferred outside the EU
3. Browsing and Web data Obtain anonymous statistical information on use, check the correct functioning of the site, ascertain responsibility in the event of hypothetical computer crimes against the Owner. The data you provide will be processed for the following purposes:
Nature of the contribution: Mandatory Consequences of refusing to provide data: Failure to provide data will make it impossible for the company to provide the web service provided. Personal data retention period: The data is kept for 30 days. Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing Type of data processed: common data Methods of Treatment: The treatment is performed with IT tools. Information on minors: data of minors will not be processed Transfer to third countries: Data will not be transferred outside the EU |
||||||||||||
Processing connected to the management of customer care activities on the web, such as for example: managing responses to requests sent via form, commenting on a facebook post or managing a problem reported online. The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are necessary for the use of web services.
The data you provide will be processed for the following purposes:
Condition Lawfulness Treatment |
Purpose |
Description |
Legitimate Interest - Art. 6, c.1, let. f. GDPR |
Fulfill user requests |
The interest of the owner and of the interested party in processing personal data is legitimate for the purpose of fulfilling requests received via the web |
Nature of the provision: Optional
Consequences of refusal to provide data: Failure to provide the requested data will make it impossible for the Data Controller to provide services and satisfy requests received from social channels (Facebook, Instagram, etc.) and will not allow the Data Controller to use personal data to respond to questions from the interested party.
Personal data retention period: The data collected will be processed for the time strictly necessary for the achievement of the purposes described above, as specified in the reference policies of the social channels used. Personal data will be actively processed for the time necessary to manage the existing relationship. The information collected will be deleted within 60 days.
Public Posts shared independently on web platforms may be deleted according to the rules provided by the manager (facebook, instagram, youtube, etc) or by making a request to the Data Controller.
Minimum data protection measures: The minimum security measures are described in the Technical Annex to the Organizational Model present at the headquarters of the Data Controller, a copy of which can be requested for viewing
Type of data processed: common data
Methods of Treatment: The treatment is performed with IT tools.
Information on minors: Data of minors will not be processed
Transfer to third countries: Data will not be transferred outside the EU
Remarketing
Use of the Google AdWords and Facebook advertising platforms to advertise the products/services offered by the Data Controller on third-party websites.
The remarketing activity could consist in conducting advertising campaigns, carried out on the Google search results page, on a site in the Google Display Network (Google Adsense) or within the Facebook social network, aimed at site visitors who they will have granted consent for this purpose.
Third party vendors, including Google and Facebook, use cookies to serve ads based on previous visits to our website. Of course, all data collected will be used in accordance with our privacy policy, as well as the privacy policies of Google and Facebook.
You can object to remarketing advertising campaigns via the following links:
for Google:
- https://support.google.com/ads/answer/2662922?hl=it
- https://adssettings.google.com/authenticated?hl=en#display_optout
for Facebook:
https://www.facebook.com/ads/website_custom_audiences/
The data you provide will be processed for the following purposes:
Condition Lawfulness Treatment |
Purpose |
Description |
Consent - Art. 6, c.1, let. to. GDPR |
Use of cookies for remarketing activities |
Use of cookies for the configuration and management of advertising campaigns carried out on the facebook platform and google display network. |
Nature of the provision: Optional
Consequences of refusing to provide data: Failure to provide consent will make it impossible for the Data Controller to promote products/services on third party sites other than that of the Data Controller.
Personal data retention period: The period of use of the remarketing cookie, used by this site, is 30 days for google adwords and 30 days for the social network Facebook.
Minimum Data Protection Measures: Standard Protection Measures
Type of data processed: common data profiling cookies
Processing methods: The data will be processed mainly with IT tools
Information on minors: data of minors will not be processed
Transfer to third countries: data will not be transferred outside the EU.
E-Commerce site
The data controller intends to use your data in order to send the products purchased on the website.
The data you provide will be processed for the following purposes:
Condition Lawfulness Treatment |
Purpose |
Description |
Contract execution - Art. 6, c.1, let. b. GDPR |
Ship products requested on the website via e-commerce. |
In order to be able to satisfy customer requests, it is necessary to use personal data. |
Nature of the contribution: Mandatory
Consequences of refusal to provide data: In the event of revocation it will not be possible for the data controller to send the products purchased on the website.
Personal data retention period: Personal data will be processed for this purpose for the time necessary to fulfill the legal obligations established by current legislation.
In this regard, personal data will be kept for 10 years starting from the termination of the contract or, if later, from a binding decision issued by a competent authority, without prejudice to any conservation obligations relating to particular categories of data, for longer periods of time, prescribed by the legal system.
Minimum Data Protection Measures: Standard Protection Measures
Type of data processed: common data profiling cookies
Processing methods: The data will be processed mainly with IT tools
Information on minors: data of minors will not be processed
Transfer to third countries: data will not be transferred outside the EU.
RECIPIENTS OF THE TREATMENT
Role |
Recipient or Recipient Category |
Economic sector |
Responsible for the treatment |
Hosting Service Providers |
Web |
Responsible for the treatment |
Webmasters |
Communication |
Responsible for the treatment |
Administrative and Fiscal Consulting |
Financial advisor |
Data Controller |
Legal representative |
Legal representative |
RIGHTS OF THE INTERESTED PARTY - COMPLAINT TO THE SUPERVISORY AUTHORITY
Date: 03/05/2021 |
||
Thanks for subscribing!
This email has been registered!