(complying with art. 13 of General data protection regulation EU 2016/279 GDPR)
- Data that you voluntarily shared with the Company: we can collect your personal data (such as name, surname, e-mail address, home address, phone number, etc.) if you forward a request via the contact form available on the Website or if you want to use the Services we provide;
- Information from other sources. The information collected can be supplemented with data from other sources, for example information accessible to the public and commercially available.
- Special categories of personal data: we expressly ask you not to send or disclose via the Website, the Services or in other ways the information belonging to special categories of personal data (such as social security numbers, information on the race or ethnic origin, political opinions, religious or other beliefs, health, criminal records or trade union membership).
- To enable you to use the Website or the Services;
- To assess and improve our Services and their features;
- To improve the user experience during browsing of the Website and use of the Services;
- To provide assistance to customers and answer any questions;
- To comply with legal obligations (including the provision of services) or to answer requests from public authorities;
- To protect the rights of the Company or third parties; in particular, in some cases the Company may disclose personal data in situations in which it believes in good faith that such processing is necessary: (i) to protect, assert or defend the legal, privacy, security or property rights of the Company or of its employees, agents and contractors (including the enforcement of our contracts and conditions of use); (ii) to protect the security and privacy of the users of the Website or Services and of other people; and (iii) to protect from frauds or for risk management purposes;
- with your voluntary consent, to send you promotional and marketing communications via automated (e-mail) and non-automated means (phone calls with operator or ordinary mail);
- with your voluntary consent, to understand your preferences and personal choices to always offer your favourite services;
- with your voluntary consent, to share your data with trusted trading partners to allow them to send you commercial messages.
- paragraph 3, letters from a) to d) of this Policy is necessary for the management of the Website and the provision of the Services;
- paragraph 3, letter e) of this Policy is mandatory pursuant to the applicable laws in force;
- paragraph 3, letter f) of this Policy is based on the Company’s legitimate interest, according to the cases;
- paragraph 3, letters g), h) and i) of this Policy is carried out based on the user’s voluntary consent and, if possible, on the Company’s legitimate interest.
- the data collected for the purposes described in paragraph 3, letters from a) to d) are retained for the period strictly necessary for the use of the Website or Services;
- the data collected for the purposes described in paragraph 3, letter e) are retained for ten (10) years to satisfy the requests of the data subjects and to comply with the applicable laws and rules, including regarding the Services;
- the data collected for the purposes described in paragraph 3, letter f) are retained for the period strictly necessary to pursue the Company’s legitimate interest;
- the data collected for the purposes described in paragraph 3, letters g) and h) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and, in any case, for no longer than [2 years];
- the data collected for the purposes described in paragraph 3, letter i) are retained for the period strictly necessary to achieve the purposes for which they were initially collected and according to what established by the recipients of those data.
- Third service providers who are in charge of processing activities and are liable or sub-liable of the processing duly appointed if requested by the applicable laws (e.g. providers of cloud services, providers of essential services or support Services - and therefore, by way of example and not exclusively, the company providing IT services, consultants and lawyers, companies deriving from possible mergers, splits or other change);
- Competent national authorities complying with the applicable law;
- Trusted trading partners with the prior explicit consent of the data subjects.
- Are personal data transferred abroad?
- request access to personal data regarding them and obtain copy thereof;
- obtain the rectification of incorrect personal data regarding them;
- request the erasure of personal data regarding them;
- obtain the restriction of the processing of the personal data regarding them;
- receive the personal data regarding them in a structured format that is commonly used and readable by an automatic device to exercise the portability right;
- oppose to the processing of personal data regarding them;
- oppose, for reasons connected to the specific situations of the data subjects, to the processing of personal data regarding them to pursue the legitimate interest of the Data Controller or of third parties. In this case, the Data Controller shall refrain from further processing personal data, unless one can prove the existence of compulsory legitimate grounds for performing the processing that prevail over the interests, rights and freedoms of the data subjects, or for asserting, exercising or defending a right in judicial proceedings;
- to withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal.