The purpose of this document is to inform the individual person (hereinafter the “Data Subject”) about the processing of his/her personal data (hereinafter “Personal Data”) collected by the data controller, Virgan s.r.l, with registered office in Corso Vinzaglio Torino 16, 10100, Tax Code/VAT number 03660490040, e-mail address firstname.lastname@example.org, (hereinafter the “Data Controller”), through the website www.fioccodineverelais.com (hereinafter the “Application”).
1 Categories of Personal Data processed
The Data Controller processes the following types of Personal Data provided voluntarily by the Data Subject:
● Contact data: name, surname, address, e-mail, telephone, pictures, authentication credentials, any further information sent by the Data Subject, etc.
● Tax and payment details: tax code, VAT number, credit card details, bank account details, etc.
Failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or if they are a necessary requirement for the conclusion of the contract with the Data Controller, will result in the Data Controller being unable to establish or continue the relationship with the Data Subject.
The Data Subject who communicates to the Data Controller the Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
2 Cookies and similar technologies
3 Legal basis and purpose of processing
The processing of Personal Data is necessary:
● for the execution of the contract with the Data Subject, namely:
- fulfilment of any obligation arising from the pre-contractual or contractual agreement with the Data Subject
- payment management: to manage payments by credit card, wire transfers, or other methods
● by legal obligation, namely:
- the fulfilment of any obligation under the applicable rules, laws and regulations, especially regarding taxation and fiscal matter
● on the basis of the Data Controller’s legitimate interest, for:
- e-mail marketing of the Data Controller's products and/or services in order to directly sell the Data Controller's products or services using the e-mail provided by the Data Subject in the sale of a product or service similar to the one being sold
● on the basis of the Data Subject’s consent, for:
- profiling of the Data Subject for marketing purposes: to provide the Data Subject with information on the Data Controller's products and/or services by means of automated processing aimed at collecting personal information in order to predict or assess the Data Subject's preferences or behaviours.
- Marketing of the Data Controller's products and/or services: to send commercial and/or promotional information or materials, to carry out direct sales of the Controller's products and/or services or to carry out market research using automated and traditional methods.
The Data Subject's Personal Data may also be used by the Data Controller to protect itself in proceedings before the authorised courts.
4 Methods of processing and recipients of Personal Data
The processing of Personal Data is carried out by means of paper and computer tools with organisational methods and logics strictly related to the purposes indicated and by adopting appropriate security measures.
Personal Data are processed exclusively by:
● persons authorised by the Data Controller to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
● subjects that operate independently as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes set out in this policy (for example, business partners, consultants, IT companies, service providers, hosting providers);
● persons or entities to whom the Personal Data must be disclosed by law or by order of the authorities.
The entities listed above are required to use appropriate safeguards to protect the Personal Data and may only access the Personal Data that are necessary to perform the tasks they have been assigned.
Personal Data will not be disseminated indiscriminately in any way.
Personal Data will not be transferred outside the territory of the European Economic Area (EEA).
6 Personal Data storage period
Personal Data will be kept for the period of time necessary to fulfil the purposes for which they were collected, especially:
● for purposes regarding the execution of the contract between the Data Controller and the Data Subject, they will be kept for the entire duration of the contractual agreement and, after termination, for the ordinary limitation period of 10 years. In the case of legal disputes, for the entire duration of the dispute, until the time limit for appeals has expired.
● for purposes relating to the legitimate interest of the Data Controller, they shall be kept until the fulfilment of that interest.
● for the fulfilment of a legal obligation, by order of an authority and for legal protection, they shall be retained in accordance with the timescales provided for by such obligations, regulations and in any case until the expiry of the limitation period provided for by the rules in force.
● for purposes based on the consent of the Data Subject, they will be stored until the consent is revoked.
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.
7 Rights of the Data Subject
Data Subjects may exercise certain rights regarding the Personal Data processed by the Data Controller. The Data Subjects have the right to:
● be informed about the processing of their Personal Data
● withdraw consent at any time
● limit the processing of their own Personal Data
● object to the processing of their own Personal Data
● access their Personal Data
● verify and request the rectification of their Personal Data
● obtain the processing limitation of their own Personal Data
● obtain the deletion of their Personal Data
● transfer their Personal Data to another data controller
● file a complaint with the supervisory authority for the protection of their Personal Data.
Per esercitare i propri diritti, gli Interessati possono indirizzare una richiesta al seguente indirizzo e-mail email@example.com. Le richieste saranno prese in carico dal Titolare immediatamente ed evase nel più breve tempo possibile, in ogni caso entro 30 giorni.