Il Ceppo S.r.l. (Tax Code and VAT number / Tax Code: 01712200243), registered office at Corso Andrea Palladio 196, Vicenza 36100 Italy – Tel. 0444-945059, e-mail info email@example.com, PEC firstname.lastname@example.org
(hereafter, “Owner”), as the data controller, informs you in accordance with Art.13 EU Regulation No. 2016/679 (hereafter, “GDPR”) that your data will be processed in the following manner and for the following purposes:
1) Object of the agreement
The Data Controller processes personal, identifying, and non-specific data (eg. name, surname, e-mail, telephone number – hereinafter, “personal data” or “data”) provided by you during subscription to the Owner’s website, contact list, and/or newsletter.
2) Purpose of the agreement
Your personal data may be processed:
A) Without your express consent (Article 6 letter b and f, GDPR), for the following Service purposes:
- Managing and maintaining the website;
- Managing requests made by you;
- Fulfilling the pre-contractual and contractual obligations of which you are a party;
- Fulfilling obligations established by law, regulation, community legislation, or order of Authority;
- Preventing or discovering fraudulent activity or abuse harmful to the website;
- Exercising the rights of the Data Controller, for example the right of defense in court for the protection of legitimate interests connected to the contractual or pre-contractual relationship.
B) Only with your express consent:
- sending newsletters and commercial communications on products/services offered by the Data Controller via e-mail. We point out that if you are already our customer, we may send you commercial communications relating to the Controller’s services and products similar to those you have already used, without prejudice to the revocation of consent.
3) Processing methods
The processing of your personal data is to be carried out by means of the operations indicated (art. 4 n. 2, GDPR), to which reference is made. Your personal data is processed with paper/electronic tools.
The Data Controller will process personal data for the duration of time necessary to fulfill the aforementioned purposes and as required by law, no more than 2 years from the collection of data and/or last contact, for marketing purposes or until the withdrawal of consent.
4) Data access
Your data may be made accessible:
- to Data Controller employees and collaborators, in their capacity as persons in charge, and/or internal processing managers and/or system administrators;
- to external companies for the storage of personal data, or to third parties for website management and maintenance, suppliers, credit institutions, professional firms, etc., to perform activities on behalf of the Data Controller as external managers of the agreement.
5) Data communication
Without your express consent, the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, as well as all other subjects to whom communication is mandatory by law for the accomplishment of the aforementioned purposes. In any case, your data will not be subject to disclosure.
6) Data transfer
There is no transfer outside the EU. Should this be necessary, the Data Controller ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
7) Nature of data provision and consequences of refusal to respond
Apart from the personal data that you undertake to provide us contractually or that you must provide us by law (the failure of which may determine legal liability), any other provision of personal data by you is purely optional (e.g. sending non-binding requests, site navigation). The only consequence of failure to provide optional data is the inability to provide or perform the requested services.
8) Rights of the concerned party
The concerned party possesses the rights referred to in Article 15 of the GDPR:
- Access (Article 15 of the GDPR): you may contact us to find out if your personal data is being processed and any legal information regarding such processing;
- Rectification (Article 16 of the GDPR): the correction of inaccurate or incomplete data;
- Cancellation (Article 17 GDPR): obtain the cancellation of personal data, in cases of law;
- Limitation (art.18 GDPR): obtain the submission of data to storage only, with the exclusion of other activities, in the cases of law;
- Portability (Article 20 GDPR): obtain data in a structured format, commonly used and readable by an automatic device and also obtain direct transmission to another data controller, in the cases of law;
- Opposition (Article 21 of the GDPR): right to stop further processing of personal data for reasons connected with your particular circumstances, without prejudice to binding legitimate reasons, in the cases of law.
- Withdrawal of consent (Article 7.3 GDPR): right to withdraw consent at any time. For your guarantee, we have not provided consents on our site. Furthermore, none of our processing is based on consent. The legal bases on which we operate are: contract and pre-contractual measures, legal obligation, and legitimate interest. We do not carry out agreements with automated decision-making processes or profiling towards customers and users of the site.
Complaint before the Guarantor. You are entitled to file a complaint with competent authority for the protection of personal data. We remind you that the complaint, pursuant to art. 77.1 GDPR, can be promoted by the concerned party to the Authority of the concerned party’s residential or workplace, or where the alleged violation has occurred. The possibility of referring to the Judicial Authority is reserved.
9) How to exercise these rights
You can exercise these rights at any time by sending:
- a registered letter addressed to: Il Ceppo S.r.l. Corso A. Palladio 196, Vicenza 36100
- An e-mail to the address email@example.com;
- A certified email to firstname.lastname@example.org
This site and the Controller’s services are not intended for minors under the age of 18 and the Controller does not collect intentionally personal information relating to minors. In the event that information about minors is unintentionally registered, the Data Controller will delete it in a timely manner, at the request of the users.
11) Owner, manager, and appointees
The updated list of data processors and persons in charge of processing is kept at the headquarters of the agreement Holder.
12) Changes to this Information
This information may be subject to changes. It is therefore advisable to regularly check this Statement and to refer to the most updated version.