Purpose and principles of the data processing
In compliance with legal data protection obligations, this page describes the methods used to manage the website to process the personal data of users browsing the website and interacting with the web services that can be accessed electronically from the address: www.venetacucine.com.
VENETA CUCINE will use your personal data to manage access to the portal and to the services that it contains, manage technical dossiers, perform all the tasks that are necessary or useful for constantly improving the service provided and ascertain responsibility for offences committed against the website and/or illicit acts committed via the website. Further specific purposes for which the individual processing is used can be defined in detailed by additional notices provided in connection with the various services on the portal.
Consulting the website can involve processing data on identified or identifiable persons. The personal data provided by the users who consult the website are used by the recipient of the communication in order to respond to the requests received.
The advisory notice shown below consists of a series of aspects which can be consulted. The user can open the paragraphs using the arrow.
To read or print the entire advisory notice click here.
Type of data
The web forms on the websites never ask you for “particular” personal data (personal data that reveal racial and ethnic origin, religious, philosophical or other types of belief, political opinions, membership of parties, trade unions, religious, philosophical, political or trade union associations and personal data that may reveal the state of health or sexual orientation) or “judicial” personal data (criminal record data or data relating to you as a defendant or person under criminal investigation, etc). The data that we process can fall into three general categories: browsing data, data supplied actively by the data subject and data gathered from third parties.
When (also via smartphone or tablet) you access this website and use our services, the IT systems and the software procedures used to run the website acquire during normal operation certain information about you that can be classed as "personal data" that are implicit in the use of Internet communication protocols.
These data include the hardware model, the operating system and version, information on the mobile network and on the country from which the website was accessed, the time of the request, the method used to send the request to the server, the access time, the size of the file obtained in reply, the numeric code showing the status of the reply given by the server (successful, error, etc), the browsing history within the website with particular reference to the pages visited and other parameters relating to the operating system and to the user's IT environment (browser used, version, geographic position, last page visited before accessing the services of the VENETA CUCINE SPA website) and the unique device identifiers (e.g. IP address or dominion names of the computers used by the users, the URI (Uniform Resource Identifier) address, and the MAC (Media Access Control) address.
This information is not collected to be assigned directly to identified data subjects, but by its nature the information could in theory enable the users to be identified by processing and linking it to data held by third parties (in particular, third-party providers of Internet connectivity services).
But we use these data only to obtain aggregate and anonymous statistical information on the use of the website to better understand the user's browsing behaviour in order to offer the user a better browsing experience, to enable the technical functions of the website, to control and optimize its operation, to improve the quality of the services that it offers and ensure the maintenance of the relative database and support IT infrastructure.
After being processed anonymously, these browsing data are erased within 12 months of being collected.
The browsing data can also be used to ascertain responsibility in the case of offences committed against the website (malware attacks, spamming, unauthorized access to IT systems, etc) and in this case the browsing data are kept for as long as necessary to protect the rights of the company and/or third parties.
- information sent by the users optionally and voluntarily to the addresses shown on the website (e.g. email address, subject of the email, company title or name, first name and surname, etc);
- the personal data supplied by the users to take advantage of the services available on the website or to take part in initiatives promoted by the website;
- the personal data supplied by users who request alerts and/or publicity;
- the personal data supplied by users who send in job applications (“curriculum vitae”, etc.).
Processing may or may not use electronic instruments in accordance with principles of propriety, legality and transparency so as to protect at all times the confidentiality and rights of the data subject in accordance with current legislation.
Purposes of the processing
a) fulfilling user’s support and contact requests e.g. regarding the dispatch of publicity or clarifications (newsletters, replies to enquiries, notices, price lists, other documentation, etc),
b) providing the service or supplying the product requested by the user and organizing all the management and production activities that are required for the supply (including dealings with suppliers and management of payments by credit card, bank transfer or other methods),
c) meeting the obligations set by law, regulations and/or EU regulations;
d) meeting all legal obligations connected to or arising from the contractual dealings with the data subject and/or the organization to which the data subject belongs
(known as the “main purposes”)
e) The gathered data will also be processed for the purposes of:
f1) direct marketing (market research, dispatch of commercial and promotional communications, and newsletters, via any automated means of communication, email, telephone with operator, text messages, chat messages, social networks, etc.) or non-automated means of communication (ordinary post); the data will be processed only subject to the consent of the data subject (received by online and/or hard copy forms); consent is always optional (see below).
- In the case of contacts inside companies that are our customers or possible customers: first name and surname of the data subject, name of the organization and sector in which it operates, role, contact data such as headquarters of the data subject’s organization, organization’s email and telephone numbers, topics of professional or financial interest, and data subject’s attendance at events organized by us and/or our partners);
- In the case of consumers or one-person companies: first name and surname of the data subject, contact details such as place of abode or domicile, email and work or private telephone numbers, financial or material area of business, topics of professional or financial interest, data subject’s attendance at events organized by us and/or our partners).
* Profiling concerns only natural persons. Information on parties that are not natural persons is thus not covered by the privacy regulations can be accordingly freely profiled by ourselves.
Processing basic profiling does not require the prior consent of the data subject (for the reasons that are explained more fully in the next section “Legal basis of the processing”).
This task has two goals: understanding customers better, both as groups and individuals, and analyzing the efficacy of marketing to develop and update products, services and offers to suit the preferences of our target customers.
Profiling aims to align the goods and services that we offer on current and potential demand, gauge the results of specific promotions, take corrective measures to improve company results (e.g. reducing the risks of investing resources in topic areas that are of marginal interest for the target) and the efficacy of the commercial processes (e.g. by ascertaining how many of the messages and promotional communications that you received from us you actually saw and clicked on), limiting the dispatch of promotional communications that are not relevant to your probable expectations and needs or limiting dispatch via unwelcome channels).
Profiling does not exclude you from specific advantages or prevent you from freely exercising your rights with regard to the personal data that we process; in particular, it does not affect the data subject’s freedom to use our ordinary services (e.g. pre-registration on-line, purchasing services).
Legal basis of the processing
In the case of main purposes, processing is necessary, depending on circumstances, to implement precontractual measures adopted at the request of the data subject (e.g. requests for clarifications, dispatch of information or commercial offers), to perform a contract to which the data subject is a party or to comply with a legal requirement to which we are subject (e.g. to permit verification of compliance with legal and contractual obligations towards the data subject or towards third parties by the administrative and tax authorities, the board of statutory auditors or the outside auditors, etc) and/or based on the legitimate interest:
a) of our company (despite the interests and rights and fundamental freedoms of the data subject) in processing the data in order to be able to manage effectively and efficiently dealings with its users, customers and/or suppliers and in organizing the relative productive, organizational and management processes (including dealings with its own subcontractors and/or with holding companies, subsidiaries or affiliates pursuant to article 2359 of the Italian Civil Code or with companies subject to common control) in order to enable this objective to be achieved;
b) of third parties in receiving from the data controller and processing the personal data i) in order to verify compliance with legal and contractual obligations towards the data subject or third parties (for example verification by the tax authorities of compliance with tax obligations, or verification by the board of statutory auditors or the outside auditors of compliance with legal obligations, etc) or ii) to be able to manage activities connected to the request of the data controller to receive support in managing dealings with data subjects.
In the case of secondary purposes (direct marketing, basic profiling) processing is based on:
a) direct marketing to customers taking the form only of sending emails/newsletters only to promote goods and services that are similar to those that you have already purchased: based on our legitimate interest in promoting our products and/or services to current customers (so-called soft spam);
b) direct marketing to customers taking the form only of sending emails/newsletters to promote goods and services of ours that are different from those that you may have already purchased: based on your specific consent to processing for this purpose that is not subsequently revoked;
c) direct marketing to customers by automated instruments that are different from sending emails/newsletters (e.g. dispatch of text messages, social messages, instant messaging like Whatsapp etc.): based on your prior specific consent to processing for these purposes, which is not subsequently revoked;
d) basic profiling, based on our legitimate interest to have at our disposal a minimum information set for planning direct marketing both to potential and existing customers of ours;
You can give or withhold your consent, separately respectively for i) our processing and ii) our divulging data to independent third-party data controllers for the same purposes.
- In the case of main purposes, processing is necessary, depending on circumstances, to implement precontractual measures adopted at the request of the data subject (e.g. requests for clarifications, dispatch of information or commercial offers), to perform a contract to which the data subject is a party or to comply with a legal requirement to which we are subject (e.g. to permit verification of compliance with legal and contractual obligations towards the data subject or towards third parties by the administrative and tax authorities, the board of statutory auditors or the outside auditors, etc) and/or based on the legitimate interest:
Thinking behind and forms of organization of the processing
Thinking behind and forms of organization of the processing will be closely connected to the individual aims set out above. The processing will be electronic, computerized and/or hard copy. During processing, the data are subjected to protective measures activated by VENETA CUCINE in order to protect the data against the risk of unauthorized access or prohibited processing. For example, personal data managed at the computerized level can be consulted only by authorized VENETA CUCINE staff who access the various processing programmes or enter data by keying in obligatory personal passwords and who do so only within the preset limits of use.
Company staff who process the data.
The collected data are processed by our in-house delegates who need to know them in order to perform their duties (e.g. commercial department, marketing department, accounts department, company IT system maintenance technicians, etc.).
Compulsory and optional divulging data and consequences of not providing data
In the case of main purposes, it is compulsory to provide the data if they are required to comply with legal requirements and failure to provide the data will prevent the contract being signed with the data subject and/or with the organization to which the data subject belongs; in the other cases, you do not have to supply the data but in this case we cannot embark on precontractual dealings, online registration of the data subject with the website and/or the provision of services or sale of the products/services for which we require registration and/or the data to be supplied.
The non-registered user can browse the website and view only content and materials that are available without registration.
- your consent is always voluntary (is freely given or denied);
- withholding consent to processing will prevent us from processing and/or respectively divulging to third parties the data for such secondary purposes but will not interfere with our dealings with you or with your organization.
Are there cases of simplified consent or exceptions to the obligation to give consent for direct marketing purposes?
As is permitted by current legislation and in order to enable VENETA CUCINE to meet its privacy obligations in compliance with the principles of simplification (specified in the General Ordinance of the Privacy Guarantor of 15.05.2013 - “Consent to personal data processing for “direct marketing” purposes via traditional and automated contact instruments”), the consent requested by VENETA CUCINE relating to the secondary purposes of profiling and direct marketing is standard and comprehensive for all possible means used for processing for marketing purposes (electronic/computerized, hard copy), and for all possible direct marketing purposes (so consent does not have to be given for each separate marketing goal pursued).
NB: VENETA CUCINE can process personal data by using phone calls with operators and using ordinary mail for the aforesaid secondary purposes without the prior specific consent of the data subject (this does not affect the data subject’s right to oppose the processing using simplified methods and also electronically by registering in the Public Register of Oppositions (www.registrodelleopposizioni.it) as specified by Presidential Decree 178/2010) the data subject’s telephone number and other personal data on subscribers found in hard-copy and electronic directories available to the public.
If VENETA CUCINE asks you for your phone number – for direct marketing purposes – and you have given optional and specific consent for its use, VENETA CUCINE can process it even if you have registered the number with the Public Register of Oppositions because you have divulged the number and it has not been taken from public telephone directories.
Does the data subject’s consent to the data being processed for profiling and direct marketing purposes also apply to divulging the data to third parties?
VENETA CUCINE divulges some data to other companies belonging to the VENETA CUCINE Group or to third parties who by contract and because they are "data processors" are delegated to process the data (for example to transmit advertising messages) on behalf of VENETA CUCINE. These data are processed on the basis of your specific consent to marketing (including divulging to third parties for marketing purposes) that you have already given to VENETA CUCINE.
VENETA CUCINE can also, if you give further separate additional consent that is documented and expressly voluntary, have data divulged or transferred to third parties who process them as co-data controllers or independent data controllers (they are normally outside partners in the promotion of events) who use the data for direct marketing or profiling purposes).
E-books, white-paper, catalogues and other similar materials
VENETA CUCINE can make documents like for example e-books, white-paper, catalogues and other similar materials available for downloading from the website. The user is asked to provide some data and agree to processing of the data for the purposes of direct marketing in return for the right to download the document. The download thus constitutes an actual agreement between VENETA CUCINE and the interested party the subject of which is the aforesaid documentary download service and the financial consideration paid by the user consists is the value of the personal data communicated to VENETA CUCINE on the occasion by the user. This value is conventionally stated and accepted to be €2.00. Consent is thus optional (it can be freely denied), but denying consent prevents the user from using the aforesaid specific service.
The Data Controller may propose that leads and customers – whose names and surnames, e-mail addresses and registered office/addresses he already possesses – complete surveys (by answering questions) with the aim of understanding their degree of satisfaction with regard to VENETA CUCINE SPA products and services. The functionalities of our survey form do not collect data that enable the data subject to be directly or indirectly identified, who will therefore remain anonymous (i.e. the answers received by the Data Controller cannot be associated with the aforementioned identification data) and will only be used for the purposes of aggregate analysis aimed at identifying anonymous clusters of people.
The system used for sending survey forms is based on the service of the third-party provider MAILCHIMP through which the Controller receives and analyses the following limited data referring to the data subject: i) date/time the e-mail message was sent; ii) successful or failed delivery of the message to the recipient’s e-mail account, ii) successful or unsuccessful opening of the message, iii) response or failure to respond to the call to action (i.e. to the invitation from the Controller to carry out an action, namely to respond to the survey form). As mentioned however, these personal data are never associated with the form completed by the data subject.
The data subject is free not to complete the proposed survey, and failure to do so shall in no way affect the contractual and non-contractual relations between the data subject and VENETA CUCINE SPA.
- click on the “unsubscribe” button that is available to the user at the bottom of the promotional emails sent to the data subject; an email will be sent automatically to VENETA CUCINE and the name of the data subject will be registered on a list preventing VENETA CUCINE from sending any direct marketing to the data subject;
- inform VENETA CUCINE by ordinary post or email that you are revoking consent (in this case the revocation will be recorded manually in the company’s CRM system). This method of communication is always necessary if the data subject wants to express a more detailed wish, whether regarding the use of certain media and not others (e.g. only hard copy, only electronic, no marketing sent by automated systems, etc) for the receipt subject to consent of marketing communications of VENETA CUCINE, or certain types of possible marketing (opting for example to receive only newsletters and not invitations to our events);
simply send a clear telephone message to VENETA CUCINE revoking consent. When this opt-out request is received VENETA CUCINE will remove and erase the data from the databases used for processing for direct marketing purposes and, where possible, will inform any third parties to which the data have been sent for direct marketing purposes that the data have been erased.
Merely receiving a request for erasure will be automatically considered to be a confirmation of erasure.
- On the other hand, if you wish to revoke consent to receiving advertising that arrives from social channels (e.g. Facebook, Twitter, etc.), you must send the revocation directly to the individual social platform, using the methods that will be made available each time by the social platform and/or by the browser that you use (VENETA CUCINE is technically unable to influence the social platforms of third parties for this purpose).
This opposition will not affect any other current contractual activities.
Divulging data to third parties
VENETA CUCINE divulges your personal data to third-party recipients only when this is necessary and useful for the data processing purpose to be achieved of providing the service or product that you requested, and in all cases divulges your personal data only after informing you and after receiving your consent to do so if your consent is required. Divulging to third parties will always be limited to the data that are strictly necessary for the respective purposes.
Third-party recipients – who will be defined in detail below – will process the data, as appropriate, a) as “outside processors” (i.e. they process on our behalf and on the basis of our written instructions in order to ensure compliance with privacy regulations during processing and under our supervision), or b) as co-data controllers (i.e. on the basis of a written agreement governing the different activities and responsibilities in relation to personal data), or as independent data controllers (in this case they will provide the data subject with all the necessary legal information on the respective processing).
As part of the main purposes and without prejudice to communication to third parties (e.g. tax authorities) in order to meet legal obligations or obligations arising from regulations or other EU standards, the data can be communicated by VENETA CUCINE to all parties whose involvement in the processing is reasonably necessary in the light of the services requested by the data subject and/or by regulatory obligations such as, merely by way of non-exhaustive example: other holding companies, subsidiaries or affiliates of the VENETA CUCINE Group and/or to partner third-party companies performing tasks that are inherent to or complement the supply of products or services products or services requested by the data subject (e.g. dealing with enquiries, estimates, orders, contracts, after-sales services), third parties appointed to perform tasks connected and/or instrumental to the processing (such as commercial agents, banks for handling receipts and payments, business information companies, debt collection companies, credit insurance companies, electronic payment services providers, couriers, carriers and shippers, factoring companies, insurance companies, lawyers and legal practices, chartered accountants, bookkeepers, auditors and auditing firms, members of supervisory organisms pursuant to Italian legislative decree D.lgs. 231/2001 relating to organizational models for the prevention of certain types of offence, trade unions, third parties appointed to perform web hosting services and/or maintenance of this website and/or the computer systems used by this website and/or the electronic records connected to the website; carriers and shippers entrusted with the shipment of goods; call centre service companies that provide customer support during events); public security authorities and computer forensics companies in the event of suspicion of crimes or other illegal acts being committed to the detriment of VENETA CUCINE and/or third parties.
In order to make a payment to the website, an online service can be used that is supplied by the third-party supplier UNICREDIT S.P.A.
In order to complete the purchase, the user must enter the required information in the relative space (e.g. credit card). These data will be processed by the provider of the payment service – who will act as an independent data controller, without passing through the VENETA CUCINE server, which will receive only the order code issued and the payment notification.
Only in the case of processing for secondary purposes (profiling, direct marketing), pursuant to the General Ordinance of the Guarantor of 4 July 2013 entitled “Anti-spam guidelines” will we divulge your data – subject to your specific prior consent, see below – also to the following material or financial categories of third-party recipients: advertising and P.R. agencies, companies appointed to perform marketing analyses, advertising, communication and/or public relations companies, companies dealing with the design, printing and maintenance of advertising or promotional copy and/or its management on-line, website creation companies, web marketing companies, direct e-mailing companies (e.g. mail-up or the like), consultants and/or other bodies to which we assign tasks required to achieve said purposes; companies maintaining the computer systems in which they are found or by means of which our databases are processed; providers of electronic communication services and ICT; third-party commercial partners – even if they operate in productive sectors that are not including in the e-shop with which VENETA CUCINE activates co-marketing activities (e.g. VENETA CUCINE dealers, agents).
VENETA CUCINE can also share some data (first name, surname, email) with third-party platforms of social media (e.g. Facebook, Google) that use them for the sole purpose of identifying other persons who are similar to the user who could be interested in VENETA CUCINE services and/or products, so that they can be publicized by the social media platforms.
The data will not be divulged.
Transfer of data outside Italy
VENETA CUCINE transfers personal data to Microsoft Corporation, located at 1 Microsoft Way, Redmond, WA 98052, USA, which is the provider of the individual productivity Cloud application service (known as “Office 365”), to perform contractual obligations to the customer (e.g. managing emails or drafting documents) and/or comply with connected legal obligations.
As indicated expressly in Annex 1 to the Conditions for Using Online Services, with reference to the service Office 365, Microsoft undertakes to store inactive data of the company processed by VENETA CUCINE as follows: “if the Company carries out provisioning of its tenant (…) in the European Union, Microsoft will store the following inactive data of the Company only within that geographical area: (1) the content of the Exchange Online mail box (body of the email message, calendar items and content of the email attachments), (2) content of the SharePoint Online website and the files stored on the website and (3) the files loaded onto OneDrive for Business.” These data are thus not transferred to the USA and the transfer is of a merely occasional kind.
It is nevertheless possible that other inactive data, in particular data that are different from those indicated, will be transferred from the EU to the USA for the service under examination and that the frequency of the transfer is not occasional.
In this eventuality, VENETA CUCINE applies appropriate guarantees consisting of signing – automatically when the service is activated – standard contractual clauses (CCS), by which the supplier undertakes to process the data for which he is responsible in compliance with privacy obligations that are substantially equivalent to those specified by the GDPR by which VENETA CUCINE abides. These standard contractual clauses were submitted beforehand by Microsoft to the Working Party in compliance with article 29 of the European Union and received the relative approval.
In the light of the US regulations to which the European Court of Justice refers in the Schrmes ruling of 16.07.2020 (or art. 702 of FISA and Executive Order EO 12333), which allows the American public authority to access personal data transferred from the EU to the USA for national security reasons, which is applicable to any electronic transfer to the United States, regardless of the instrument used for this operation, it cannot be ruled out with complete certainty in abstract terms that there is a risk that in occasional situations the American public authority will access the data. Nevertheless, on the basis of common experience, in view of the limited scope of the VENETA CUCINE service to the customer, the type of personal data processed and the limited categories of data subjects to which the data refer, the concrete possibility that there is public interest in gaining such sporadic access to the data (of which Microsoft by law might not inform the data controller), appears to be objectively limited.
As the standard contractual clauses, without prejudice to the aforesaid exceptional and improbable eventuality of access being gained by the American public authority, reasonably guarantee protection of the rights of the data subjects that is substantially identical to that provided by the GDPR, VENETA CUCINE does not at present deem it necessary to agree any additional measures with the supplier Microsoft (an eventuality that is envisaged by the cited ruling of the European Court of Justice). VENETA CUCINE will inform the customer of any supplementary measures.
Similar considerations apply to the supplier of the video conference service used by the data controller: Cisco Systems, Inc., located at 170 West Tasman Dr. San Jose, CA 95134 USA.
Interaction with social network
From the pages of the website, direct interactions with the social networks are possible. If an interaction service with the social networks has been installed, even if users do not use services offered by the website the website may gather data on activities on the pages on which it is installed and other information on the user.
Our company can share certain data (first name, surname, email) with third-party suppliers of social media platforms (e.g. FACEBOOK, GOOGLE, INSTAGRAM, etc.) that use them to identify other people who are similar to the user who could be interested in VENETA CUCINE services and/or products, so as to advertise them via the platforms of social media. The operations of gathering and communicating these data to the aforesaid social media platforms are conducted together by the co-data controllers VENETA CUCINE and the suppliers of the aforesaid platforms.
If an interaction of the website users with the Facebook page (the “Page”) of the administrator of the Page (VENETA CUCINE) and the contents associated with the Page activates the creation of an event for Insights of the Page that comprises personal data for the processing of which the administrator of the Page (and/or other third parties for whom the user creates or administers the Page) causes the means and the purposes of the processing together with Facebook Ireland Limited, the administrator of the Page in his own right (and as an agent of third parties, on behalf of such third parties), the Annex on the data controller for Insights of the Page ("Annex for Insights of the Page") applies, which contains a co-data controller agreement between Facebook and VENETA CUCINE.
In particular, for processing personal data for Page Insights ("Insight Data") the co-data controller status covers the creation of such events and their inclusion in the Page Insights supplied to the Page administrators.
The co-data controller agreement between VENETA CUCINE and FACEBOOK Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook Ireland") can be seen on the following link.
For other processing of personal data in relation to a Page and/or to the content associated therewith for which there is no joint determination of the purposes and means and no resulting co-data controllorship, Facebook Ireland and, according to circumstances, the Page administrator, remain separate and independent data controllers.
In interactions of the website users with the pages of social media platforms other than Facebook, the data are basically shared between VENETA CUCINE and the third-party supplier of the social platform in the same way as with Facebook.
The interactions and the connected information on the data subject acquired from this website are subject to the user’s privacy settings for each social network.
Duration of the processing
In the case of processing for main purposes, the personal data are processed for the entire duration of the precontractual and/or contractual dealings with the data subject, in particular:
a) in the precontractual phase, for the time necessary to manage the requests of the data subject that have reached the company (e.g. requests for documentation, brochures, information, etc.) and to track the successful outcome of the company’s replies; and subsequently until you announce your opposition to the processing for the above purposes;
b) in relation to the contract signed with the data subject, for the entire duration of the contractual dealings with the data subject; and
c) after the termination of the contract with the data subject for the time required to meet the legal obligations connected with the terminated contract (in particular demonstrating compliance with fiscal and civil law obligations to the supervisory authority) and until the deadline passes for civil actions for damages due to the data subject pursuant to art. 2946 of the Italian Civil Code for: 10 years from termination of the contract).
The personal data are processed for IT security purposes (e.g. log records), are kept for the time necessary to perform the relative security checks and to evaluate the results (1 year from the moment of collection).
In the event of a dispute with the data subject and/or with third parties before or outside a court of law, the data will be processed for all the time strictly necessary and sufficient to fully protect the data controller’s rights.
Data processing for secondary purposes (marketing and profiling) as described above, shall continue:
a) if you are not already one of our customers until you revoke the consent that you had previously given for the above purpose; or
b) if you are already one of our customers until you communicate your opposition to the processing for the aforesaid purposes.
The data controller of the personal data is VENETA CUCINE SPA located in Via Paris Bordone, 84 – Biancade (TV), e-mail: firstname.lastname@example.org.
The data subject can apply in writing to consult at the company a complete up-to-date list of external data processors.
Rights of the data subject
- ask for confirmation that personal data concerning you are or are not being currently processed and in this case accessing the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipient to which the personal data have been or will be divulged, in particular if they are recipients of other countries or international organizations;
d) when possible, the scheduled period of storage of the personal data, or if this is not possible, the period used to determine this period;
e) the existence of the data subject’s right to ask our company to rectify or erase the personal data or limit the personal data processing concerning the data subject or to oppose the processing of the personal data;
f) the right to lodge a complaint with a supervisory authority; if the data are not collected from the data subject, all the information available on the origin of the data;
g) the existence of an automated decision-making process, comprising profiling and, at least in these cases, significant information on the reasoning used and the importance and the envisaged consequences of this processing for the data subject.
- If the personal data have been transferred to a third-party or to an international organization, the data subject is entitled to be informed of the existence of appropriate guarantees in relation to the transfer
- request, and obtain without unjustified delay, rectification of the incorrect data; taking account of the purposes of the processing, completion of the incomplete personal data, also by supplying a supplementary declaration;
request erasure of the data if
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject revokes consent to the processing and there is no other legal foundation for the processing;
c) the data subject opposes the processing, if there is no overriding legitimate reason for proceeding with the processing or the data subject opposes the processing for direct marketing purposes (including the profiling required for this direct marketing);
d) the personal data have been processed illicitly;
e) the personal data have to be erased to comply with legal obligations under EU law or the law of a member state to which our company is subject;
f) the personal data have been collected that relate to the offer of services of the information company from the database of our company;
- request limitation to the treatment that concerns you when one of the following eventualities occurs:
a) the data subject challenges the accuracy of the personal data; in this case, the limitation to the treatment (i.e. the suspension of the treatment) can occur for the period that is necessary for our company to check the accuracy of the personal data;
b) the processing is illicit (for example because the data subject was not given the legal notice beforehand) and the data subject opposes the deletion of the personal data (i.e. prefers that we store them amongst our hard copy and/or electronic records) and instead asks for their use to be limited as specified above;
c) although our company no longer requires the personal data for processing purposes, the personal data are necessary to the data subject for ascertaining, exercising or defending a right in a court of law;
d) the data subject opposed the processing for direct marketing purposes, whilst waiting for it to be ascertained that our company has legitimate grounds that override those invoked by the data subject;
- obtain from our company, upon request the communication of third-party recipients to whom the personal data were transmitted;
- revoke at any moment consent previously given to processing your personal data for one or more specific purposes, it remaining understood that this will not jeopardize the legality of the processing based on consent given prior to the revocation
receive in a structured format, that is in common use and can be read by an automatic device, the personal data that relate to the data subject that the data subject supplied to our company and, if technically feasible, have these data transmitted directly to another data controller with hindrance by our company if the following (cumulative) circumstance recurs:
a) processing is based on the consent of the data subject for one or more specific purposes or on a contract to which the data subject is a party and for the performance of which processing is necessary; and
b) processing is performed with automated means (software) (general right to so-called “portability”);
the exercise of the so-called portability right protects the right to erasure specified above;
- not be subject to a decision based only on automated processing, including profiling, that has legal effects on the data subject and similarly affects significantly the person of the data subject. NB: Our company does not take any automated decision of the aforesaid type.
- lodge a complaint with the competent supervisory authority on the basis of the GDPR (for the place of residence or domicile). In Italy: Garante per la protezione dethe personal data, Piazza Venezia n. 11, 00186 ROMA (email@example.com, tel. +39 06 69677.1, fax +39 06 69677.3786).
- ask for confirmation that personal data concerning you are or are not being currently processed and in this case accessing the personal data and the following information:
Amendment to policy