INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO REGULATION (EU) N. 2016/679
Biondini Chiara or "Owner", pursuant to article 13 of the 2016/679 European Regulation (GDPR), offers the user, hereinafter also "interested" or "applicant", the following information containing transparent indications in compliance with the principles therein sanctioned. This information is valid only in relation to the processing of personal data of those who browse the website www.namagioielli925.com
1. DATA CONTROLLER
The data controller is Biondini Chiara DI based in Arezzo - Via G. Ferraris 52 VAT number 02417420516, which can be contacted at the following addresses, email info@namagioielli925.com, hereinafter also the "Owner"
The interested party can contact the Data Controller at any time to exercise their rights as specified in this document.
2. PURPOSE AND LEGAL BASES OF THE PROCESSING - NATURE OF DATA CONFERENCE - DURATION OF TREATMENT
Personal data are processed for the following purposes:
Allow the customer to send us inquiries about our products. The data will be processed for the entire duration of the relationship and then subsequently stored for 10 years. After this deadline, the data will be destroyed.
3. DATA PROCESSED
Data you voluntarily provide to us
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this Site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the request.
The optional, explicit and voluntary registration through the forms on www.namagioielli925.com and in the Apple® App Store in the registration area, as well as the sending of requests by email to the portal entails the subsequent acquisition of all the data reported. in the completed fields, treated in accordance with what is specified in this information. and treatment in accordance with what is reported in this document.
Data we acquire while browsing
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit and necessary in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of those who surf . These data are used for the sole purpose of obtaining statistical information on the use of the site and to check its correct functioning. They could also be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this possibility, the data, as described here, persist for a time not exceeding that necessary for the purposes for which they are collected and subsequently treated.
4. RECIPIENTS OF PERSONAL DATA
Personal data are processed by the Data Controller applying the principles provided for by current regulations. The treatment is also entrusted to the following categories of external subjects, duly appointed as data processors: legal, tax and IT consultants; companies that provide technical / IT services; companies that carry out processing activities through the processing of telematic communications (e-mail, management, cloud, video communication and video conferencing platforms). These service companies are selected on the basis of their certifications and their declarations regarding reliability, security and compliance with national and European legislation on the processing of personal data. These companies have been assigned specific tasks and instructions for respecting your rights in the performance of their functions pursuant to art. 28 GDPR. Furthermore, in some cases, the judicial bodies may request the data processed by the Data Controller, in these cases the communication of such data represents a legal obligation.
5. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
Through the use of IT service and telematic communications companies, of web conference platforms, appropriately appointed as data processors, it could happen that personal data are placed or transmitted in countries not belonging to the European Economic Area. If this occurs, said transfer takes place only on condition that the destination country has been deemed by the European Commission as suitable for transfer pursuant to art. 45 of Regulation 2016/679 (adequacy decision) or, in the absence of such a decision, if one of the conditions referred to in articles 46 and 47 of the same Regulation is met (in particular, standard contractual clauses or binding corporate rules).
6. RIGHTS OF THE INTERESTED PARTIES
The GDPR recognizes various rights to the interested party, which he can exercise by contacting the Data Controller at the addresses indicated in this information, provided that the conditions provided for by the law are met from time to time:
- the right to know if the Data Controller is processing personal data concerning him and, in this case, to have access to the data being processed and to all information relating to it;
- the right to rectify inaccurate personal data concerning you and / or to integrate incomplete ones;
- the right to have your personal data deleted;
- the right to limitation of processing;
- the right to object to the processing;
- the right to the portability of personal data concerning you;
- the right to withdraw the consent at any time, without prejudice to the lawfulness of the processing, based on the consent, carried out before the revocation.
In any case, it is possible to submit a formal Complaint to the Guarantor for the protection of personal data, according to the methods available on the website of the Guarantor itself.