EU REGULATION 2016/679 - GDPR
EU REGULATION 2016/679 - GDPR
Gioielleria Grande S.R.L. registered in the Companies Register of Frosinone, CF and VAT no. 01796130605, trade to the minute in the sector of the jewelery, oreficeria, argenteria, articles of gift, pelletteria, cod. ATECO 47.77, with registered office in Frosinone (Fr) - 03100 - Piazzale G. De Matthaeis, 4 and operational headquarters in Frosinone - 03100 - Piazzale G. De Matthaeis, 4, and Via Aldo Moro, 153 - contacts: Tel 0775 852770, mail to the address info: firstname.lastname@example.org as Data Controller, ie the one who determines the purposes and means of the processing of personal data, informs you pursuant to Article 13 of the EU Privacy Regulation 2016/679, hereinafter referred to as GDPR that your data will be processed according to the methods and purposes of this Information.
- data controller: the natural or legal person, public authority, services or other body that, individually or together with others, determines the purposes and means of processing personal data;
- controller: the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller;
- recipient: the natural or legal person, public authority, service or another body that receives communication of personal data, whether it is a third party or not.
- third: the natural or legal person, public authority, service or other body other than the data subject, the controller, the controller and the persons authorized to process personal data under the direct authority of the holder or of the manager;
- profiling: any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, preferences personal, interests, reliability, behavior, location or movement of that physical person;
1. Object of the Treatment
- Personal data processing means any operation or set of operations, performed with or without the use of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
- Personal data: means identification data such as name, surname, identification number, location data, telephone number, an online e-mail identifier, bank and payment details or one or more characteristic elements of its physical, physiological identity , genetic, psychic, economic, cultural or social DA SHE communicated on the occasion of the conclusion of contracts with the Owner Gioielleria Grande Srl with explicit consent as per article 9 GDPR, concerning the processing of sensitive data where necessary and provided for by law .
- By consent of the interested party must be understood any manifestation of will of the interested party that is expressed in a free, specific and unambiguous way, with which he expresses his assent by declaration or positive action unequivocal, that personal data concerning him are object of treatment. (GDPR);
2. Data processing ex art 6 GDPR_ Legal Basis, Purpose of the processing; consequences of Rejection, Communication and Data Accessibility.
The legal basis of the processing can be understood as the source / origin / justification of the processing in a legal provision, in the fulfillment of a contract and in the satisfaction of a request by the party concerned. Your personal data are treated ex art 6 GDPR for the following service purposes:
- conclude the contracts for the services of the Owner;
- fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
- exercise the rights of the owner, for example the right to defense in court;
The provision of data for the purposes mentioned above is mandatory . The refusal to provide data may prevent the fulfillment of the legal obligation by exposing the person concerned to penalties covered by the legal system; The refusal to provide data may preclude the performance of the contractual obligation and expose the data subject to any liability for breach of contract; The refusal to provide data may determine that the data subject does not receive the requested service.
Your data may be made accessible for the aforementioned purposes referred to by third-party companies or other entities that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data controllers.
The Data Controller may communicate your data for the purposes indicated above to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers. Your information will not be disseminated.
3. Data processing ex art 7 GDPR marketing, promotional and advertising purposes.
Your personal data are processed under Article 7GDPR subject to your specific consent for the following marketing purposes, of a promotional and advertising nature.
- send via e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Owner and detection of the degree of satisfaction on the quality of services;
- send via e-mail, mail and / or sms and / or telephone contacts commercial and / or promotional communications of third parties - business partners;
The provision of data for the purposes mentioned above is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in art. 2.
4. Methods of treatment - Methods of demonstration of consent for data processing - site
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data are subjected to both paper and electronic and / or automated processing, with the support of IT or telematic means. Your personal data are collected on the website www.gioielleriagrande.it ("Site") with particular reference to the area of user registration.
For maximum transparency aimed at the provision of a conscious consent by the user concerned, we specify that registration to the Site is exclusively required for users who register because they intend to consent to the processing of their personal data for the purposes of the Services referred to in art 2 or Marketing purposes pursuant to art. 3 or both of this information. If the user does not intend to give consent to the processing for the purposes of services referred to in Article 2 and for marketing purposes pursuant to art. 3 he must not (nor can) register, save the ability to browse and view the contents of the Site as an unregistered user. The registration process consists of filling out an online form in which it is required to indicate certain personal data for the activation of authentication credentials (login + password) with which the person will access all the features reserved for registered users for manage the receipt of communications pursuant to the purposes indicated in art. 2 and 3 of this information. With a view to absolute transparency, the Company informs the data subject that the data will be collected and subsequently processed on the basis of a specific provision of free, revocable, verifiable and unambiguous consent by means of a specific consent form attached to this statement.
The user can give his / her consent by authorizing the processing of his / her data that pursue the aims and purposes set out in articles 2-3-5-6- of this information by means of a specific consent form attached to this.
5. Profiling - Automated decision making process - Processing of personal data for profiling purposes Marketing and Services - Consent TREATMENT Profiling
6. Use of profiling cookies, aimed at creating user profiles and sending advertising messages based on the preferences expressed by them.
This websitewww.gioielleriagrande.it ("Website") DOES NOT use profiling cookies for the purposes of services as per art. 2 and for marketing purposes pursuant to art. 3 of this information.
Your data will be kept in compliance with the principle of proportionality and in any case until the purposes of the processing have been pursued and in any case for no more than 7 years from the termination of the service for the purposes referred to in Article 2 and no later than 2 years from the collection of data for the purposes referred to in art. 3 of Marketing or until - if previously - there is no revocation of the specific consent by the interested party. Likewise for the data processed by Profiling. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
8. Rights of the interested party
In your capacity as an interested party, you may exercise your rights envisaged and contemplated by the EU Privacy Regulation, more precisely: Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right of opposition, as well as the right of complaint to the Guarantor Authority.
Right of Revocation
Pursuant to Article 7 point 3 of the EU GDPR Regulation, the interested party may withdraw his consent at any time, and has the right to do so with the same simplicity with which he has granted it. The act of revocation of consent does not affect the lawfulness of the treatment based on consent before revocation.
Right of access and right of rectification
Article 15 of the EU Privacy Regulation establishes that the data subject has the right to request and obtain from the data controller access to their personal data.
In particular, the interested party has the right to know:
a) the purposes of the processing;
b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
(d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the data subject, all information available on their origin;
h) the existence of an automated decision-making process, including profiling, and significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
Where personal data are transferred to a third country, the data subject has the right to be informed of the existence of adequate safeguards with respect to the protection provided in the third country.
Furthermore, the data controller shall provide the data subject with a copy of the personal data being processed and, in the event of further copies requested, the holder may charge a reasonable fee for administrative costs.
With regard to the right of rectification (Article 16 of the EU Regulation), the interested party has the right to obtain from the data controller, without undue delay, the correction of inaccurate data concerning him and, therefore, the integration of incomplete personal data. .
Right to be forgotten
The right of cancellation (right to be forgotten) of the personal data of the interested party, specifying the innovations introduced by the EU Privacy Regulation on the subject.
Article 17 of the EU Regulation provides for the right of the interested party to obtain the cancellation of their personal data without undue delay, even after the withdrawal of consent to the processing.
Right of limitation of treatment
With the new EU Privacy Regulation, article 18 the interested party, has the right to obtain from the holder a limited treatment of his data when he disputes the accuracy of personal data; when the processing is unlawful and if the party has opposed the processing, pursuant to Article 21 (1) of the Regulation, pending verification of the possible prevalence of the legitimate reasons of the data controller or of the rights of the 'interested.
Furthermore, the right of limitation may be invoked if the data controller no longer needs to keep the data for processing purposes, but the data may be necessary for the data subject to verify, exercise or defend the data. a right in court. Therefore, if the processing is limited, the personal data of the interested party are treated, excluding storage, only with his consent. The limitation can be revoked and, in this case, the data controller must inform the interested party.
On the subject in question, in the guidelines of the Privacy Guarantor a noteworthy recommendation emerges, namely: "the right to limitation requires that personal data be" marked "pending further determinations; therefore, it is appropriate that the owners envisage in their information systems (electronic or not) suitable measures for this purpose ".
Right to data portability
This right contemplated by Article 20 of the EU Privacy Regulation allows the data subject to receive personal data concerning him / her provided to a data controller in a structured format, commonly used and readable by an automatic device, so that it can transmit them to a another unrestricted data controller by the holder to whom he has provided them (such as, for example, a different service provider). The exercise of the right to portability must not harm the rights and freedoms of others. Personal data referring to the data subject is portable. Therefore, anonymous data are excluded. To be portable data must be processed through automated tools. The archives and paper records are therefore excluded.
Furthermore, only data processed with the data subject's consent or on the basis of a contract with the data subject are portable. The data must have been knowingly and actively provided by the interested party (for example, the registration data entered by filling out an online form, ie user name, age, email address, etc.).
Right to oppose the processing of data
The interested party also enjoys the right to object.
Article 21 of the new Regulation has regulated this right, which by definition allows the party to oppose at any time, for reasons related to his particular situation, the processing of personal data concerning him. Nothing has changed with respect to Directive 46/95 / EC.
Paragraph 2 of the aforementioned article states that: "in the event that personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him / her for such purposes, including profiling in so far as it is related to this direct marketing purpose ".
If personal data are processed for the purposes of scientific or historical research, the data subject has the right to object to the processing of personal data concerning him, unless the processing is necessary for the performance of a task in the public interest (the Article 21 (6).
Right to propose a Complaint to the Guarantor Authority
The interested party has the right to propose a Complaint to the Guarantor Authority as regulated by Regulation 2016/679, to Chapter VIII ("Remedies, ...") - art. from 77 to 82.
9. How to exercise rights
You can exercise your rights at any time by sending:
- - a registered letter to Gioielleria Grande SRL - Operative office Piazzale G. De Matthaeis, 4, 03100 - Frosinone - Tel 0775 852770
- - an e-mail to the info address. email@example.com
10. Owner, manager and agents
The Data Controller is Gioielleria Grande Srl in the figure of the legal representative Raffaele Grande;
The updated list of data processors and data processors is kept at the registered office of the Data Controller.