INFORMATION ON THE PROTECTION OF PERSONAL DATA
With this document ("Information"), the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data, as well as the rights that the EU Regulation 2016/679 ("GDPR") gives you recognizes.
This Notice relates exclusively to the processing of personal data conducted through the Grandinote Website (hereinafter "Grandinote"), accessible electronically at the following address https://www.grandinote.it (the "Site").
PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
Grandinote, pursuant to and for the purposes of the Regulation, announces that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on principles of correctness, lawfulness, transparency and protection of confidentiality and of fundamental rights.
HOLDER OF THE TREATMENT
Your personal data will be processed as data controller by Grandinote, with registered office in Via Primo Maggio, 32 27042 Bressana Bottarone (PV). You can contact the data controller by e-mail through the contact form of this Site.
TYPE OF DATA PROCESSED AND PURPOSE OF THE TREATMENT
Grandinote will use the data collected through the Site exclusively for the purposes indicated below.
Purposes related to the correct functioning of the Site
The data collected online, relating to connection, navigation and registration within the Site (such as the addresses in URI-Uniform Resource Identifier notation of the requested resources, the time of the request, the method used to submit the request to the server, the of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the user's IT environment) are processed for the sole purpose of obtaining anonymous statistical information on the use of the Site and for check their correct functioning, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site: with the exclusion of this eventuality, the data will be deleted after the useful time for the provision of the services illustrated on the Site.
Purposes related to marketing and commercial profiling activities
With your specific consent, your personal data will be used for the following purposes: collection, registration and processing of purchase data, economic and statistical analysis, sending of advertising and information material, promotional operations by Grandinote partners.
OPTIONAL NATURE OF THE PROVISION
The provision of personal data is generally optional. Only in certain cases failure to provide data may make it impossible to access specific services and obtain what may be requested.
LEGAL BASIS OF THE PROCESSING
Grandinote will process your personal data on the following legal bases:
> the fulfillment of your request, pursuant to Article 6, first paragraph, letter b), of the GDPR, to be considered implicit by simply accessing the Site or in the case of purchasing products on the e-commerce channel; therefore, your consent is not necessary to authorize the processing;
> because it is necessary to fulfill a legal obligation to which the holder is subject (eg. for anti-fraud checks in the use of payment instruments).
METHOD OF TREATMENT AND STORAGE OF PERSONAL DATA
The processing of your personal data will take place, in compliance with the provisions of the GDPR, using IT and telematic tools, for the purposes indicated and, in any case, with methods suitable for guaranteeing their security and confidentiality in accordance with the provisions of Article 32 of the GDPR.
The data processing will last no longer than necessary to satisfy the purposes for which they were collected (e.g. associative relationship), or will have an indefinite term as in the case of the Site (at least until an explicit request for cancellation by user).
RECIPIENTS OF PERSONAL DATA
For the purposes indicated in this information, your personal data may be disclosed to third parties who work in collaboration with the owner by carrying out related, instrumental or support activities to those of the owner, duly appointed as responsible pursuant to art. 28 of the Regulation or who are authorized to process data pursuant to art. 29 of the Regulation, exclusively to provide the services requested by the user or comply with other regulatory obligations.
Finally, your data will be processed by resources inside the offices of the Data Controller, adequately trained, who operate as personnel authorized to process personal data.
Apart from the aforementioned hypotheses, personal data will not be communicated except to subjects, entities and authorities to whom communication is mandatory by virtue of provisions of law or regulation.
TRANSFER OF DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
Personal data collected through the Site may be transferred outside the national territory, solely and exclusively for the execution of the services requested through the Site and in compliance with the specific provisions of the Regulations.
Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients takes place in compliance with the Regulations.
RIGHTS OF THE INTERESTED PARTY
In relation to the treatments described in this Notice, you can exercise the rights listed in this section, enshrined in Articles 15 to 21 of the GDPR, indicated below.
Right of access - article 15 GDPR
Right to obtain confirmation as to whether or not personal data concerning you is being processed and, in this case, to obtain access to your personal data - including a copy of the same - and the communication, among others, of the following information :
> purpose of the processing
> categories of personal data processed
> recipients to whom these have been or will be communicated
> data retention period or the criteria used
> rights of the interested party (rectification, cancellation of personal data, limitation of processing and right to object to processing
> right to lodge a complaint
> the right to receive information on the origin of your personal data if they have not been collected from the data subject
the existence of an automated decision-making process, including profiling.
Right of rectification - Article 16 GDPR
Right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data.
Right to cancellation (right to be forgotten) - Article 17 of the GDPR
Right to obtain, without undue delay, the cancellation of personal data concerning you, when:
> the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
> You have withdrawn your consent and there is no other legal basis for the processing;
> You have successfully opposed the processing of your personal data;
> the data has been unlawfully processed,
> the data must be deleted to fulfill a legal obligation;
> the personal data was collected in relation to the information society service offer referred to in Article 8, paragraph 1, GDPR.
The right to erasure does not apply to the extent that the processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the ascertainment, exercise or defense of a right. in court.
Right to restriction of processing - Article 18 of the GDPR
Right to obtain the limitation of processing, when:
> the interested party disputes the accuracy of the personal data;
> the processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited
> personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
> the interested party opposed the processing pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
Right to data portability - article 20 GDPR
Right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another Data Controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from the Data Controller to another Data Controller if this is technically feasible.
Right to object - article 21 GDPR
Right to object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing.
Right to lodge a complaint
Right to lodge a complaint with the competent authority regarding personal data, by sending the complaint to the Guarantor for the protection of personal data, at Piazza di Monte Citorio n. 121 - 00186 Rome; e-mail: firstname.lastname@example.org, or to the supervisory authority of your place of habitual residence, work, or the place where the alleged violation took place.
The above rights may be exercised by contacting the Data Controller at the addresses indicated above. The exercise of your rights as an interested party is free pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request. Furthermore, the Data Controller may request additional information necessary to confirm the identity of the data subject.