in accordance with art. 13 EU Regulation 2016/679 (hereinafter, "GDPR"), we inform you that the processing of data by you provided will be carried out with methods and procedures aimed at ensuring that the processing itself is compliant with fundamental rights and freedoms, with special attention to confidentiality and security, to personal identity and the right of data protection.
Remember that “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 GDPR).
1 Object of processing
The data processed by TAITÙ S.r.l. refer to:
- Data collected automatically. The computer systems and the applications dedicated to the functioning of this website detect, during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols) potentially associated with identifiable users. The collected data includes the IP addresses and the domain names of the computers used by the users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters concerning the operating system, the browser and the computer environment used by the user. These data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation. The provision of such data is mandatory as it is directly connected to the web browsing experience.
- Data provided voluntarily by the user. The processing of data provided by you through the compilation of the collection form is subject to your express and unequivocal consent that you can provide in relation to the specific information for the reference form.
The voluntary sending of your email to our email addresses does not require further information or requests for consent.
2 Legal basis for the processing
Legal basis for the processing are:
- your consent to the processing (article 6.1, point a) GDPR);
- legitimate interest pursued by the controller (article 6.1, point f) GDPR).
3 Purposes of the processing
Personal data are processed for the following purposes:
- management of purchase orders and related payments;
- improvement of your browsing experience;
- sending newsletters.
4 Modalities of the processing
The personal data you provide will form the subject of processing operations in compliance with the aforementioned law and the confidentiality obligations that inspire the activity of the owner. The data will be processed both with computer tools and on paper and on any other type of appropriate support, in compliance with the appropriate security measures pursuant to article 5.1 point f) GDPR.
The processing is limited to the following operations and with the following methods:
- collection of data from the data subject;
- registration and processing on computerized support;
- organization of system in mainly automated form.
The data in question will not be disseminated, while they will be or may be communicated to public or private subjects operating within the scope of the purposes described above..
5 Data retention
The data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed.
In the event that you consent to the sending of newsletters, your data will be kept for a period not exceeding 2 years from the registration of the consent.
At the end of this time, data will be erased or anonymized.
6 Access to the processing
The data will be made accessible for the purposes of point number 3:
- to the employees/collaborators in their capacity as authorized to the treatment, after suitable appointment;
- to third parties partner of the Data Controller.
7 Communication of the data
The data will not be disclosed to third parties not authorized or disseminated in any way. To this end, the treatment is conducted with the use of appropriate security measures to prevent unauthorized access to data by third parties and to guarantee the confidentiality.
Without your express consent, the Data Controller may communicate your data for the purposes referred in point 3 to the following subjects:
- collaborators and external managers of the company responsible for carrying out processing operations.
8 Management and storage of personal data
We inform you that the management and storage of personal data carried out by the Data Controller will take place on servers located within European Union.
the Union Europe.The processing of personal data by third-party companies that provide support services and duly appointed as Data Processors could take place on servers located outside the European Union. This transfer is legitimate on the basis of the adequacy decision “Privacy Shield”between the European Union and the United States of America pursuant to Article 45 of the GDPR.
9 Nature of providing data and consequences of refusing to answer
The provision of data for the purposes referred to in points 3 a) and b) is mandatory. In their absence, it will not be possible to proceed with browsing this site and make purchase orders.
The provision of data for the purposes referred to in point 3 c) is optional.
10 Rights of the data subject
According to the provisions of the GDPR, the interested party has the following rights towards the Data Controller:
- obtain confirmation of whether or not personal data processing is being processed and, in this case, to obtain access to personal data (Right of access article 15);
- obtain the rectification of inaccurate personal data concerning him without undue delay (Right to rectification article 16);
- obtain the erasure of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay, if certain conditions are met (Right to be forgotten article 17);
- obtain the restriction of processing in certain cases (Right to restriction article 18)
- receive the personal data concerning you provided in a structured, commonly used and readable form by automatic device and have the right to transmit such data to another Data Controller, without impediments by the data controller who provided them, in certain cases (Right to data portability article 20);
- object at any time, for reasons connected with your particular situation, to the processing of your personal data (Right to object article 21);
- receive without undue delay communication of the personal data breach suffered by the Data Controller (article 34);
- withdraw the consent expressed at any time (withdraw of the consent article 7).
Where applicable, in addition to the rights referred to articles 16-21 GDPR the data subject has the right to lodge a complaint with the Supervisory Authority.
11 Modalities of exercising your rights
The data subject can contact the Data Controller at email address: email@example.com
12 Data Controller
Data Controller is TAITÙ S.r.l. - Corso Sempione, 39 - 20145 Milano - Tel. +390290780606 - email: firstname.lastname@example.org
The list of data processors is available at the registered office of the owner mentioned above.
13 Update of this information
This information may change. Any substantial changes will be communicated through our website.