PRIVACY POLICY – E-SHOP WEBSITE
Dear Customer,
in accordance with article 13 EU Regulation 2016/679 (hereinafter, “GDPR”), we inform you that the processing of data by you provided will be carried out with methods and procedures aimed at ensuring that the processing itself is compliant with fundamental rights and freedoms, with special attention to confidentiality and security, to personal identity and the right of data protection.
Remember that “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 GDPR).
1. OBJECT OF PROCESSING, DATA ORIGIN AND LEGAL BASIS FOR THE PROCESSING
Personal data are processed by TAITU’ S.r.l. in accordance to the article 6 GDPR (processing is necessary for the performance of a contract to which the data subject is party) and they concern to:
- personal data (i.e. name, surname, address, phone number, email address, nationality);
- business data required to invoicing (tax code or VAT number).
Legal basis for the processing are:
- performance of a contract to which the data subject is party (article 6.1, point b) GDPR);
- compliance with a legal obligation to which the controller is subject (article 6.1, point c) GDPR);
- your consent to the processing (article 6.1, point a) GDPR);
- legitimate interests pursued by the Controller (article 6.1, point f) GDPR.
Data are collected from the data subject by filling in paper forms or business applications.
2. PURPOSE OF THE PROCESSING
Personal data are collected for the following purposes:
2.1 WITHOUT YOUR EXPRESS CONSENT FOR PERFORMANCE OF THE CONTRACT:
- fulfillment of pre-contractual, contractual and tax obligations deriving from the existing relationship;
- online shopping;
- fulfillment of the obligations deriving from the Law, Regulations, Community legislation or from an order of the Authority;
- correspondence and communication management;
- exercising of the Data Controller rights.
2.2 WITH YOUR EXPRESS CONSENT FOR MARKETING AND BUSINESS PURPOSES (article 7 GDPR):
- sending newsletter for marketing and business communication.
3. MODALITIES OF THE PROCESSING
The personal data you provide will form the subject of processing operations in compliance with the aforementioned law and the confidentiality obligations that inspire the activity of the owner. The data will be processed both with computer tools and on paper and on any other type of appropriate support, in compliance with the appropriate security measures pursuant to article 5.1 point f) GDPR.
The processing is limited to the following operations and with the following methods:
- collection of data from the data subject;
- registration and processing on computerized support;
- organization of system in mainly automated form.
The data will be processed using instruments that guarantee confidentiality, integrity and availability. The processing is carried out on paper and through computerized and / or automated systems and will include all the operations or set of operations envisaged in art. 4 of the GDPR and necessary for the processing in question, including the communication with the subjects assigned to the processing itself.
The data in question will not be disseminated, while they will be or may be communicated to public or private subjects operating within the scope of the purposes described above…
4. DATA RETENTION
The data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed and not more than
- 10 years for accounting data;
- 2 years for business and marketing purposes.
At the end of this time, data will be erased or anonymized.
5. ACCESS TO PROCESSING
The data will be made accessible for the purposes of point number 2:
- to the employees/collaborators in their capacity as authorized to the treatment, after suitable appointment;
- to third parties partner of the Data Controller (Data Processor);
- subjects whose right to access their personal data is recognized by provisions of law or secondary or community legislation.
6. DATA TRANSFER
The management and storage of personal data will be carried out on servers located within the European Union of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors. The data will not be transferred to outside the European Union.
If you authorized TAITU ‘S.r.l. to process your data for the purposes referred in point 2.2, we inform you that the management and storage of data may occur on servers located in third territory with respect to the European Union. This transfer is legitimate based on the “Privacy Shield” adequacy decision between the European Union and the United States of America pursuant to article 45 of the GDPR.
7. NATURE OF PROVIDING DATA AND CONSEQUENCES OF REFUSING TO ANSWER
The provision of data for the purposes referred to in point 2.1 is mandatory. In their absence, it will not be possible to proceed with browsing this site and make purchase orders. The provision of data for the purposes referred to in point 2.2 is optional.
8. RIGHTS OF THE DATA SUBJECT
According to the provisions of the GDPR, the interested party has the following rights towards the Data Controller:
- obtain confirmation of whether or not personal data processing is being processed and, in this case, to obtain access to personal data (Right of access article 15);
- obtain the rectification of inaccurate personal data concerning him without undue delay (Right to rectification article 16);
- obtain the erasure of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay, if certain conditions are met (Right to be forgotten article 17);
- obtain the restriction of processing in certain cases (Right to restriction article 18);
- receive the personal data concerning you provided in a structured, commonly used and readable form by automatic device and have the right to transmit such data to another Data Controller, without impediments by the data controller who provided them, in certain cases (Right to data portability article 20);
- object at any time, for reasons connected with your particular situation, to the processing of your personal data (Right to object article 21);
- receive without undue delay communication of the personal data breach suffered by the Data Controller (article 34);
- withdraw the consent expressed at any time (withdraw of the consent article 7).
Where applicable, in addition to the rights referred to articles 16-21 GDPR the data subject has the right to lodge a complaint with the Supervisory Authority.
9. MODALITIES OF EXERCISING YOUR RIGHTS
The data subject can contact the Data Controller at email address: taituitalia@taitu.it
10. DATA CONTROLLER
Data Controller is TAITU’ S.r.l. – Corso Sempione, 4 – 20154 Milano – Tel. 0290780606 – email: taituitalia@taitu.it
The list of data processors is available at the registered office of the owner mentioned above.
11. UPDATE OF THIS INFORMATION
This information may change. Any substantial changes will be communicated through our website.