Information on the processing of personal data EX ARTT. 13-14 EU REGULATION 2016/679
Core s.r.l. (hereinafter referred to as Data Controller) informs you that the data entered by the user and stored in our systems will be processed in compliance with Legislative Decree no. June 30, 2003, n. 196 (Code regarding the protection of personal data, pursued "Privacy Code") and art. 13 EU Regulation n. 2016/679 (hereinafter, "GDPR").
Below is provided all useful information regarding the processing of such personal data, which guarantees security and confidentiality.
1. Object of the treatment
The Data Controller processes personal, identifying and non-sensitive data (specifically, name, surname, tax code, VAT number, email address, telephone number - later, "personal data" or even "data") that you have communicated
- when registering on the website of the Owner and / or when registering for the newsletter service offered by the Data Controller.
- on the conclusion of contracts for the services of the Data Controller.
2. Purpose of the treatment
Your personal data are processed:
A) without your express consent (Article 24 letter a, b, c Privacy Code and article 6 letter b, and of the GDPR), for the following Service Purposes:
- conclude the contracts for the services of the Data Controller;
- fulfill the pre-contractual, contractual and tax obligations arising from your existing relationships;
- fulfill the obligations established by the law, by a regulation, by community legislation or by an order of the Authority (such as in the matter of anti-money laundering);
- allow you to register on the website;
- manage and maintain the website;
- allow you to subscribe to the newsletter service provided by the Owner and any additional Services requested by you;
- exercise the rights of the owner, for example the right of defense in court.
B) Only subject to your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
- send them via e-mail, mail and / or text messages and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and recognition of the degree of satisfaction with the quality of services; >
- send them via e-mail, mail and / or sms and / or telephone contacts commercial and / or promotional communications of third parties (for example business partners or other group companies).
Please note that if you are already a customer, we may send you commercial communications relating to services and products of the Owner similar to those you have already used, unless you disagree (Article 130 paragraph 4 of the Privacy Code).
3. Method of treatment
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are processed either on paper or electronic and / or automated.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 50 years from the termination of the Service Terms and for no more than 20 years from the collection of data for Marketing.
4. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B) of this information to:
- employees and collaborators of the owner or of the companies of the Group of which the owner belongs, in their capacity as agents and / or internal managers of the processing and / or system administrators;
- Group companies of which the Owner is a party or a third-party company or other entity (for example, providers for the management and maintenance of the website, suppliers, portals, credit institutes, professional offices, etc.) that perform outsourcing activities on behalf of the Data Controller, appointed external data processors, in particular to:
- Facebook Connect: Advertising Service, Target Advertising, Analytics / Measurement, Customizing Content;
- Facebook: Advertising Service, Target Advertising, Content Customization;
- Google Analytics: Target advertising, Analytics / Measurement, Optimization;
- Google Tag Manager: Analytics / Measurement, Content Customization, Optimization;
- Google Translate: Advertising Service, Target Advertising, Analytics / Measurement, Content Customization, Optimization;
- MailChimp (When you are subscribed to the mailing list);
- YouTube: Advertising Service, Target Advertisingity, Analytics / Measurement, Content customization, Optimization.
- in case of purchase on site: Freight Forwarders and Logistics Company;
5. Data communication
Without the need for your express consent (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers. Your data will not be disseminated.
6. Data transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Europe, at the headquarters of third-party companies. The data will not be transferred to outside the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for European Commission.
7. Nature of providing data and consequences of refusing to reply
Providing data for the purposes referred to in art. 2.A) is mandatory. In their absence, we can not guarantee you neither the registration to the site nor the services of the art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller. In any case you will continue to be entitled to the Services referred to in art. 2.A).
8. Rights of the interested party
In his capacity as an interested party, he has the rights set forth in art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights of:
- obtain confirmation of the existence or not of personal data concerning you, even if not yet registered and their communication in intelligible form;
- obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the owner, the managers and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as a designated representative in the territory of the State, managers or agents;
- obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right,
- oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection ; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.li>
Where applicable, it also has the rights set forth in articles. 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
9. How to exercise rights
You may exercise your rights at any time by sending:
- a registered letter a.r. to Core s.r.l., via Teresa Ciceri 4/a, Como (CO)
- an e-mail to the address: firstname.lastname@example.org
The data controller is Core s.r.l. a single member with headquarters in Como, via Teresa Ciceri 4/a