Privacy Policy GDPR

Information on the Processing of Personal Data

pursuant to art. 13 General Data Protection Regulation – EU Reg. 2016/679

(“Privacy Policy”)

1. Data processed
2. Purpose of the Processing and its Lawfulness
3. Optional or Mandatory Consent
4. Methods of Treatment
5. Categories of recipients
6. Transfer of Data outside the European Union
7. Retention period
8. Rights recognized to the interested party
9. Plug-ins for Social Networks
10. Changes to the Privacy Policy
11. Identity and contact details of the Data Controller

1. DATA PROCESSED

Personal and identifying data

Personal data means any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information. In particular, these personal data may be collected through the Site: name, surname, date of birth, tax code, physical address, e-mail address, telephone number, purchasing preferences, [-]). Sensitive data are generally not processed through the Site (i.e. those relating to religious beliefs, trade union membership, sexual preferences and others indicated by art. 9 of the Regulation) and we therefore ask all users not to include them already in the sending a contact via the Site, or in other forms of interaction provided by the Site. If it becomes necessary to process data of this type, we will request the consent of the interested party/user in advance.

Browsing data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes, by way of example, the IP addresses or domain names of the computers used by users who connect to the Site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response , the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the interested party/user.

Data provided voluntarily by the interested party/user

Sending (always optional and at the discretion of the interested party/user) e-mails to the e-mail addresses indicated on the Site and/or through other interactions with the Site itself involves the subsequent acquisition of the sender's address, necessary to respond to requests. , as well as any other personal data entered by the interested party/user. Specific information may be presented on the pages of the Site in relation to particular services provided by the Company/owner.

2. PURPOSE OF THE PROCESSING AND ITS LEGALITY

The processing of personal data is based on the principles of correctness, lawfulness and transparency, protecting the confidentiality and rights of users and in compliance with the company privacy policy. The purposes for which the personal data collected through the Site are used include:

3. OPTIONAL OR MANDATORY CONSENT

Each interested party/user remains free to provide personal data in emails sent to the email addresses on the Site, through the order forms or other interactions with the Site itself. However, failure to provide the data requested, for example for subscribing to the newsletter, or for sending a quote or order, will make it impossible for us to follow up on the request. Failure to consent for the purposes referred to in point IV above may make it impossible to follow up on the request to subscribe to the newsletter, but not the impossibility of proceeding with processing an order or sending a quote. Failure to consent for the purposes referred to in point V above will not affect the possibility of proceeding with processing an order or sending a quote. Any consent given may be revoked by the interested party/user at any time and such revocation does not affect the lawfulness of the processing based on consent before its revocation.

IT IS SPECIFIED THAT THE CONSENT INDICATED ABOVE CAN ONLY BE VALIDLY GIVEN BY THOSE WHO HAVE ALREADY BEEN 16 YEARS OF AGE. THOSE WHO HAVE NOT YET BEEN 16 YEARS OF AGE ARE REQUIRED TO GATHER THE CONSENT OR AUTHORIZATION OF THEIR PARENTS, OR THE PERSON WHO EXERCISES PARENTAL RESPONSIBILITY.

4. METHODS OF TREATMENT

The processing of personal data is carried out using paper-based methods and IT tools in compliance with the provisions on the protection of personal data and, in particular, with the appropriate technical and organizational measures referred to in art. 32.1 of the Regulation, and with the observance of every precautionary measure that guarantees its integrity, confidentiality and availability.

5. CATEGORIES OF RECIPIENTS

Personal data may be communicated, in strict relation to the purposes indicated above, to the following subjects or categories of subjects:

1. subjects in relation to whom current legislation provides for the obligation to communicate, in compliance with the provisions of tax and accounting legislation;
2. to professionals and third-party companies with which the Company/owner collaborates, where necessary for the operation of the Site, or for the management of the application request/order sent via the Site (e.g. shipping company);
3. to professionals and third-party companies with which the Company/owner collaborates, for example for the implementation of commercial initiatives (e.g. web agencies).

With regards to paragraphs b) and c), we undertake to rely exclusively on subjects who provide adequate guarantees regarding data protection, with their appointment where possible as Data Processors pursuant to art. 28 of the Regulation. Upon request to the Company/owner, the complete list of Data Controllers will be made available to the interested party/user.

6. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

Personal data may be transferred outside the European Union exclusively for the fulfillment of the requests of the interested party/user and when such transfer is necessary for the management and fulfillment of contracts with the interested party/user, in particular with respect to deliveries to non-European countries. Transfers of the personal data of the interested party/user outside the European Union take place: to shipping/delivery companies and other external operators on which the Company/owner relies for the management and fulfillment of contracts with the interested party/user user.

With respect to the recipient countries, please note that for some countries listed below, the European Commission has issued, following the appropriate analyses, a decision regarding the adequacy of the level of protection of personal data guaranteed in these countries (these are Andorra, Argentina, Canada, Far Oer, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and, in the context of ad hoc international agreements, Australia, Uruguay and the USA). Other recipient countries may present potential risks for the protection of personal data in relation to regulatory, cultural or socio-political factors in place in the country.

In all cases of transfer of personal data outside the European Union, the Company/owner undertakes:

1. to transmit only the data necessary for the purposes described above;
2. to obtain from the recipient the appropriate security and confidentiality obligations with respect to the personal data transmitted, a commitment to use such data exclusively for carrying out relations with the Company/owner, in addition to the appropriate protections for the exercise of the rights due to the interested party/ user, as well as in the case of data breach;
3. to inform the interested party/user before sending personal data to non-European countries that have not been indicated in this article.
   
   

7. STORAGE PERIOD

Personal data are kept in the archives of the Company/owner and are kept for a maximum period of 10 (ten) years starting from the last interaction with the interested party/user, in consideration of the limitation period for any claims arising from contact between the Company/owner and interested party/user, provided by law. In the event of disputes or disputes, whether judicial or extrajudicial, between the Company/owner and the interested party/user, the 10-year term will start from the definitive closure of such dispute (e.g. final judgment or final settlement agreement).

8. RIGHTS RECOGNIZED TO THE INTERESTED PARTY

At any time the interested party/user will be able to assert the rights provided for by the articles against the Company/owner. from 15 to 22 of the Regulation, or the right to request:

• access to personal data, or to know their personal data stored by the Company/owner, the purposes for which they are processed, their origin and the other information required by the art. 15 of the Regulation;
• the rectification of personal data in case of inaccuracy;
• the deletion of personal data (so-called 'right to be forgotten');
• the limitation of the processing of personal data, or the right to obtain the suspension of the processing of personal data for the period necessary to verify the request for correction of personal data, or in the other cases provided for by the art. 18 of the Regulation.

Furthermore, the interested party/user is entitled to:

• the right to data portability, i.e. the right to receive personal data in a structured, commonly used and machine-readable format - including by requesting its direct transfer to another owner;
• the right to lodge a complaint with the Privacy Guarantor, or with the Supervisory Authority of the place where he resides, works or where the violation occurred, where he believes that the processing of personal data has occurred in violation of the Regulation.
• the right to object to the processing of data pursuant to Article 6, paragraph 1, letters e or f) of the Regulation, i.e. when the processing is necessary for the execution of a task of public interest or for the pursuit of the legitimate interest of the Company/ holder.

9. PLUG-INS FOR SOCIAL NETWORKS

Some pages of the Site may contain social network plug-ins (e.g. Google Maps, Facebook, LinkedIN, Google+). By clicking on these plug-ins - which are recognizable with the same symbol as the relevant social network - the browser connects directly to the social network's servers and an additional browser page or tab is opened, connected to the social network. In the event that the interested party/user, at the moment in which he clicks on the plug-in, is connected to his social account (connection which can remain active even if the social network page is closed, typically in the case in which returning to the social network address if the interested party/user is already logged in with their account), some personal data may be associated with the social account. Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the privacy of the interested party/user in this context, is present directly on the pages of the social networks. If the interested party/user does not wish to associate the visit to our Site with their social account, they must log off from the social network before visiting it.

10. CHANGES TO THE PRIVACY POLICY

The Company/owner reserves the right to modify, update, add or remove parts of this privacy policy at its discretion and at any time. In order to facilitate verification of any changes/updates, the information will contain an indication of the update date.

11. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The data controller is Amabilia Srl, with registered office in Via San Antonio 9, 36027, Rosà (VI), Italy. For requests pursuant to this Privacy Policy or simple clarifications: tel 0424 581214; e-mail [ privacy@amabilia.it ].

Update date: 20 November 2018 ( see previous information )