Pursuant to Article 13 of Regulation EU 2016/679, hereinafter referred to as GDPR (General Regulations for the Protection of Personal Data), also considering Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018, we inform you about the following:
- The data controller is: Titanlux s.r.l.
- VAT no.: 04289280242
- Registered office: Via Saviabona, 143 – 36010 Cavazzale di Monticello C.O. (VI – Italia)
- Tel. 0444 297684
- E-mail: firstname.lastname@example.org
Purposes of the processing and legal bases
The Data Controller will process some personal data of users who interact with the computer systems and software procedures used to operate the website. Specifically, browsing data that computer systems automatically acquire while using the website – such as IP address, domain names and browser types – will be processed. These data will not be accompanied by any additional personal information and will be used to gather anonymous statistical information on the use of the website, to control the way the website is used and to ascertain responsibility in the event of any computer crimes.
Data provided voluntarily by the user
The personal data you provide will be used exclusively for the following purposes:
- a. Conclusion and execution of the contract (registration, use of the website’s services) and all activities related thereto, including but not limited to invoicing, credit protection, protection of the rights and interests of the Data Controller, administrative, management, logistics/organisational and functional services for the execution of the contract;
- b. Fulfilment of the obligations envisaged by the law, regulations, applicable legislation and other provisions issued by Authorities and Supervisory and Control Bodies envisaged by the Law.
The legal bases for the processing of personal data for the purposes referred to in points a) and b) above are: the execution of a contract and/or the adoption of a pre-contractual measure at the request of the Data Subject, and the fulfilment of one or more legal obligations or the exercise of a legitimate interest.
Methods of data processing
The processing of personal data is performed by means of the operations indicated in Article 4, no. 2) of the GDPR for the above purposes both on paper and digitally, using electronic and/or automated tools, in compliance with current laws on privacy and security and in compliance with the principles of propriety, lawfulness and transparency and protection of the rights of the Customer. The processing is performed directly by the Data Controller’s organisation, by its Data Processors pursuant to Article 28 and by designated internal parties.
Mandatory or optional nature of the provision of data and consequences of any refusal to provide them
The data required for the purposes referred to in the previous point must be provided for the fulfilment of legal obligations and/or for the conclusion and execution of the contractual relationship requested by you or for the exercise of the legitimate interest of the Data Controller. Therefore, your refusal, even partial, to provide such data would make it impossible for the Data Controller to establish and manage such relationship.
Disclosure and dissemination
To the extent strictly relevant to the above obligations, tasks and purposes and in compliance with current laws on the subject, your personal data may be disclosed to the following categories of parties:
- Parties to whom such disclosure must be made in order to fulfil or to require the fulfilment of specific contractual obligations or those envisaged by laws, regulations and/or Community legislation;
- External natural and/or legal persons who provide services instrumental to the activities of the Data Controller for the aforementioned purposes (e.g. commercial partners, suppliers, consultants, companies, entities, professional firms). These parties shall operate as data processors pursuant to Article 28 of the GDPR.
Personal data shall not be disseminated in any way unless you explicitly consent or request it in writing.
Retention periods of personal data
The personal data will be kept for the entire time necessary for the execution of the contract stipulated with the Data Controller, after which the data will be kept to fulfil the obligations envisaged by law and for the storage of administrative documents in compliance with current legal provisions.
The personal data are stored on servers located within the European Union. In any case, it is understood that the Data Controller will have the right to move the servers outside the EU if necessary. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission. If the User uses online payment methods, they may be redirected to platforms managed by third parties (such as Multisafepay, PayPal and so on) that operate as independent Data Controllers with any consequent obligation envisaged by the GDPR and applicable laws.
The Data Controller does not intentionally collect personal information about minors.
Rights of the data subject
As the data subject, you have the rights set out in the GDPR, namely:
- Receive confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their disclosure in an intelligible form;
- Receive information regarding:
- the origin of the personal data;
- the purposes and methods of the processing;
- the logic applied if processing with electronic devices;
- the identification of the data controller, data processors and designated representative pursuant to Article 3, paragraph 1 of the GDPR;
- the parties or categories of parties to whom the personal data may be disclosed or who may learn about them as designated representative in the territory of the State, data processors or appointees;
- the updating, rectification and, if interested, completion of the data;
- the erasure, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is unnecessary for the purposes the data were collected for or subsequently processed;
- certification to the effect that the operations and contents as per letters a) and b) have been brought to the attention of the entities the data were disclosed to, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right being protected.
- Wholly or partially object:
- for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of their collection;
- to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications through the use of call systems with the intervention of an operator, and/or via email and/or using traditional marketing methods by telephone and/or by post.
Note that all Data Subjects have the right to wholly or partially object to the processing of data for marketing purposes. Therefore, the data subject may decide to receive only communications through traditional methods or only automated communications or neither type of communication. Where applicable, they also have the rights referred to in Articles 16-21 of the GDPR (right of rectification, right to be forgotten, right of restriction of processing, right to data portability, right of opposition), as well as the right to lodge a complaint with the Privacy Authority.
To exercise the above rights or for questions or information regarding the processing of your data and the security measures put in place, Data Subjects may in any case submit their requests to our company at the following address: email@example.com