INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13-14 OF REG. 679/2016
(version August 2021)
The company Nickname Snc di Silvi e Piazzi, as the data controller of your personal data, informs you about their use and your rights, so that you can consciously express your consent. The Personal Data Protection Regulation (Reg. 679/2016 – henceforth ‘GDPR‘ from the English acronym General Data Protection Regulation) requires that the processing of an individual’s data is based on the principles of fairness, lawfulness, transparency and protects the confidentiality and rights of the individuals concerned. For a correct understanding of the following terms, please consult the Privacy Guarantor’s Information Pages: https://www.garanteprivacy.it/regolamentoue. To view the text of Regulation 679/2016 (‘GDPR’), please consult the following site: https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:32016R0679&from=IT. To read the Legislative Decree 196/2003 (Privacy Code – ‘CDP’) in its latest version, please consult the following site: https://www.garanteprivacy.it/web/guest/codice.
1) WHO IS THE DATA CONTROLLER WHO DECIDES ON THE PURPOSES AND MEANS OF PROCESSING? HOW AND WHERE CAN THE CONTROLLER BE CONTACTED?
The Data Controller is the company Nickname Snc di Silvi e Piazzi, with registered office in via Turati no. 1, 40064 – Ozzano dell’Emilia (BO), VAT no. 02742231208, which can also be reached at the following e-mail address: firstname.lastname@example.org, also for the exercise of the rights listed below and for any requests for clarification. The website governed by this notice is: https://www.semmstore.com.
2) WHAT PURPOSES, METHODS, LEGAL CONDITIONS, CONSEQUENCES, DATA RETENTION PERIODS ARE APPLIED TO THE PROCESSING (IN PARTICULAR, NEWSLETTERS, SOFT-SPAM, MARKETING)?
The data that you will always provide directly and freely will be processed for the following purposes:
I) compliance with laws, regulations and EU legislation (LEGAL BASIS: regulatory obligation, failure to do so will result in legal consequences; DURATION: for as long as required by the applicable laws, 10 years in the case of retention of business records);
II) contractual and pre-contractual fulfilments arising from the relationship requested or established with the data subject, e.g. in the case of requests for information made by the data subject (LEGAL BASIS: contractual fulfilment, failing which it will not be possible to fulfil the request; DURATION: for the entire duration of the performance of the contractual or pre-contractual relationship); in particular, this includes the activity required to reply to data subject’s requests for information (also by means of telematic messaging services, chat, telephone, etc.), participation in initiatives organised by the Data Controller (e.g. events, surveys, competitions, etc.);
III) in the event of optional consent for promotional purposes by the Data Controller to the email, SMS, social media, messaging or other contact details communicated to us (LEGAL BASIS: consent, failing which you will not receive telematic promotional communications; DURATION: maximum 24 months unless revoked in advance, which is always possible);
IV) telematic promotional communications on the Controller’s activities similar to the products previously purchased by the data subject, to the telematic addresses communicated to us (LEGAL BASIS: legitimate interest, considered overriding as soft-spam permitted by Recital 47 GDPR and Art. 130 c. 4 CDP; DURATION: a maximum of 24 months from the last purchase made, without prejudice to your objection, which is always possible);
V) possible ascertainment, defence or exercise of a right in court (LEGAL BASIS: legitimate interest, considered overriding for self-defence in court; DURATION: for the entire prescriptive period provided for by the applicable laws, e.g. 10 years in the case of contractual liability);
VI) to be able to process in anonymous and aggregate form studies, research, market statistics (LEGAL BASIS: legitimate interest, considered overriding as a result of data anonymisation; DURATION: for as long as such processing is deemed appropriate);
VII) to protect the security of the Controller’s networks and information systems (LEGAL BASIS: legitimate interest, considered overriding as it complies with Recital 49 GDPR; DURATION: 6 months);
VIII) in the event of optional consent for the processing of your images (photos and/or audiovisuals, with possible voice), for purposes specified from time to time and which may include: participation in contests or initiatives of the Data Controller; publication with circulation on the website of the Data Controller and/or third parties (in particular, as fan pages of social media sites) – (LEGAL BASIS: consent, in the absence thereof it shall not be possible to use such images for the aforementioned purposes; DURATION: for the entire duration of use of the images as practised by the Data Controller, unless revocation is always possible; or for a different duration specified in the specific case by the Data Controller);
IX) in the event of optional consent for newsletters from the Controller at the email addresses communicated to us (LEGAL BASIS: consent, failing which you will not receive the newsletter; DURATION: maximum 24 months unless you unsubscribe in advance, which is always possible).
- b) with reference to the manner in which the personal data of the data subject will be processed, said processing will be carried out in compliance with the security measures provided for by the legislation in force, in computerised automated form (involving the use of software, hardware, computer networks), by telephone, by means of paper correspondence.
3) WHO WILL YOUR DATA BE DISCLOSED TO?
- The Data Controller, for the performance of its business activities, may in turn disclose them to the following entities to the extent strictly necessary to achieve the aforementioned purposes, all of which are based in the European Community/European Economic Area unless otherwise specified:
- to national and foreign bodies for the coordination, supervision and management of Internet networks;
- to companies and professionals whose services the Data Controller uses for advice or assistance in the performance of its commercial activity, as well as this website, in particular as regards suppliers of IT infrastructure and services, IT maintenance and security, and communication (e.g. chat), as well as social media used for commercial activity with its fanpage (i.e.: Facebook, Twitter, and the other social networks indicated on the website) as well as for compliance with the applicable regulations; in particular: Mailchimp for email services (owned by The Rocket Science Group), Google for the ReCAPTCHA service, Shopify and WordPress for platform and hosting services;
- to third parties (e.g. public bodies or state authorities) if this is necessary and indispensable (in any case functional) for the performance of the Controller’s activities, as required;
- bodies and authorities entrusted with the protection of the rights of the Controller or of third parties; consultants and collaborators of the Controller for the same protection.
An up-to-date and analytical list of data recipients is available from the Data Controller on request.
Unless otherwise specifically stated, the data will not be transferred or processed outside the European Community or any other place considered inadequate to comply with the relevant Community legislation. In this case, data may be transferred on the basis of standard European Commission clauses or other appropriate guarantees (ex Art. 46 GDPR) or on the basis of one of the exceptions under Art. 49 GDPR.
Similarly, the data will not be disseminated in any way (except as may be reported by the user himself on the public pages of the social networks used for contact or by means of pictures or audiovisuals authorised by the person concerned).
4) WHAT RIGHTS DO YOU HAVE WITH REGARD TO THE PROCESSING OF YOUR DATA?
You may address the Data Controller to assert the rights indicated in Art. 12-20 GDPR. Your rights are as follows:
- you have the right to request from the data controller access to your personal data, to ask for confirmation of its existence or otherwise, and to ask for it to be rectified or erased, or for the processing of your personal data to be restricted (temporarily blocked);
- YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THEIR PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION: (I) PROCESSING NECESSARY FOR THE PERFORMANCE OF A TASK CARRIED OUT IN THE PUBLIC INTEREST OR IN CONNECTION WITH THE EXERCISE OF OFFICIAL AUTHORITY, OR (II) IN THE CASE OF THE PURSUIT OF A LEGITIMATE INTEREST OF THE DATA CONTROLLER;
- if you have given consent for one or more specific purposes, you have the right to revoke that consent at any time;
- you have the right to the portability of your personal data (for those with a legal basis of contractual or consensual execution) by means of a request to the data controller, by means of communication of a file in .CSV format, or similar open interoperable format, depending on the type of data requested;
- you have the right to lodge a complaint with the following Control Authority: Personal Data Protection Authority (https://www.garanteprivacy.it); you may, however, alternatively lodge a complaint with the competent supervisory authority of the Member State where you habitually reside or work or of the place where the alleged infringement occurred.
Processing is carried out by means of automated processes that do not result in the profiling of data subjects.
The Owner’s services are reserved for persons of at least 18 years of age. Any data collected from minors, which were not requested, and later proved to be so, will be promptly deleted and not further processed.
5) WHO DID WE COLLECT YOUR DATA FROM AND WHAT TYPE DID WE COLLECT (IF NOT COLLECTED FROM THE DATA SUBJECT, E.G. CHAT OR SOCIAL MEDIA, ETC.) – EX ART. 14 GDPR?