The Owner acts as Data Controller in compliance with Article 4 (7) of the Regulations with reference to user data and navigation data.
According to the rules of the Regulations, the processing carried out by the Data Controller will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
1. What is personal data? Which data do we process?
“Personal Data” means any information suitable for identifying, directly or indirectly, a physical person, in this case You who are browsing the Site.
In particular, Personal Data processed through the Site are:
a. Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified interested parties. However, because of its very nature, such information could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses. Also, these data are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes carried against the site or third parties.
b. Data provided by you on the Site on a voluntarily basis to take advantage of our services
Pois a righe directly collects your data (eg personal data and identifiers, contact data, purchase data, payment data) in order to satisfy the requests formulated by you. In this regard, on the site there are different forms, which are required to be filled in by the user, in order to be able to manage and follow up the requests formulated by the same.
d. Purpose, legal basis and detailed explanation
Below we indicate the purposes for which we will use your personal data as Data Controller, the legal basis pursuant to Article 6 of the Regulations and a brief explanation of each purpose.
|a) Access to services (e.g. e-commerce) provided by Pois a righe
|Execution/Implementation of the contract and / or pre-contractual measures
|We will process your personal data on the basis of the established (and/or establishing) contractual relationship.
|Implementation of pre-contractual measures
|We will process your personal data in case that you have requested information through the form in the “Contact” section.
|c) Newsletter, communications containing promotional content
d) Conservation of accounting records
e) To Detect or prevent fraudulent activity, and to verify solvency
Obligation under the applicable Law
Legal Obligation and legitimate interest
|We will process your personal data in order to send the newsletter and to send – via automated means (e-mail, SMS) – communications with promotional, informative and / or advertising content in relation to Pois a righe’s products or services.
We will process your personal data in order to fulfill any legal, accounting and tax obligations.
|f) Compliance with orders from judicial authorities or other public authorities
3. What happens if you decide not to provide us with your data?
The provision of your personal data for the purposes a) and b) is optional. However, in the absence, we will not be able to provide you with our services.
The provision of your personal data for the purpose c) is optional. Failure to provide consent does not prevent you from using our services.
The provision of your personal data for the purposes d), e) and f) is mandatory as it is necessary to fulfill legal obligations.
4. To whom we communicate your data
Your Personal Data may be shared, for the purposes referred to in Section 2 above, with:
• persons, companies or professional firms that provide assistance and advice on accounting, administrative, legal, tax, financial matters relating to the provision of the Services;
• subjects with whom it is necessary to interact for the provision of the Services (e.g. hosting providers, banks, carriers) or subjects delegated to perform technical maintenance activities (including maintenance of network equipment and communication networks);
• subjects, bodies or authorities to whom it is mandatory to communicate your personal data in accordance with the provisions of law or orders of the authorities;
• persons authorized by the Data Controller to process Personal Data in order to carry out activities strictly related to the provision of the Services, which are committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g. employees and collaborators of the Data Controller).
5. Redirect to external sites
The Site makes use of the so-called Social plug-ins, that is tools that make it possible to incorporate the features of social networks directly within a website.
Each of the social plug-ins on the Site is identified by the logo owned by the platform. If the user interacts with the plug-ins, the information referring to the data subject is directly communicated to the social network, which treats your Personal Data as an independent Data Controller.
Currently Pois a righe makes use of social plug-ins/logins belonging to the following social networks:
Facebook Inc. – Instagram, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Here attached is the link to the statement on the processing of data on Facebook and Instagram:
Data protection notice on Facebook
Data protection notice on Instagram
6. Transfer to third countries
Your personal data are not shared with subjects outside the European Economic Area; should this occur, we ensure that this is done in compliance with Regulations 679/2016, through the adoption of precautions that provide for the transfer of your personal data only to countries subject to an adequacy decision, on standard contractual clauses approved by the European Commission, on consent or on another suitable legal basis.
7. How we protect your data
Your personal data is transmitted securely by encryption. This also applies to your order and to your customer login. For this purpose we use the SSL (Secure Socket Layer) encryption system. We also protect our web pages and other systems by means of technical measures against loss, destruction, access, tampering or disclosure of your data by unauthorized persons.
8. Data retention
Personal data will be kept only for the needs related to each of the purposes referred to in paragraph 2 and in compliance with the principle of minimization.
We may require your data to the scope of article 2946 of the Italian civil code (to defend your or our rights), and to comply with the obligations to maintain the accounting records. Therefore, we keep this data for as long as necessary and in any case no later than 10 years.
We also keep your data whenever required by law or by an order of public authorities.
Further information on the data retention period and the criteria used to determine such periods can be obtained by writing to: email@example.com
9. Your rights
You have the right to access data concerning you at any time, pursuant to art. 15-22 GDPR. In particular, you can request access to the data (Article 15 of the Regulations), the amendment (Article 16 of the Rules), the cancellation (Article 17 of the Regulations), the limitation of the processing of the data in the cases provided for by art. 18 of the Regulations, the portability of data concerning you in the cases provided for by art. 20 of the Regulations, as well as proposing a complaint to the competent supervisory authority (Guarantor for the Protection of Personal Data). You also have the right to revoke your consent at any time, pursuant to Article 7 of the Rules; it is specified that the withdrawal of consent does not prejudice in any case the lawfulness of the treatment based on the consent prior to the revocation.
You can make a request to oppose the processing of your data pursuant to art. 21 of the Regulations in which to give evidence of the reasons justifying the opposition. The Owner reserves the right to evaluate your request, which would not be accepted if there are legitimate reasons prevailing over your interests, rights and freedoms, and therefore that would entail to proceed to the treatment of your personal data.
For any information and/or needs, as well as for the exercise of the rights referred to, we are at your disposal at the e-mail address: firstname.lastname@example.org