Pursuant to art. 13 and 14 of Regulation 2016/679/EU (hereinafter “GDPR”) Giuliano Mazzuoli srl, in the person of its pro tempore legal representative, with registered office in Via Leonardo da Vinci, 118/3 – 17, Barberino Tavarnelle (FI) – Italy, VAT number IT 05411380487, email: firstname.lastname@example.org (hereinafter “Data Controller”), in its capacity as “Data Controller” informs you that your personal data collected for the purpose of concluding the contract with the Customer and/or in the context of the execution and/or stipulation of the same and/or for the purposes of the services offered by the Data Controller will be processed in compliance with the aforementioned legislation in order to guarantee the rights, fundamental freedoms, as well as the dignity of individuals with particular reference to confidentiality and personal identity. We inform you that if the activities provided to you allow for the processing of personal data of third parties provided by you, it will be your responsibility to ensure that you have complied with the provisions of the law regarding the interested parties in order to make their processing legitimate by our part.
Data provided through this website
Personal data (such as name and surname, address, email, etc. …) that you will provide through the forms on the website or via email (such as for example those relating to the registration and/or purchase of the services offered and/or the e-commerce area) will be processed by the Data Controller indicated above in compliance with EU Regulation 2016/679/EU.
Origin, purpose, legal basis and nature of the data processed
The processing of your personal data, and/or details provided by you directly is carried out by the Data Controller for the purpose of concluding the contract with the Customer and/or in the context of the execution and/or stipulation of the same and/or for the purposes of services offered by the Data Controller.
In compliance with current legislation on the protection of personal data and without the need for specific consent from the interested party, the data will be stored, collected and processed by the Data Controller for the following purposes:
- a) fulfillment of contractual obligations, execution and/or stipulation of the contract with the Customer and/or management of any pre-contractual measures, as well as access to the services offered by the Data Controller;
- b) fulfillment of any regulatory obligations, tax and fiscal provisions deriving from the conduct of business activities and obligations related to administrative and accounting activities;
- c) communication of data to third parties for the fulfillment of contractual obligations, execution and/or stipulation of the contract with the Customer and/or management of any pre-contractual measures;
- d) disclosure of data to third parties for any regulatory obligations, fiscal and tax provisions arising from the performance of the business and obligations related to administrative and accounting activities.
- e) sending newsletters and communications for direct marketing purposes via email in relation to the services provided by the Data Controller;
The legal bases of the processing for the purposes outlined in point a), b), c) and d) indicated above are the articles. 6.1.b) and 6.1.c) of the Regulations.
The provision of data for the aforementioned purposes is optional, but failure to provide the data and refusal to provide it would make it impossible for the owner to execute and/or stipulate the contract and provide the services requested by the same.
The legal basis for the processing of personal data for purposes e) is art. 6.1.a) of the GDPR as the treatment are based on consent; it is specified that the Data Controller may collect a single consent for the purposes described therein pursuant to the General Provision of the Guarantor for the Protection of Personal Data “Guidelines on promotional activities and the fight against spam” of July 4, 2013. The provision of the consent to the use of data for marketing purposes is optional and if the interested party wishes to oppose the processing of data for marketing purposes carried out with the means indicated here, as well as revoke the consent given, they may do so at any time without any consequence (except for the fact that it will no longer receive marketing communications) by following the instructions in the “Rights of the interested party” section of this Information.
Finally, we remind you that for the treatment carried out for the purpose of sending direct advertising material or direct sales or for carrying out market research or commercial communications in relation to products or services similar to those used by the Customer, the Company may use e-mail addresses or personal data pursuant to and within the limits permitted by art. 130, paragraph 4 of the Code and the provision of the Guarantor Authority for the Protection of Personal Data of June 19, 2008 even in the absence of explicit consent. The legal basis for data processing for this purpose is Art. 6, paragraph 1, Letter f) of the GDPR, without prejudice to the possibility of opposing such processing at any time following the instructions in the “Rights of the interested party” section of this Notice.
The data may be disclosed to third parties appointed as data processors pursuant to Article 28 of the GDPR and/or to banking institutions, to companies active in the insurance field, to suppliers of services strictly necessary for the performance of the business activity, or to consultants of the company where this proves necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations.
Your personal data, or the personal data of third parties in its ownership, may also be communicated to external companies, identified from time to time, to which the Data Controller entrusts the execution of obligations deriving from the assignment received to which only the data necessary for the activities required of them will be transmitted. All employees, consultants, temporary workers and/or any other “natural person” who carry out their business on the basis of the instructions received from the Data Controller, pursuant to Art. 29 of the GDPR, “subjects authorized to process”, internal delegates or external managers are appointed. To these subjects, possibly designated, the Data Controller gives adequate operating instructions with particular reference to the adoption and compliance with security measures in order to guarantee the confidentiality and security of data. Precisely with reference to the protection aspects of personal data, the Customer is invited, pursuant to Art. 33 of the GDPR to report to the Data Controller any circumstances or events from which a potential “breach of personal data (data breach)” may arise in order to allow an immediate assessment and the adoption of any actions aimed at countering this event by sending a communication to the Owner at the addresses indicated below.
The data will not be disclosed.
The Controller’s obligation to communicate data to Public Authorities on specific request remains unaffected.
If you execute an order from Italy, your personal data will not be transferred abroad.
If you execute an order from abroad, the transfer abroad of your personal data can only take place if it is necessary for the management of the assignment received. For the processing of information and data that will eventually be communicated to these subjects, the equivalent levels of protection adopted for the processing of personal data will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory instruments provided for by Chapter V of the GDPR will be applied.
Methods, logics of processing and storage times
Your data is collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and requirements set out in Art. 5 c 1 of the GDPR.
The processing of personal data takes place using manual, IT, and telematic tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee their security and confidentiality.
Personal Data will be processed by the Data Controller for the entire duration of the assignment and also subsequently to assert or protect their rights or for administrative purposes and/or to execute obligations deriving from the applicable pro tempore regulatory and regulatory framework and in compliance with specific legal obligations on data retention.
Nature of the provision
In relation to the aforementioned purposes, the provision of your data is not mandatory, but it is essential for the execution of the assignment between you and the Data Controller and to allow the Data Controller to comply with the obligations provided for by the applicable regulations: failure to provide the data themselves and the refusal to supply them would make it impossible for the Company to execute and/or stipulate the contract and provide the requested services.
Rights of the interested party
In compliance, within the limits and under the conditions provided for by the legislation on personal data protection regarding the exercise of the rights of the interested parties with regard to the treatments covered by this Notice, as an interested party you have the right to request confirmation that it is or is not your personal data that is being processed, access your personal data and in relation to them you have the right to request their rectification, cancellation, notification of corrections and cancellations to those to whom the data were eventually transmitted by Data Controller, the limitation of processing in the cases provided for by the law, the portability of personal data – provided by you – in the cases indicated by the law, to oppose the processing of your data and, specifically, have the right to oppose decisions that concern you if based solely on automated processing of your data, including profiling. In the event that you believe that the treatment that concern you violate the rules of the GDPR, you have the right to lodge a complaint with the Guarantor pursuant to Art. 77 of the GDPR.
If you intend to request further information on the processing of your personal data or for the possible exercise of your rights, you can contact email@example.com by email in writing.
The Data Controller, pursuant to Art. 4 of the GDPR is Giuliano Mazzuoli srl, in the person of its pro tempore legal representative, with registered office in Via Leonardo da Vinci, 118/3 – 17, Barberino Tavarnelle (FI) – Italy, VAT number IT 05411380487, email: firstname.lastname@example.org.
With best regards,
The Data Controller