Pursuant to the aforesaid regulation, data processing means any single operation or set of operations, whether or not by electronic or automated means, involving the collection, recording, organisation, storage, processing, alteration, selection, retrieval, comparison, use, interconnection, blockage, communication, disclosure, erasure and dissemination of data.
In compliance with the provisions of the new Regulation regarding personal data protection, we inform you as follows:
1. Data Controller
The data controller is TINAZZI S.r.l., tax and VAT no. IT00107370231, with head office in Via delle Torbiere, 13, 37017 Lazise (VR), who will use the data for the purposes indicated below. For further information please contact us by email at: firstname.lastname@example.org.
2. Data processed
The personal and master data we collect (name, surname, email) are provided by the user when they register with our website www.tinazzi.it, and send a contact request.
3. Purposes of the processing
Personal data are processed for the purposes that are related or instrumental to the business of TINAZZI S.r.l., including storage in the company database or for direct mail marketing. In particular:
A. Without express consent from the data subject:
• To receive an email sent using the contact form. When filling in the contact form, certain personal data are requested (company or name and email address) that will identify the user in order to send a reply to the given email address.
B. With the express consent from the data subject:
• To register with the newsletter service provided by the Data Controller.
4. Processing method
The personal data are processed based on correctness, legality and transparency. Our company guarantees that all data processing, with or without the use of electronic or automated means, is performed using tools that are appropriate to guarantee the security and privacy of the data subject. This is achieved by means of appropriate procedures that prevent the risk of data loss, unauthorized access, illegal use and distribution, in compliance with the restrictions and terms established in EU Regulation 2016/679.
Personal data are processed using printing, electronic and/or automated methods.
The data are processed by our staff, within the performance of our mandate.
5. Data access
The parties that could learn of the user’s personal data in their capacity as processors or assignees (as per article 13(1) of the GDPR) are:
• The Data Controller
• The Data Controller’s staff in order to satisfy the user’s requests (registration with the website, registration with the newsletter, and reply to a request for information).
• Parties that provide electronic data processing services and information management services as indicated in paragraph 3.
The personal data will not be disclosed to third parties.
6. Data communication
The data could be communicated to Supervisory Authorities, Judicial Authorities or other third parties that the data has to be communicated to by law, including for the prevention/repression of any illegal activities related to the site access and sending a request.
7. Data transfer
The personal data are processed and stored on servers, located in Italy, of the Data Controller and/or third companies. However, it is understood that, if necessary, the Data Controller has the faculty to move the servers outside the EU. In this case, the Data Controller hereby guarantees that data transfer outside the EU will take place in compliance with applicable legal dispositions.
8. Data retention period
The personal data of website users who send an information request using the contact form will be conserved only for the time strictly needed to satisfy their request, and for the purposes indicated in paragraph 3.
The data collected for registering with the website and newsletter service are stored in the company database and conserved for as long as the service lasts, after which they are deleted or made anonymous within the term established by law.
Should a data subject revoke consent for a specific type of processing, the data are deleted or made anonymous within 72 hours from receipt of the revocation.
Pursuant to art. 13(2)(f) of the Regulation, we inform you that none of the collected data will be included in any sort of automated decisional process, including user profiling.
9. Data subject’s rights
Users are free at any time to exercise their rights as defined in articles 13(2), 15, 18, 19 and 21 of the GDPR, which are summarized as follows:
• The data subject has the right to obtain confirmation as to whether or not personal data concerning him or exist, even if not yet communicated, and receive a legible copy of the data.
• The data subject has the right to request the Data Controller to grant access to his or her personal data, and to integrate, amend, delete or limit the data, or oppose the processing, and the right to request the data be transferred.
• The data subject has the right to put forward a claim to the Privacy Guarantor, following the procedures and indications published in the authority’s official website www.garanteprivacy.it; Exercising these rights is not subject to any formal limitation and is free of charge.
Upon receipt of this statement, it is understood that consent is given to the personal data processing as indicated above.
10. Method for exercising these rights
Users can exercise their rights at any time by sending an email to email@example.com. Or by letter to: TINAZZI S.r.l. Via delle Torbiere, 13 37017 Lazise (VR)