PRIVACY POLICY ON PERSONAL DATA PROCESSING
pursuant to Article 13 of Regulation (EU) 2016/679 ("Privacy Policy")
This notice is provided pursuant to Regulation (EU) 2016/679 (hereinafter the "Regulation" or "GDPR") and describes the methods for processing the personal data of users who browse and use the following websites, accessible at the addresses:
(hereinafter also the "Website" or "Websites") or use the services offered through the Websites.
According to the current European Regulation on the protection of personal data no. 679/2016 ("GDPR"), the collection and processing will always follow principles of lawfulness, correctness and transparency.
After visiting the Website, data relating to the user accessing the Website (called the "Data Subject" as an identified, or identifiable, natural person) may be processed.
A. DATA CONTROLLER
The Data Controller is the company Casalini Libri S.p.a., with registered office in Fiesole (FI), Via Benedetto Da Maiano n. 3, postcode 50014, street directory 00480, VAT number 11005490963 (hereinafter, the "Data Controller"), email info@casalini.it
B. DATA PROTECTION OFFICER (DPO)
The Data Protection Officer (DPO) is Mr Massimo Di Menna (engineer). For all needs regarding the protection of personal data, including the exercise of the rights granted to the data subject by current legislation, please refer to the following contacts at the Data Protection Officer: massimo.dimenna@gruppoingegneria.it
C. TYPE OF DATA COLLECTED, PURPOSE, LEGAL BASIS AND STORAGE PERIOD.
1. Browsing Data
Personal Data may be collected independently by the Data Controller or through third parties.
In this case, the IT systems and software procedures used to operate this Website acquire certain technical and IT-related Personal Data of Users (e.g., IP address, browser type, operating system, domain name, and the addresses of websites from which the User accessed or exited, etc.), the transmission of which is inherent to the normal functioning of the internet.
Purpose: This Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the website and/or to check its correct functioning.
Storage: This Data will be deleted immediately after processing.
Legal Basis: The processing is carried out on the basis of the legitimate interest of the Data Controller to make the Website usable and safe to browse (Article 6, par. 1, letter f). Exclusively for the specific profiling activity, the explicit consent of the Data Subject is required (Article 6, par. 1, letter a).
2. Contacts by the User by email and telephone contact
The optional, explicit and voluntary sending of communications by email or telephone to the contact details indicated on this website entails the subsequent acquisition of the data communicated by the User, including their email address and telephone number, and the User's consent to receive any messages in response to their requests.
In this case, the provision of your email address and any other data you may provide is optional, but indispensable in order to be able to use the service and receive a reply to your request and, in their absence, we will not be able to proceed with processing.
Purpose:Personal data provided in this way is used solely for the purpose of fulfilling or responding to requests submitted and is only disclosed to third parties if this is necessary for that purpose.
Storage:The data is stored for the period necessary to process the request and in compliance with current laws and regulations.
Legal Basis:Processing is carried out for the fulfilment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Art. 6, para. 1, letter b).
3. Newsletters and commercial/promotional communications.
Where explicitly requested by the User, it is possible to provide your contact details in order to receive commercial and/or informative communications regarding the Data Controller's activity.
The provision of such data for these purposes is entirely optional but indispensable in order to be able to proceed with the provision of the promotional information service described above.
We use ActiveCampaign software to send you newsletters.
Purpose:Personal data provided in this way (first name, surname and email address) is used solely for the purpose of fulfilling or responding to requests submitted and is only disclosed to third parties if this is necessary for that purpose and only with the Data Subject's explicit consent.
Storage:The data is stored for the period necessary to carry out the activity for which it was provided and in any case, specifically for the purposes described above, no longer than two years as expressly provided for by law (unless the Data Subject renews their consent for use for other purposes as provided for by current legislation).
Disclosure to third partiesThis information may be transmitted and disclosed to third parties only if this is necessary for that purpose and only with the Data Subject's explicit consent.
Legal Basis: The processing is carried out on the basis of the explicit consent of the Data Subject (Article 6, par. 1, letter a).
4. Soft spam by the Data Controller regarding products/services similar or identical to those previously purchased
The Data Controller may send promotional communications by email to the User concerning Products and/or Services similar to those already purchased or re-propose the same without the need for the express and prior consent of the User pursuant to article 130, paragraph 4 of the Privacy Code, provided that the User does not exercise their right to object.
Legal Basis:this processing is based on art. 130, paragraph 4, of the Privacy Code as amended by Italian Legislative Decree no. 101 of 2018.
Storage:The Data used for sending "soft spam" communications is stored for the period necessary to carry out the activity for which it was provided (unless the Data Subject renews their consent for use for other purposes as provided for by current legislation). The possibility of exercising the right to object to the aforementioned processing, in an easy and free manner, is guaranteed at any time.
5. Account creation and execution of orders through the platform https://www.torrossa.com/it/
The User, by generating their account, provides the platform with the necessary data to enable them to place Orders in accordance with our Terms and Conditions. The data provided allows identification when accessing the account and gives transaction information when placing an order. Transaction information allows us to:
- a. Process the order and allow the Partner (Supplier) business to issue the fiscal receipt (invoice);
- b. The platform does not store information about your credit card;
- c. Notify the business of your order.
Purpose: Personal data provided in this way is used solely for the purpose of executing the contractual relationship that arose with the purchase of products from the online shop.
Storage: processing is carried out for the fulfilment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Art. 6, para. 1, letter b).
Legal Basis:Data provided for the creation of the account is stored for as long as necessary to fulfil the purposes arising from the contract.
6. Management of payments
Banca Sella
Payment management services allow the website to process payments by credit card, bank transfer or other means. The payment data will be processed by the Data Controller exclusively for the purpose indicated by the User during transmission, i.e., for the execution of the order; upon completion of the transaction the data will be deleted, unless specifically requested by the User. In the event that the data used for payment is acquired directly from the operator of the payment service requested, such data will not be processed in any way by this website. Some of these services may also allow the programmed sending of messages to the User, such as emails containing invoices or payment notifications.
PayPal
PayPal is a payment service provided by PayPal Inc. that allows the User to make online payments by entering their PayPal login credentials.
Personal data collected: Various types of data as specified in the service privacy policy. Privacy Policy on the website paypal.com
7. Links to other websites
The Website may include hyperlinks to other websites. By clicking on one of these links, the user may be redirected to another website or another Internet source that may collect information about the user through cookies or other technologies.
The Data Controller assumes no responsibility or authority over these other websites or Internet resources, nor over their collection, use, or disclosure of the User's personal data. You should check the privacy statements of these other websites and Internet sources in order to judge whether they act in accordance with privacy legislation.
8. Integration of social media plugins
We have integrated social media plugins (Instagram, Facebook, Twitter and LinkedIn) on the website. This means that when you click or tap one of the buttons (for example, the Facebook "Like" button), some information is shared with the social media service providers.
If you are logged into your social media account when you click or tap one of these buttons, the social media provider may link this information to your social media account. Depending on your settings, they may also show these actions on your social media profile, which will then be visible to other users in your network.
This Website uses technical, tracking and profiling cookies. For details, please refer to the appropriate cookie policy.
D. DATA RECIPIENTS
The personal data collected are processed by the Data Controller's staff, who act with specific authorisation, on the basis of specific instructions provided for the purposes and methods of the processing itself.
Furthermore, the persons designated as data processors pursuant to Article 28 of the GDPR or sub-processors, which the Data Controller uses to provide the services and to carry out the activities within their competence, may be recipients of the data collected following consultation of the Website or use of the services within the limits of their respective assignments.
The relevant list can be requested from the Data Controller using the contact details in section A.
If a data processor is designated through the services offered by the Website pursuant to Article 28 of the GDPR or sub-processor, the data will be communicated to its Data Controller and/or its data processor.
E. DATA TRANSFER
The personal data provided will not be transferred abroad.
F. RIGHTS OF DATA SUBJECTS
Data subjects - the identified or identifiable natural persons to whom the data refer - may exercise specific data protection rights, which are listed below:
a) right of access: the right to obtain from the Data Controller confirmation as to whether or not personal data is being processed and, if so, to obtain access to personal data and detailed information on the origin, purposes, categories of data processed, recipients of communication and/or transfer of data, and so on;
b) right of rectification: the right to obtain, from the Data Controller, the correction of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by provision of an additional declaration;
c) the right to deletion ("the right to be forgotten"): the right to obtain from the Data Controller the deletion of personal data without undue delay where: i. the data is no longer necessary in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data has been processed unlawfully; iv. the personal data must be deleted in order to comply with a legal obligation;
d) right to object to processing: the right to object at any time to the processing of personal data whose legal basis is a legitimate interest of the Data Controller.
e) right to limit the processing: the right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is illegal and/or the data subject has objected to the processing;
f) right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and only for data processed by electronic means;
g) right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that processing operations concerning them are in breach of the Regulations shall have the right to lodge a complaint with the supervisory authority of the Member State in which that person resides or habitually works, or of the State in which the alleged breach occurred.
The rights can be exercised by contacting the Data Controller using the contact details indicated in sections A and B, which are listed once again below:
- Data Controller info@casalini.it
- DPO: massimo.dimenna@gruppoingegneria.it
|