Skip to content Skip to footer

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF THE WEBSITE

www.proseccoserre.com

art. 13 – 14 REG. (UE) 2016/679

Document creation: 22nd January 2024

WEBSITE INFORMATION MOD. 1 For any clarification, information, exercise of the rights listed in this notice  please contact us by email:info@proseccoserre.com
Please indicate in the subject line of the communication: ‘Website Privacy Request’. The information below may be subject to change due to the introduction of new legislation or as a result of changes to the website, so please visit this section periodically for updates.

GENERAL INFORMATION ON REGULATION (EU) 2016/679. European Regulation No. 679 of 2016 lays down rules to protect and safeguard natural persons with regard to the processing of their personal data. This privacy policy refers exclusively to the website indicated in the epigraph. The websites of third parties that can be accessed through this website are not covered by this policy: the Data Controller declines all responsibility for them. In accordance with the law, the processing of personal data is based on the principles of lawfulness, correctness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality of the data subject and protection of his/her rights: the Data Controller undertakes to observe the aforementioned principles and, also for this purpose, hereby informs the data subject that, with the exception of those processing operations for which the law provides for his/her explicit consent, by browsing this website, uploading or providing personal data, the data subject accepts and agrees to be bound by the terms and conditions set out in this information notice.

DATA CONTROLLER – Art. 24 GDPR. The Data Controller (or only Controller) is the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. He is also the one who deals with security profiles. With regard to the processing of the personal data of the data subject carried out through this website, the Data Controller is

SERRE S.R.L.

Via Casale Vacca n. 6

31050 Combai di Miane (TV)

VAT: IT03141470264

Email:  info@proseccoserre.com

For any clarification or exercise of the rights of the person concerned, please contact the addresses already indicated.

DATA SUBJECT TO PROCESSING – Article 4(1)(a) GDPR. The ‘data subject’ is the natural person, identified or identifiable, to whom the personal data refer. This is, in short, the person who provides the Data Controller with his/her personal data and who, therefore, is protected and safeguarded by the aforementioned European Regulation. With respect to this website, the data subject is the user, i.e. the natural person who carries out browsing activities. Furthermore, the purchaser, i.e. the natural person who purchases the product via the online shop, is also the data subject.

AGE REQUIREMENTS – DATA OF MINORS. 

General rule. Minors (persons under the age of eighteen or otherwise under the law of their country) may not purchase online from this Site. Underage users are therefore advised not to subscribe to any services and not to proceed with a purchase. This prohibition is extended to all those who cannot legitimise the contract due to their legal impediments. 

Privacy Rule. The Data Controller is not responsible for the possible collection of data from such persons, since this responsibility remains with the holders of parental responsibility for lack of supervision. In any case, if the Data Controller considers that any data unintentionally collected refers to underage subjects, it shall proceed without delay to their destruction.

PURPOSE OF THE PROCESSING AND CATEGORIES OF DATA PROCESSED- art. 13 par. 1 lett. c) GDPR. In addition to browsing data, the Data Controller uses only the data strictly necessary to carry out the processing operations, which are indicated with an asterisk (*) in the spaces provided on the website. The data provided will be used only and exclusively to achieve the purposes set out in the following points (by way of example: the data provided to request information on the Controller’s activities will be used only to reply to the request and not for different purposes, unless the data subject gives his/her consent or the Controller has a legitimate interest in using the data for different purposes). 

The reasons and grounds for which the Controller processes the user’s personal data are listed below, according to purpose.

(1) To enable navigation on the website.

No identification data will be collected through simple navigation. However, for the normal operation of the website it is possible that the computer system acquires certain information whose transmission is implicit in internet communication protocols (e.g. log files, IP internet protocol address). Furthermore, through the use of cookies, information will be collected that the user does not directly provide. In any case, this is information that is not collected for the purpose of making an association with identified interested parties, but which nevertheless, given its very nature, could allow third parties to identify the user, through processing and association with other data already in their possession. Information on cookies. Information on cookies and on automated systems similar to cookies is made available to the user by clicking on the appropriate link called “COOKIE POLICY” on the website (see the cookie policy also published at the end of this document).

(2) To respond to requests for information. 

The website indicates the contact details of the data controller (e.g. email, registered office, landline, mobile phone, WhatsApp contact, other possible). The user who uses these contact details to gather information on the Controller’s activity, provides the Controller with his personal data (such as first name, last name, biographical data, WhatsApp image), which will be processed exclusively for the purpose of responding to requests for clarification, doubts, other regarding the execution of pre-contractual or contractual measures.

(3) To fulfil legislative obligations.

The data provided by the data subject shall be used to fulfil legislative obligations under national, European or supranational legislation.

(4) For the purposes of ascertaining, exercising or defending rights.

The data provided by the data subject will also be processed, if necessary, for the establishment, exercise or defence of the Controller’s rights in extrajudicial and/or judicial proceedings.

(5) For sending advertising communications (defined as “Direct Marketing” or “Newsletter”).

The information referred to in this point 5) shall apply whenever, while browsing the website, the user is asked to provide his/her data and consent to receive “Direct Marketing” or “Newsletter” communications. By consenting to such processing, the user may receive, from the Controller, advertising material or commercial communications, offers and promotions, direct sales communications or for carrying out market research or opinion polls (henceforth, collectively referred to as “direct marketing” or “Newsletter” activities). The purpose of the processing is to carry out ‘direct marketing’ activities towards the user.

(6) For the purpose of responding to information requests made by the user via the contact form.

The user’s data (e.g. name, email, telephone, other) provided by filling in the above form shall be processed by the Controller for the purpose of processing the request for information.

(6a) For the purpose of registering one’s personal account.

You are not required to register your personal account in order to make a purchase. Purchasing is also permitted for the non-registered user. However, registering a personal account allows the user to monitor his or her own position, including by checking purchases already made.

(7) For the purpose of finalising and executing the purchase contract, by means of the purchase form.

In order to proceed with the purchase of the product or service, the person concerned is required to provide his or her personal data (name, surname, delivery address, other), which will be processed by the Data Controller for the purpose of finalising the sale contract as well as for the execution thereof. The aforementioned data may also be processed by the Controller for the management of returns, withdrawals, guarantees, and in any case for accounting and tax purposes. The bank data of the person concerned will not be processed by the Controller but by the third party handling the transactions (i.e. your own bank or PayPal.) The user is advised to read the privacy policy of the third party providing the service. In the case of ‘shipping to a different address’, the purchaser may enter data in the form also referring to a natural person other than himself. With reference to such data, processing by the Controller is carried out in accordance with the rules set out in point (7) of this privacy policy, and the purchaser, by clicking on the button to purchase the goods, declares and confirms that he has provided this privacy policy to the natural person other than himself before concluding the order.

LEGAL BASIS – Article 13(1)(c) GDPR. The numerical order above is followed.

(1)Depending on the case, the legal basis could lie in the consent pursuant to Art. 6 para. lett. a) GDPR or Art. 22 GDPR (see Cookie Policy) or on legal obligations and/or legitimate interests of third parties (Art. 6 para. 1 lett. c) and f) GDPR) (see processing carried out by law enforcement agencies for purposes of justice).

(2)The legal basis lies in the execution of pre – contractual or contractual measures taken at the request of the data subject (Art. 6 par. 1 lett. b) GDPR).

(3)The legal basis for such data processing lies in the fulfilment of a legal obligation to which the Data Controller is subject (Art. 6 para. 1 lit. c) GDPR).

(4)What legitimises such processing is the legitimate interest of the Data Controller (Art. 6(1)(f) of the GDPR). Indeed, should a dispute/litigation/reasoning arise between the data subject and the Controller, the latter will be legitimised to process the data subject’s data in order to assert its own reasons.

(5) The legal basis lies: 

(i) in the (optional) consent ex art. 6 par. 1 lett. a) GDPR of the data subject;

ii) in art. 130 par. 4 new Privacy Code, but only in the case of processing by e-mail and for sending communications concerning services similar to those already “sold” to the Customer; 

(iii) in the legitimate interest under Art. 6 para. 1 lit. f) (in combination with Recital No. 47 GDPR) when the data subject expects such processing by the Controller and this does not infringe his rights and freedoms.

(6) The legal basis lies in the execution of pre-contractual or contractual measures taken at the request of the data subject (Art. 6 para. 1 lit. b) GDPR).

(6a) The legal basis lies in the (optional) consent under Article 6(1)(a) GDPR of the data subject.

(7) This processing is carried out on the basis of Art. 6 para. 1 lit. B) GDPR, i.e. for the performance of a contract to which the data subject is a party.

PERIOD OF DATA STORAGE – art. 13 par. 2 lett. a) GDPR. The numerical order above is followed.

(1)Except as discussed regarding cookies or other cookie-like tools, this Data Controller does not retain any data potentially provided through mere browsing.

(2)The data subject’s data will be retained for the time necessary to carry out the service of issuing information: once this period has expired, the data will be deleted.

(3)The retention period dependent on the standard applied by the Controller at the time of processing.

(4)The Data Controller retains the data of the data subject for this purpose only if there is a reasonable likelihood of judicial action.

(5) In riferimento a tale punto:

(i) In the case of consent, the data will be retained for that purpose until consent is revoked under Article 7 GDPR. Revocation of consent will not affect the lawfulness of the processing based on the consent before revocation;

(ii) – (iii) on the other hand, in the case of processing carried out in accordance with Art. 130 para. 4 new Privacy Code and Art. 6 para. 1 lett. f) the data will be kept for this purpose until the objection under Art. 21 GDPR by the data subject, to be asserted from the beginning of the processing or during its protraction.

(6) as point 2).

(6a ) Data related to the registration of your personal account will be retained for this purpose until you revoke your consent under Article 7 GDPR. Revocation of consent shall not affect the lawfulness of the processing based on the consent before revocation;

(7) The data of the data subject, provided for the completion and execution of the contract of sale and purchase, will be kept for the maximum period of 10 years starting from the conclusion of the contract, and this for legal, tax and accounting protection requirements to which the Data Controller is subject by law.

COMPULSORINESS OF CONFERMENT

CONSEQUENCES IN CASE OF NON-DELIVERY 

MODALITIES OF THE PROCESSING – art. 13 par. 2 letter e) GDPR. The numerical order above is followed.

(1) Interested parties are not obliged to provide their data. Failure to provide it does not allow navigation. Processing carried out exclusively by means of computer systems (software).

(2) The interested party is not obliged to provide data. Failure to provide does not allow the user to receive the requested information. Treatment carried out through email, telephone, paper mail, App.

(3) The system depends on legal obligations; in fact, it is the legislative framework that provides for the manner in which processing is carried out (see, for example, on electronic invoicing).

(4) Processing carried out by means of computer systems (e.g., by use of email, pec, telematics platform, management systems, other) and paper-based systems (e.g., by drafting court documents, notices, printing of documents, paper mail, other). Sometimes, the system depends on legal obligations (see PCT).

(5) The provision of personal data is not mandatory. In case of failure to provide data to receive communications on marketing, the data subject will not be able to collect more information about the products and services that performs the Owner, other. With regard to the methods of processing, the communications having as their object “Direct Marketing” are carried out through “automated” systems (such as, for example, by email, fax, text message, telephone calls without the aid of an operator, social networks, interactive applications such as WhatsApp, push notifications) and through “traditional” systems (such as, for example, by paper mail and/or calls with an operator). It should be noted that the consent collected for the performance of processing by “automated systems” legitimizes the Data Controller to use the same data also for the performance of communications by “traditional systems.” In any case, the data subject has the right to object to any unwanted mode of processing (for example, by expressing his or her desire to want to receive only email communications). In the case of the processing of sending communications carried out by telephone operator, such processing is precluded with respect to the data subject who was registered in the Register of Oppositions.

(6) The data subject is not obliged to provide the data. Failure to provide it does not allow the user to receive the requested information. The processing is carried out with computer systems.

(6a) The provision of personal data for this purpose is not mandatory. Failure to provide data precludes the person concerned from monitoring his or her own position via a personal account, but does not affect the purchase, which is also permitted to the guest. This processing is carried out by means of computer systems.

(7) The provision of personal data for this purpose is not obligatory. Failure to provide the data does not allow the data subject to purchase the product. This processing is carried out using computer systems (e-commerce platform), but also on paper (with possible printing of the order).

DIFFUSION AND COMMUNICATION OF DATA – art. 13 par. 2 letter e) GDPR. Data will not be disseminated but communicated to those formally appointed as data processors (e.g., employees or collaborators) or designated as data processors (e.g., company providing the hosting service). 

In the case of issuing a comment, the data will be published on the site and thus made visible to users.

To comply with legal or contractual obligations, the data subject’s data may be disclosed to the following entities: 

(i) to insurance institutions in the case of claims;

(ii) to public entities where required by law;

(iii) to Lawyers, Law Enforcement Agencies, Judicial Authorities (for example) in the case of wrongdoing, breach of contract, other legally relevant fact caused by the data subject or by the Data Controller itself against the data subject.

For more information on the persons in charge or those responsible for processing, please contact the Owner at the email address indicated in the epigraph.

PLACE OF DATA PROCESSING AND TRANSFER OF DATA TO NON-EU COUNTRIES – art. 13 par. 1 letter f). Data processing is carried out at the registered office of the Data Controller as well as at the places of work or data processing connected to the persons designated as data processors (with server location in the EU). The Controller undertakes not to transfer user data to countries outside the EU. In the case of transfers, the Controller guarantees the application of the rules set forth in Articles 44 et seq. of the GDPR. For any information, please contact the email address already reported.

RIGHTS OF THE DATA SUBJECT. The right of the data subject to ask the data controller for access to personal data, i.e., to know what data the data controller processes (Art. 15 GDPR); the right to obtain rectification, i.e., the right to have one’s data changed if they have changed (Art. 16 GDPR); the right to restriction of processing concerning him or her, i.e., to limit the data controller’s use of the data (Art. 18 GDPR); the right to object, on legitimate grounds, to their processing (Art. 21 GDPR); the right to data portability, i.e., the right to receive all personal data processed by the data controller in a structured, machine-readable format (Art. 20 GDPR); the right to request deletion of one’s data from the data controller (Art. 17 GDPR); the right to revoke at any time the explicit consent previously given, without prejudice to the lawfulness of the processing carried out up to that moment (art. 7 – 13 GDPR); the right to lodge a complaint with the Data Protection Authority in case of violations of the regulations (art. 77 GDPR).

COOKIE POLICY. Information about cookies and cookie-like automated systems is made available to the user by clicking the appropriate link called “COOKIE POLICY” located in the footer of the website. For completeness, the Data Controller at the conclusion of this Website Privacy Policy also provides the aforementioned Cookie Policy.

For any information, clarification, exercise of rights please contact the Holder at the above email address.