Privacy Policy
INFORMATION ON THE PROCESSING OF CUSTOMERS’ PERSONAL DATA PURSUANT TO REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF APRIL 27TH 2016 ON THE PROTECTION OF PERSONAL DATA “GDPR”
In relation to the provisions of Regulation EU 2016/679 (European Regulation on the protection of personal data), we hereby provide the necessary information regarding the processing of personal data provided by the customers. This information is given in accordance with Article 13 of Regulation EU 2016/679 (European Regulation on the protection of personal data) and with Article 13 of Legislative Decree 30.6.2003 no. 196 (Privacy Code).
Purpose of data processing.
The personal data provided will be processed in compliance with the conditions of lawfulness pursuant to Article 6(b) of Regulation EU 2016/679, namely for the purchase of services and goods offered by the Company; to receive updates on promotions and offers reserved for loyal customers; to promote the Company, its brand, and its products and services through the web and mass media; for possible marketing activities and for the eventual transfer of data to third parties for marketing purposes; and for other activities more specifically:
– Registration in the Customers list;
– Purchase of services and goods offered by the Company;
– Information about activities and other proposed initiatives;
– Possible completion of a data collection form (paper or digital) for sending an information request to the Data Controller;
– Compliance with legal and contractual obligations and administrative-accounting purposes. For the purpose of applying personal data protection regulations, processing for administrative-accounting purposes includes activities related to organizational, administrative, financial, and accounting matters, regardless of the nature of the processed data;
– Compliance with legal obligations, regulations, community legislation, or orders from authorities (such as anti-money laundering laws);
– Exercising the rights of the data subject and the controller, and for legal defense.
Personal data will be retained only for the period necessary for the above-mentioned purposes and for up to 10 years after their conclusion, after which they will be destroyed, including any original copies , if stored.
Data processing methods.
a) Processing is carried out through operations or a set of operations specified in the GDPR: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Profiling of the data subjects and their data for marketing purposes is possible.
b) Operations may be carried out with or without the use of electronic or automated tools. The personal computers and devices used for managing personal data are protected by antivirus systems to ensure their protection. Original paper records are located at the Company’s headquarters and are exclusively available to the Data Controller. The data are shared with the Data Processors.
c) Processing is carried out by the Controller, collaborators, and/or individuals in charge or responsible for the processing.
Provision of data.
Providing common personal data is strictly necessary for carrying out the activities referred to in point 1. The Data Controller processes personal identification data (such as name, surname, company name, address, telephone number, email, banking and payment details ) communicated by the data subject during the sale of goods or services or when participating in events.
Refusal to provide data.
Providing personal data for the purposes mentioned in this document is necessary in order to purchase the goods or services offered by the Company. Failure to provide personal data may result in the inability to obtain the services or purchase the goods.
Data communication.
Personal data may be communicated and disclosed to those responsible for processing and may be communicated for the purposes of point 1 to employees or independent contractors collaborating with the Company. The personal data provided may be communicated to recipients appointed pursuant to Article 28 of Regulation EU 2016/679, who will process the data as processors and/or individuals acting under the authority of the Data Controller and the Data Processor to fulfill contracts or related purposes. More precisely , data may be communicated to recipients belonging to the following categories:
– Parties providing services for the management of the Data Controller’s IT and communication networks;
– Firms or companies providing assistance and consultancy;
– Competent authorities for compliance with legal obligations and/or provisions of public authorities upon request.
The subjects belonging to the above categories act as Data Processor or operate independently as separate Data Controllers.
Data dissemination.
a) Personal data are generally not subject to dissemination, except as indicated in this information notice.
Transfer of data abroad
Personal data may be transferred to a European Union country and to third countries outside the European Union or to a third organization exclusively for the purposes outlined in point 1 of this information notice, provided that the third country or organization’s adequacy is recognized by a decision of the European Commission (Article 45 of Regulation EU 2016/679). In no other case will the data be transferred abroad.
Rights of the data subject.
The data subject may exercise their rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, and 22 of Regulation EU 2016/679 by contacting the Data Controller via email at info@vivendum.org.
The data subject has the right at any time to:
– Obtain confirmation as to whether or not personal data concerning them exists, even if not yet registered, and to receive the communication in an intelligible form;
– Obtain the following information: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the help of electronic tools; d) the identification details of the controller, the processors, and the designated representative pursuant to Article 5(2) of the Privacy Code and Article 3(1) of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the State, processors, or persons in charge.
– Obtain: a) the update, correction, or when interested the integration of data; b) the deletion, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed; c) the certification that the operations referred to in a) and b) have been brought to the attention of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate effort in relation to the right being protected;
– Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of the collection; b) to the processing of personal data concerning them for the purpose of sending advertising materials, direct sales, market research, or commercial communication through automated calling systems without operator intervention, email, and/or traditional marketing methods via telephone and/or by paper mail.
Where applicable, the data subject also has the rights provided for in Articles 16-21 of the GDPR (Right to rectification, Right to erasure, Right to restriction of processing, Right to data portability, Right to object).
Without prejudice to any other administrative or judicial appeal, if the data subject believes that the processing of their data violates Regulation EU 2016/679, pursuant to Article 15(f) of the aforementioned Regulation, they have the right to file a complaint with the Data Protection Authority.
In the case of a data portability request by the data subject, the Data Controller will provide the personal data in a commonly used, readable format, subject to the provisions of paragraphs 3 and 4 of Article 20 of Regulation EU 2016/679.
Complaints.
For any clarifications or disputes relating to data processing, the data subject may file a complaint with the Data Protection Authority at http://www.garanteprivacy.it/.
Consent to data processing.
By signing or ticking the appropriate box on the website (consent), consent is given for the processing of data within the scope of the purposes and methods mentioned above, within the limits where such consent is required by law. In particular, consent is given for:
– The acquisition of personal data.
– The communication of data to third parties as specified in this information notice;
– The management and storage of data according to legal terms, both digitally and on paper;
– The dissemination and sharing of data.
This consent remains valid until revoked in writing via registered mail with acknowledgment of receipt or via email to info@vivendum.org.
Data Controller.
Vivendum, with its registered office at Via della Repubblica 56, Tavarnuzze Impruneta (Fi), email info@vivendum.org, represented by Mr. Stefano Gallastroni, is the Data Controller.
Data Processor.
The Data Processors include the following operators:
Stefano Gallastroni
Definitions.
Company: Vivendum, with its registered office at Via della Repubblica 56, Tavarnuzze Impruneta (Fi).
Customers: Recipients of the goods, services, and activities/events offered, organized, or participated in by the Company.
Personal Data (or Data): Any information that, directly or indirectly, alone or in conjunction with other information, including a personal identification number, makes a natural person identifiable.
Data Subject: The natural person to whom the Personal Data refer.
Data Processor (or Processor): The natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the Controller as described in this privacy policy.
Data Controller (or Controller): The natural or legal person, public authority, agency, or other entity that, alone or jointly with others, determines the purposes and means of processing personal data and the tools used.
European Union (EU): unless otherwise specified, any reference to the European Union in this information notice is extended to all member states of the European Union and of the European Economic Area.
GDPR: General Data Protection Regulation, that is to say the European Regulation applicable to all European Countries, their citizens, natural and legal persons and their economic players.
Data Protection Authority: this is an independent Italian administrative authority established by the law nbr 675 of December 31st1996, to guarantee the protection of the rights and freedoms and respect for dignity of data subjects when processing their personal data.
Consent: free expression of will to provide one’s personal data and authorize their processing.
