Last update: September 2018
Pursuant to art. No. 13 Reg. UE n. 2016/679 of 27/04/2016 (“General Data Protection Regulation”, hereinafter “GDPR”), we would like to inform you that your personal data as collected through this form will be processed by Astoria MC S.r.l. Via Condotti Bardini, n. 1, 31058 Susegana (TV), Italia c.f. e P. IVA n. 04884860265, (“Controller”) in its capacity as Data Controller for the following purposes.
Astoria MC S.r.l., even if not specifically required (art 37 GDPR), nominated a DPO that you can contact via email at firstname.lastname@example.org
- PURPOSES OF DATA PROCESSING AND LEGAL BASIS
Personal data (“Data“) provided by the interested party are processed for the following purposes:
- execution of the requested service (hereinafter referred to as “Service“): e.g. provision of services based on web interface, registration of users, provision of information relating to those who voluntarily subscribed to the database of our site, provision of information relating to training activities;
- in compliance with legal obligations, accounting requirements, administrative and contractual obligations linked to the Service.
- subject to specific consent, for the purposes of sending commercial and / or promotional communications on the products and services and to perform market research (“Direct Marketing“);
- subject to specific consent, for the purposes of communicate the Data to other companies connected or related to Data Controller, as well as to partner companies that may process them and send commercial and / or promotional communications on products and services of the aforementioned companies, as well as perform market research (“Marketing third parts“).
Personal data may be processed by authorized Controller staff, employed in the marketing, IT system and sale departments, duly internally appointed. In addition, it might be processed on behalf of Controller by third parties and other group companies duly appointed as data processors.
- TYPES OF DATA PROCESSED
- Internet navigation data
This category of data includes IP addresses or domains of computers used by users who connect to the site, addresses of the requested resources, time of the request, method used in submitting the request to the server, file size obtained in response, numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and user’s computer environment.
- Data provided voluntarily by the user
The optional, explicit and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address for the purposes of answering to requests, as well as any other data included in the format.
- INTERNATIONAL TRANSFER OF PERSONAL DATA
Personal data are managed and stored on servers located within and outside the European Union owned and / or available to the Controllers and / or third parties, duly appointed as data processors. The Data may also be transferred for the purposes referred to in art. 1 to third parties located outside the European Union, when provided an adequate level of protection (e.g. the subscription to the Privacy Shield List in compliance with the European Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 cd “Privacy Shield”). References about third parties will be disclosed upon request by the Controller.
- DATA STORAGE PERTIOD
Data of the interested parties, collected through the website forms, are stored for the time necessary to give feedback to their requests.
- PROVIDING DATA
As to (a) and (b), users provide Data on a voluntary basis: the refusal to provide the Data, however, excludes the user from the service required. The consent to data processing for further purposes is optional.
- DATA PROCESSING METHODS
Data processing for each of the aforementioned purposes is carried out using paper-based, automated or electronic methods also, but not limited to, mail or email, telephone (e.g. unsolicited calls, SMS, MMS), fax and any other IT channel (e.g. websites, mobile, app) suitable to guarantee security and confidentiality according to the so-called data protection by default, i.e. the application of measures to minimize the risks of data breach.
- LOG-IN INFORMATION TO THE RESERVED AREA OF THE PORTAL
The User, in the event of the registration on the reserved area of the Portal, will receive access credentials (a personal ID and password). These credentials are strictly personal and any disclosure or transfer to third parties is not allowed.
- RECIPIENTS OF PERSONAL DATA
The User’s Data may be communicated by Controller to third parties for whom it is useful for the purpose of providing services which are functional to the provision of the Services or the fulfillment of legal obligations, duly appointed as data processors. These third parties will be entitled to know the only information necessary for the purposes hereinabove and it will be required to them to adopt all security measures in accordance with current legislation. Data about processors will be disclosed by the Controller upon request. Personal data may be processed by authorized Controller staff.. Under no circumstances Data will not be transferred or disclosed to third parties, except as provided above and, in any case, within the limits indicated hereinabove.
- RIGHTS OF THE INTERESTED PARTY
Pursuant to GDPR, and subject to the conditions specified therein, the interested party holds the following rights:
- right of access, i.e. the right to obtain confirmation that Data are (not) being processed and, where that is the case, obtain access to it;
- right to rectification and cancellation, e. the right to obtain from the Controller the rectification of inaccurate Data and / or the completion of incomplete Data or erasure of Data;
- right to restriction of data processing, e. the right to request suspension of Data processing;
- right to data portability, e. the right to receive Data in a structured, commonly used and machine-readable format, as well as the right to transmit Data to another controller;
- right to object, e. the right to object to processing of Data, including the processing of Data for marketing and profiling purposes, as applicable;
- right to contact the national competent data protection authority in case of unlawful processing of Data.
You may in any event withdraw your consent and exercise your rights as established under articles by sending an email to the following address: email@example.com.
The hereby policy is updated by the company when needed. Visit the page from time to time for the last updates.