INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO REGULATION (EU) 2016/679 ("GDPR")
- NEWSLETTERS AND DIRECT EMAIL MARKETING -
1. DATA CONTROLLER
Intelsis S.r.l. (the "Owner" or the "Company")
Address: Cottanello 13 (street of the) - Roma 00158
VAT no.: 14570261009
E-mail address: firstname.lastname@example.org
Website: www.mesaudacosmetics.it (the 'Site')
2. PERSONAL DATA PROCESSED
- Personal data (name, surname, date of birth);
- Contact details (e-mail address);
- Browsing Data, (also jointly referred to as the ''Data").
3. COLLECTION OF PERSONAL DATA
During normal operation, the computer systems and software procedures used to operate this Website acquire certain personal data, including IP addresses or domain names of the computers used by users who connect to the Mesauda Milano Website, the URI(Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.) and other parameters relating to the user's operating system and computer environment.
The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
4. PURPOSE AND LEGAL BASIS OF PROCESSING
Within the Site, in some sections, such as the 'newsletter' section, some of the Data listed above are requested, which will be processed by the Company for the purposes and legal bases indicated below.
- Subject to your consent, which is optional and revocable at any time, for marketing purposes on digital channels: to send you communications of initiatives, commercial offers, questionnaires relating to the Company's services/products/events via digital channels.
In any case, your personal data may also be processed, where necessary, for the following purposes:
- For the need to fulfil legal obligationsand in particular to fulfil obligations under applicable national and supranational regulations and legislation (tax fulfilment, administration, etc.);
On the basis of a legitimate interest (judicial protection), to ascertain, exercise or defend the Controller's rights in and/or out of court.
5. RETENTION PERIOD
- Until the exercise of your right to opt-out and in any case no later than 24 months from the date of collection of consent for the processing of communications of initiatives, commercial offers, questionnaires relating to services/products/events of the Company;
- For the duration foreseen by the law (10 years for administrative-accounting fulfilment) for processing to comply with legal obligations;
- In the event of litigation, for the entire duration of the litigation, until the time limit for appeals has been exhausted, for the treatment of judicial protection by the Controller on the basis of its legitimate interest.
The personal data in question, once the aforementioned retention periods have elapsed, will be destroyed, deleted or anonymised compatibly with the technical procedures of deletion and backup and with the Owner's accountability requirements. In particular, following your possible revocation of your consent, the Company will continue to process your Data in order to be able to keep track of the fact that you will no longer need to be sent any informative and promotional marketing material.
6. COMPULSORY PROVISION OF DATAThe provision of Data for marketing purposes, although optional, is necessary to subscribe to the requested service and to receive advertising material from the Controller.
In relation to such optional processing, the data subject may express his or her consent and exercise his or her right to opt-out at any time.
7. RECIPIENTS OF DATA
The Data may be known and processed by the employees of the corporate functions in charge of pursuing the above-mentioned purposes, who have been expressly authorised to process them and have received adequate operating instructions.
Furthermore, the Data may be processed by external parties acting as autonomous data controllers such as, for example, supervisory and control bodies, Public Authorities that expressly request such data for administrative or institutional purposes and, in general, all parties legitimated by current national and European legislation to request such data.
The Data may also be processed, on behalf of the Company, by external parties who may be qualified as data processors (pursuant to Article 28 of the GDPR). Such parties, by way of example, may be:
- companies offering e-mail services;
- companies that provide the service of management and/or maintenance of the Company's website;
- companies offering support in carrying out market studies;
- companies offering services for the management of the information system and telecommunications networks, including electronic mail;
- companies offering services for sending documentation and/or material (post offices, forwarding agents, couriers, etc.);
- banking institutions for the management of collections and payments arising from the execution of contracts.
The full list of data processors is available upon request to the Controller using the contact details given in Section 9 below.
8. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
Your personal data will not be transferred outside the European Union.
Where this is the case, with regard to data collected using cookies, the Controller shall, to the extent of its competence, adopt appropriate safeguards, including the adequacy decisions in force and theStandard Contract ual Clauses adopted by the European Commission.
9. RIGHTS OF THE PERSONS CONCERNED
Interested parties may ask the Data Controller for access to the Data concerning them, their deletion, the rectification of inaccurate data, the integration of incomplete data, the limitation of processing in the cases provided for, as well as the opposition to processing, for reasons related to their particular situation, in cases of legitimate interest of the Data Controller:
- by contacting the Privacy Office, by mail at via del Cottanello, Nr 13 - Rome 00158, to the kind attention of the Privacy Contact; or
- by e-mail to email@example.com
Moreover, where the processing is based on consent or on contract and is carried out by automated means, data subjects have the right to receive the data in a structured, commonly used and machine-readable format and, if technically feasible, to have them transferred to another data controller without hindrance (so-called right to portability).
Finally, data subjects always have the right to withdraw their consent given for marketing purposes at any time (this, in any case, will not affect the lawfulness of processing carried out on the basis of the consent given before the withdrawal) and to lodge a complaint with the competent supervisory authority in the Member State where they habitually reside or work or in the State where the alleged infringement occurred.