PRIVACY POLICY
INFORMATION PROVIDED ACCORDING TO ARTICLES 13-14 OF GDPR (GENERAL DATA PROTECTION REGULATION) 2016/679
Last updated 13/06/2018
In accordance with the specified regulations, the processing of personal data will be guided by the principles of fairness, lawfulness, transparency, and the protection of your privacy and rights.
According to GDPR, our website manages user data in compliance with the current regulations; therefore, we provide you with the following information:
This information does not apply to other websites that may be consulted through links on the owner's domain websites, which is in no way responsible for third-party websites.
CATEGORIES OF DATA The data controller, as indicated below, will process your personal data, including:
Automatically collected data. The computer systems and dedicated applications for the functioning of this website, in their normal operation, collect certain data (whose transmission is implicit in the use of Internet communication protocols) potentially associated with identifiable users. Among the collected data are IP addresses and domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters concerning the operating system, browser, and computer environment used by the user. This data is processed, for the strictly necessary time, solely for the purpose of obtaining anonymous statistical information about the use of the site and to check its regular operation. The provision of such data is mandatory as it is directly related to the web browsing experience.
Voluntarily provided by the user. The voluntary and explicit sending of emails to the addresses indicated in the various access channels of this website does not imply the need for consent. The eventual completion of specifically prepared forms involves the subsequent acquisition of the sender/user's address and data, necessary to respond to the requests made and/or provide the requested service. The voluntary sending of emails to our email addresses by you does not require further information or requests for consent; therefore, the user's data should be considered acquired and, therefore, processed in full compliance with the current regulations. Conversely, specific summary information will be reported or displayed on the pages of the site prepared for particular request services (forms). The user must explicitly consent to the use of the data entered in these forms to send the request.
Cookies. The use of so-called technical cookies is limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow secure and efficient browsing of the site. The session cookies used on this site avoid the use of other potentially prejudicial computer techniques for the confidentiality of user navigation and do not allow the acquisition of the user's identifiable personal data. (For more information, there is a specific cookie policy available.)
DATA PROCESSING ENTITIES DATA CONTROLLER, pursuant to articles 4 and 24 of EU Regulation 2016/679 is Sezione Aurea Advise di Silvia Prioreschi, hereinafter "www.rossomenta.it" with registered office in Via A. Farinati, 9 - 51016 Montecatini Terme (PT), VAT number 01451880478.
The data controller guarantees the security, confidentiality, and protection of the data in its possession at every stage of the data processing process.
LAWFUL PURPOSE OF PROCESSING AND LEGAL BASIS The processing of your data is based on your consent. Personal data provided will be processed in compliance with the conditions of lawfulness pursuant to art. 6 EU Regulation 2016/679 for the following purposes:
a) Data processing management related to (art. 6 lett. b)):
- browsing on this website;
- possible completion of data collection forms for sending information requests to the data controller;
- fulfillment of contractual, legal obligations, and administrative-accounting purposes. For the application of the provisions on the protection of personal data, the processing carried out for administrative-accounting purposes includes activities related to the organization, administration, finance, and accounting, regardless of the nature of the data processed.
RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS The provided personal data may be communicated to recipients, appointed pursuant to art. 28 of EU Regulation 2016/679, who will process the data as data processors and/or as individuals acting under the authority of the data controller and the data processor, in order to comply with contracts or related purposes. Precisely, the data may be communicated to recipients belonging to the following categories:
- Subjects providing services for the management of the information system and communication networks of the Data Controller, (including email);
- Studies or companies in the context of assistance and consultancy relationships;
- Competent authorities for compliance with legal obligations and/or provisions of public authorities, upon request;
- In case of administrative-accounting purposes, the data may be transmitted to commercial information companies for the assessment of solvency and payment habits and/or to subjects for debt collection purposes;
- Subjects belonging to the distribution network;
- Service and logistics companies that carry out support activities for the commercial office.
Entities belonging to the aforementioned categories perform the function of data processors, or operate autonomously as distinct data controllers.
The list of designated data processors is constantly updated and available at the registered office of the Data Controller.
DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION Personal data provided will not be transferred abroad, either inside or outside the European Union.
DATA RETENTION PERIOD OR CRITERIA The processing will be carried out in an automated and/or manual form, with methods and tools aimed at ensuring the maximum security and confidentiality, by subjects specifically appointed for this purpose.
In compliance with the provisions of art. 5 paragraph 1 lett. e) of EU Regulation 2016/679, the personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The user can always request the interruption of the Processing or access to their personal data, correction, deletion, limitation of processing. The timing is determined based on criteria that the data subject can obtain information by writing to This email address is being protected from spambots. You need JavaScript enabled to view it..
SECURITY AND TRANSFER OF PERSONAL DATA The transfer, storage, and processing of user data collected through the Site are ensured through suitable technical measures.
User data is collected, stored, and kept on a secure server protected by an SSL certificate.
PRIVACY OF MINORS Our website is directed at a general audience and does not offer services aimed at children. If the person providing the data is under 16 years old, such processing is lawful only to the extent that the consent is given or authorized by the holder of parental responsibility for whom the identification data and copies of the identification documents are acquired.
INFORMATION ABOUT THIS PRIVACY POLICY The Data Controller is responsible for this PRIVACY POLICY.
NATURE OF PROVIDING AND REFUSAL Apart from what is specified for navigation data, the user is free to provide personal data in dedicated areas on the site.
The provision of personal data for the purposes specified in point a) of this information document is necessary to complete specific functionalities and use the services offered by the Data Controller, such as receiving feedback on the information request submitted. The failure to provide personal data may result in the inability to obtain the requested service or to use the services offered by the site. The provision of the requested data is necessary and mandatory for the validity of the contract that formalizes and regulates the relationship for the provision of the requested services. Failure to provide or incorrectly communicate this data, as well as the failure to communicate changes to the data in question, could prevent the conclusion of the contract itself and/or could make it impossible to precisely fulfill legal obligations, as well as those arising from any ongoing contract. The same data could be used for direct marketing purposes or for sending greetings on festive occasions.
CONSENT STATEMENT Regarding the provision of data for the fulfillment of contractual obligations, a written expression of consent is not required; by express legal provision, it is a necessary and sufficient condition for the customer to be duly informed.
AUTOMATED DECISION-MAKING PROCESSES The Data Controller does not carry out processing consisting of automated decision-making processes.
THIRD-PARTY WEBSITES AND OTHER SITES OWNED BY THE CONTROLLER It is hereby noted that, if the Site contains links that refer to third-party websites, the Data Controller cannot exercise any control over the content of such websites nor has any access to the personal data of the users visiting them.
The owners of these websites will remain the sole and exclusive owners and controllers of the processing of the personal data of their users, with the Controller being unrelated to such activities and any related responsibility, prejudice, or costs resulting from their non-completion or incorrect completion.
The Site may also contain links to other sites owned by the Data Controller.
Therefore, it is advisable to carefully read the respective privacy policies and terms of use of such websites before providing or consenting to the processing of personal data.
RIGHTS OF THE INTERESTED PARTIES You may assert your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, writing to the email address: This email address is being protected from spambots. You need JavaScript enabled to view it. or to the address of the registered office.
You have the right, at any time, to request access to your personal data from the Data Controller, correction, deletion, and limitation of processing.
Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, e.g., profiling) and to the portability of your data.
Without prejudice to any other administrative and judicial remedy, if you believe that the processing of data concerning you violates what is provided by EU Regulation 2016/679, under art. 15 letter f) of the aforementioned EU Regulation 2016/679, you have the right to lodge a complaint with the Data Protection Supervisor and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), you have the right to withdraw your consent at any time.
You have the right to obtain confirmation of the existence or not of your personal data and their communication in an intelligible form, including the rights referred to in Article 7 of the Privacy Code Legislative Decree 196/2003.
Any corrections or deletions or limitations of the processing made at the request of the interested party - unless this proves impossible or involves a disproportionate effort - will be communicated by the Company to each of the recipients to whom the personal data have been transmitted. The Company may communicate such recipients to the interested party if requested.
The exercise of rights is not subject to any form of constraint and is free. The Privacy Code and the Regulation can be consulted at the following links:
http://www.privacy.it/archivio/codiceprivacy.html#art7
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1510829288571&uri=CELEX:32016R0679
In case of a request for data portability, the Data Controller will provide you with the personal data concerning you in a structured, commonly used, and machine-readable format, from an automatic device, except for paragraphs 3 and 4 of art. 20 of EU Regulation 2016/679.