INFORMATION NOTICE ON PERSONAL DATA PROCESSING


This information notice on personal data processing (hereinafter, “Information notice”) is given in accordance with Regulation (EU)/2016/679 (hereinafter, “GDPR”) and concerns the processing of Your personal data performed by Dr. Vranjes Firenze S.p.A., with registered office at Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (FI), Italia, VAT n. 01648260519 email [emaiprivacy@drv.it] (hereinafter, the “Controller”). 


  1. Identity and contact of the Controller  

The Controller is Dr. Vranjes Firenze S.p.A. As the Controller is established in the EU territory, the Controller has not appointed a representative. 


  1. Identity and contact of DPO

The Controller has appointed a Data Protection Officer (hereinafter, “DPO”) in compliance with art. 37 GDPR. The DPO can be contacted at the following email address:dpo@drvranjes.it .


  1. Purposes and legal basis of the processing, consent and consequences of a lack of consent

Personal data will be processed for the following purposes:

  1. for direct marketing communications, newsletters, advertising material, market research, by means of traditional contact systems and automated computer systems, CRM, databases, including commercial or promotional communications by email, messaging systems, SMS, or telephone communications. In this case Your express consent constitutes the legal basis. The communication of data, therefore, is entirely optional and does not constitute contractual obligation for You. In the absence of such data, it will not be possible to send You marketing communications. 

  1. Method of consent expression 

You may express consent to the processing of Your personal data by clicking a specific flagbox.


  1. Methods of processing data, logics, and safeguards

In relation to personal data processed and stored for the purposes under point a), number 3 of the present Information notice (marketing purposes), data processing will be carried out by means of traditional contact systems and automated computer systems in order to offer You direct marketing communications. 


  1. Source from which personal data originate  

The Controller will process only personal data provided in compliance with the present Information notice. The Controller will not process data collected from public sources.


  1. Recipients or categories of recipients of Your personal data

The following may be recipients of Your personal data: 

  • The communication companies that provide commercial communication activities on behalf of the Controller, which are responsible for the processing, if consent has been given for marketing purposes;
  • Companies belonging to the information society, such as those providing web hosting services;
  • Companies performing statistic and market inquiries, if consent has been given for marketing purposes; 
  • Companies that perform account services; 
  • Partner companies of the Controller; 
  • All persons to whom the right of access to such data is recognized under regulatory measures.

  1. Categories of personal data 

The Controller will process only personal data from You. There will be no handling of special categories of personal data under Article 9 of the GDPR.

  1. Transfer of personal data 

The Controller transfer Your personal data to a third country or an international organization, such as: 

  • Communication agencies conducting activities on behalf of the Controller;
  • Companies offering information society services, including, in particular, those offering hosting services;
  • Service providers of the communication company.

The transfer of personal data to the aforesaid subjects is subject to an adequacy decision made by the European Commission after deciding that the third country or one or more specified sectors within that third country or the international organization ensures an adequate level of protection of personal data and Your rights. However, if the Controller deems it appropriate to proceed with the transfer of personal data despite the lack of any adequacy decisions, the Controller reserves the right to conclude separate agreements with those subjects, requiring them to adopt adequate technical and organizational security measures to safeguard the transferred personal data, with regard to the protection of rights and freedoms of the data subjects. Your personal data may be transferred to the United States of America. 

To obtain a copy of the transferred personal data or to be informed on where personal data have been transferred to, You shall send the Controller a written request to the following addresses: Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (FI), Italia or emil [emaiprivacy@drv.it]. 


  1. Personal data retention period 
  • Personal data processed and stored for the purposes under point a) number 3 (marketing purposes) are processed and stored until when You request the erasure and/or revoke consent.

The Controller reserves the right to request You to renew the consent to the processing and/or to verify the consent already expressed in any case.


  1. Data subjects’ rights

12.1 Right to object 

  • You have the right to object at any time to the processing of personal data concerning You pursuant to Article 6, sub-section 1, letter (e) or (f) of the GDPR, on grounds related to Your particular situation. The Controller shall refrain from any further processing of Your personal data unless it proves that there are compelling legitimate grounds for the processing which take precedence over Your interests, rights and freedoms or for the establishment, exercise or defence of a right in court. 
    •
  • If personal data are processed for direct marketing purposes, You have the right to object at any time to the processing of Your personal data carried out for such purposes, including profiling to the extent that it is related to such direct marketing.
    •
  • If You object on the processing for direct marketing purposes, Your personal data shall no longer be processed for such purposes. Your right to object on the processing for direct marketing purposes may be exercised even partially, i.e. by opposing, for example, only on sending promotional communications by automated and/or digital means, or on sending paper communications and/or receiving telephone communications.
    •
  • Where personal data are processed for scientific or historical research or statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, You have the right to object on the processing of Your personal data for reasons related to Your particular situation, unless such processing is necessary for the performance of a task in the public interest.
    •

    12.2 Other rights 

    The Controller also wishes to inform You of the existence of the following rights:

    • Right to access: You have the right to obtain from the Controller confirmation as to whether or not personal data concerning You are being processed and, if so, to obtain access to the personal data and specific information, in accordance with article 15 of the GDPR;
    • Right to rectification: You have the right to obtain from the Controller the rectification of inaccurate personal data without undue delay. Taking into account the processing purposes, You have the right to obtain supplementing of incomplete personal data, including by providing a supplementary statement, in accordance with art. 16 of the GDPR;
    • Right to erasure of data, including the right to revoke consent: You have the right to obtain the erasure of the personal data, including the right to revoke consent, without undue delay from the Controller. The Controller has the obligation to erase the personal data without undue delay, if the reasons set out in art. 17 of the GDPR exists. With regard to the right to revocation, You also have the right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to revocation;
    • Right to restriction of processing: You have the right to obtain from the Controller the restriction of processing when the conditions set out in art. 18 of the GDPR exist;
    • Right to data portability: You have the right to receive in a structured format, commonly used and readable by automatic devices, the personal data concerning You provided to the Controller and You have the right to send such data to another controller without any impediment by the Controller in the cases and at the conditions specified in art. 20 of the GDPR;
    • Contractor’s right to object on commercial communications: as a contractor, You have the right to object at any time, free of charge, on the receipt of commercial communications.
    • Right to lodge a complaint with the Supervisory Authority: You have the right to lodge a complaint the Supervisory Authority for the Protection of personal data, if You consider that the processing of Your personal data infringes the GDPR or data protection dispositions, in accordance with art. 77 GDPR. 

    The applications to exercise the rights indicated in this privacy notice must be addressed directly to the Controller at the e-mail address: [emaiprivacy@drv.it]. Alternatively, such rights can be exercised by sending a registered letter with recorded delivery to Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (FI), Italia. 

    You may lodge a complaint with the Italian Supervisory Authority for the Protection of personal data according to the provided instructions in the official website, which are available at the following URL: https://www.garanteprivacy.it/reclamo.


    1. Accessibility of privacy notice 

    The privacy notice is accessible on our website [URL], and at the Controller. If so expressly requested, the Information notice can also be provided orally, if the identity of the applicant is proven, by means of a phone call request to the addresses of the Controller.