INFORMATION NOTICE ON PERSONAL DATA PROCESSING
This information notice on personal data processing (hereinafter, “Information notice”) is given in accordance with Regulation (EU)/2016/679 (hereinafter, “GDPR”) and concerns the processing of Your personal data performed by Dr. Vranjes Firenze S.p.A., with registered office at Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (FI), Italia, VAT n. 01648260519 email [email@example.com] (hereinafter, the “Controller”).
- Identity and contact of the Controller
The Controller is Dr. Vranjes Firenze S.p.A. As the Controller is established in the EU territory, the Controller has not appointed a representative.
- Identity and contact of DPO
The Controller has appointed a Data Protection Officer (hereinafter, “DPO”) in compliance with art. 37 GDPR. The DPO can be contacted at the following email address:firstname.lastname@example.org .
- Purposes and legal basis of the processing, consent and consequences of a lack of consent
Personal data will be processed for the following purposes:
- for direct marketing communications, newsletters, advertising material, market research, by means of traditional contact systems and automated computer systems, CRM, databases, including commercial or promotional communications by email, messaging systems, SMS, or telephone communications. In this case Your express consent constitutes the legal basis. The communication of data, therefore, is entirely optional and does not constitute contractual obligation for You. In the absence of such data, it will not be possible to send You marketing communications.
- Method of consent expression
You may express consent to the processing of Your personal data by clicking a specific flagbox.
- Methods of processing data, logics, and safeguards
In relation to personal data processed and stored for the purposes under point a), number 3 of the present Information notice (marketing purposes), data processing will be carried out by means of traditional contact systems and automated computer systems in order to offer You direct marketing communications.
- Source from which personal data originate
The Controller will process only personal data provided in compliance with the present Information notice. The Controller will not process data collected from public sources.
- Recipients or categories of recipients of Your personal data
The following may be recipients of Your personal data:
- The communication companies that provide commercial communication activities on behalf of the Controller, which are responsible for the processing, if consent has been given for marketing purposes;
- Companies belonging to the information society, such as those providing web hosting services;
- Companies performing statistic and market inquiries, if consent has been given for marketing purposes;
- Companies that perform account services;
- Partner companies of the Controller;
- All persons to whom the right of access to such data is recognized under regulatory measures.
- Categories of personal data
The Controller will process only personal data from You. There will be no handling of special categories of personal data under Article 9 of the GDPR.
- Transfer of personal data
The Controller transfer Your personal data to a third country or an international organization, such as:
- Communication agencies conducting activities on behalf of the Controller;
- Companies offering information society services, including, in particular, those offering hosting services;
- Service providers of the communication company.
The transfer of personal data to the aforesaid subjects is subject to an adequacy decision made by the European Commission after deciding that the third country or one or more specified sectors within that third country or the international organization ensures an adequate level of protection of personal data and Your rights. However, if the Controller deems it appropriate to proceed with the transfer of personal data despite the lack of any adequacy decisions, the Controller reserves the right to conclude separate agreements with those subjects, requiring them to adopt adequate technical and organizational security measures to safeguard the transferred personal data, with regard to the protection of rights and freedoms of the data subjects. Your personal data may be transferred to the United States of America.
To obtain a copy of the transferred personal data or to be informed on where personal data have been transferred to, You shall send the Controller a written request to the following addresses: Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (FI), Italia or emil [email@example.com].
- Personal data retention period
- Personal data processed and stored for the purposes under point a) number 3 (marketing purposes) are processed and stored until when You request the erasure and/or revoke consent.
The Controller reserves the right to request You to renew the consent to the processing and/or to verify the consent already expressed in any case.
- Data subjects’ rights
12.1 Right to object
12.2 Other rights
The Controller also wishes to inform You of the existence of the following rights:
- Right to access: You have the right to obtain from the Controller confirmation as to whether or not personal data concerning You are being processed and, if so, to obtain access to the personal data and specific information, in accordance with article 15 of the GDPR;
- Right to rectification: You have the right to obtain from the Controller the rectification of inaccurate personal data without undue delay. Taking into account the processing purposes, You have the right to obtain supplementing of incomplete personal data, including by providing a supplementary statement, in accordance with art. 16 of the GDPR;
- Right to erasure of data, including the right to revoke consent: You have the right to obtain the erasure of the personal data, including the right to revoke consent, without undue delay from the Controller. The Controller has the obligation to erase the personal data without undue delay, if the reasons set out in art. 17 of the GDPR exists. With regard to the right to revocation, You also have the right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to revocation;
- Right to restriction of processing: You have the right to obtain from the Controller the restriction of processing when the conditions set out in art. 18 of the GDPR exist;
- Right to data portability: You have the right to receive in a structured format, commonly used and readable by automatic devices, the personal data concerning You provided to the Controller and You have the right to send such data to another controller without any impediment by the Controller in the cases and at the conditions specified in art. 20 of the GDPR;
- Contractor’s right to object on commercial communications: as a contractor, You have the right to object at any time, free of charge, on the receipt of commercial communications.
- Right to lodge a complaint with the Supervisory Authority: You have the right to lodge a complaint the Supervisory Authority for the Protection of personal data, if You consider that the processing of Your personal data infringes the GDPR or data protection dispositions, in accordance with art. 77 GDPR.
The applications to exercise the rights indicated in this privacy notice must be addressed directly to the Controller at the e-mail address: [firstname.lastname@example.org]. Alternatively, such rights can be exercised by sending a registered letter with recorded delivery to Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (FI), Italia.
You may lodge a complaint with the Italian Supervisory Authority for the Protection of personal data according to the provided instructions in the official website, which are available at the following URL: https://www.garanteprivacy.it/reclamo.
- Accessibility of privacy notice
The privacy notice is accessible on our website [URL], and at the Controller. If so expressly requested, the Information notice can also be provided orally, if the identity of the applicant is proven, by means of a phone call request to the addresses of the Controller.