POLICY ON THE PROCESSING OF PERSONAL DATA OF USERS OF THE WEBSITE PURSUANT TO ARTS. 13 AND 14 OF EU REGULATION 2016/679
The processing of personal data of the users of this website will be carried out by the association named VEII (hereinafter, the “Association” or the “Controller”) in compliance with the legal and regulatory framework on protection of personal data, including EU Regulation 2016/679 on protection of personal data (hereinafter, the “Regulation”) and Legislative Decree 196/2003, as lastly amended by Legislative Decree 101/2018.
All terms used in this policy shall have the meaning provided under the Regulation.
1. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
The controller of the treatment of personal data of users of this website is the voluntary association named VEII, with registered office at Via Giuseppe Libetta 15 (Officine Libetta), 00154, Rome, tax code and VAT number no. 16087951006, e-mail address: email@example.com.
2. ADDRESSEES OF THE POLICY
This policy is addressed to the visitors of the website of the Association, ‘www.veii.it’ (hereinafter, the “Website”).
In particular, this policy is addressed to such users (hereinafter, “Users” or, individually, “User”) who provide browsing data by visiting the aforementioned Website and/or by completing one or more contact forms available on the Website.
3. CATEGORIES OF PERSONAL DATA
The personal data of Users to be processed by the Association in the context of the processing purposes identified by Article 4 hereof include:
a) data provided by the relevant User to complete the purchase procedure of the the products sold on the Website. Such data include first name, surname, phone number, e-mail address and data concerning the payment instrument used for the relevant purchase.
b) data provided by the relevant User by compiling the newsletter form available on the Website. Such data include first name, surname, e-mail address as well as any other personal data transmitted through the free writing box or other sections of the form;
4. PURPOSES AND LEGAL BASIS OF THE PROCESSING
The processing of the personal data listed under Article 3, lett. a) above will be carried out by the Association for the following purposes:
(i) finalization of the purchase by the Users of the products sold on the Website;
(ii) reply to requests of information and/or product demos submitted by the User;
(iii) direct marketing activities by e-mail.
The legal basis of the processing for the purposes under (i) and (ii) above is represented by the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (art. 6, paragraph 1, lett. b) of the Regulation). The legal basis of the processing for the purpose under (iii) above is represented by the consent (art. 6, paragraph 1, lett. a) of the Regulation) given by the relevant User by ticking the checkbox below the contact forms available on the Website.
5. PROCESSING METHODS AND STORAGE
In compliance with Article 5 of the Regulation, the personal data of the Users will be:
(i) processed lawfully, fairly and in a transparent manner in relation to the Data Subject;
(ii) collected and recorded for specified, explicit and legitimate purposes and further processed in a manner compatible with those purposes;
(iii) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(iv) accurate and, where necessary, kept up to date;
(v) processed in a manner that ensures appropriate security;
(vi) kept in a form that permits identification of the Data Subject for no longer than is necessary for the purposes for which the Personal Data are processed.The personal data of the Users will be processed by the Controller by automated and non-automated means; the electronic storage of personal data occurs on secure servers located in controlled areas with restricted access.
Specific security measures are observed to prevent data being lost or used in an unlawful or improper manner, and to prevent unauthorized access.Moreover, personal data of the Users will be processed in accordance with any rules and measures, as amended and supplemented, issued by the Authority on Protection of Personal Data.
6. PROVISION OF PERSONAL DATA
The provision of personal data of the Users is:
• mandatory, for the purposes of processing under Article 4, points (i) and (ii) above (reply to requests of information submitted by the User). Failure to provide such data as identified under art. 3, lett. a) hereof will prevent the Association from replying to the request of information submitted by the relevant User; and
• optional, for the purpose of processing under Article 4, point (iii) above (direct marketing activities by e-mail).
7. RETENTION OF PERSONAL DATA
Personal data of the Users are retained for the time strictly necessary to fulfil the purposes for which they were collected and processed based on the purposes under Article 4 hereof, and in any case:
• for a maximum period of 10 years from the date of receipt of the relevant purchase order, for the processing purpose under Article 4, point (i) above (finalization of the purchase by the Users of the products sold on the Website);
• for 12 months from the date of receipt of the request for information, for the processing purpose under Article 4, point (ii) above (reply to request for information submitted by the User);
• until the User revokes his/her freely given consent, for the processing purpose under Article 4, point (iii) above (direct marketing activities by e-mail).
Upon expiry of the aforementioned terms, the personal data shall no longer be processed and will therefore be cancelled. It remains understood that the Controller will be in any case obliged and/or legitimated to further retain the personal data of the Users, in whole or in part, to exercise or defend a right in a proceeding within the 10-year statute of limitations provided pursuant to art. 2946 of the Italian Civil Code.
8. DISCLOSURE OF PERSONAL DATA
Personal data of the Users will be accessible to those in charge of the relevant processing as well as to providers of specific services for the Controller to extent strictly necessary for the achievement of the purposes under Article 4 above.
Collected and processed data may therefore be disclosed exclusively for the afore mentioned purposes to the following third parties:
• providers of cloud and content delivery network services;
• providers of payment services.
9. PUBLIC DISCLOSURE OF PERSONAL DATA
Personal data of the Users will not be subject to public disclosure.
10. TRANSFER OF PERSONAL DATA ABROAD
Personal data of the Users will not be subject to any transfer to entities located in non-EU countries or to international organizations.
11. RIGHTS OF THE DATA SUBJECT
At any time, the User may have access to his/her personal data in order to correct or cancel them and, in general, to exercise any and all the rights he/she has pursuant to Arts. 15 to 22 of the Regulations and, in particular:
• the right to obtain a confirmation about the existence of personal data and their communication in a comprehensible form, as well as to know the origin, purposes and modalities of the relevant processing thereof;
• the right to obtain the indication of the identification details of the Controller, of the persons responsible for the processing and of the addressees to whom his/her personal data may be disclosed;
• the right to verify the correctness of his/her personal data or to request the integration or update or correction thereof;
• the right to request the erasure or the transformation into anonymous form or the blocking of any unlawfully processed personal data or their limitation under applicable laws or to object to their processing in whole or in part for legitimate reasons;
• the right of portability of his/her personal data;
• the right to submit a claim, a complaint or a redress before the Authority for the protection of personal data (www.garanteprivacy.it) subject to fulfillment of the relevant requirements.
The User will also be entitled to object to the processing of the personal data in the cases expressly provided under applicable laws, as well as to revoke his/her consent to the processing at any time, without any prejudice to the lawfulness of any processing carried out on the basis of consent granted by the User prior to the relevant revocation.
12. COMMUNICATIONS AND EXERCISE OF THE DATA SUBJECT’S RIGHTS
In order to exercise the rights enumerated under Article 11 above, the User may contact the Association at any time and without any specific formalities by using the contact details provided under Article 1 hereof.
Any request concerning the recipients of the personal data as well as any clarifications on this policy shall be addressed by using the same contact details.
Technical cookies are used by the Association to ensure its essential functions and for statistical purposes. Any refusal to their use by the User and the failure to provide any data so collected prevents a correct and full functionality of the Website. The processing of personal data carried out through technical cookies does not require the User’s consent.