I. PROCESSOR

A.R.P. di Arianna Ablondi Pedretti (VAT ID: 13176940966), with registered office at Via Piave 10, 43125 – Parma (PR) (hereinafter referred to as the “controller“) in accordance with Regulation (EU) 2016/679 of European Parliament and of the Council, dated April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter the “Regulation“), will be the entity processing your personal data for the purposes outlined in this Privacy Policy. Therefore, the Controller assumes the role of data controller as defined in Article 4 (7) of Regulation: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.”

II. PURPOSES AND DESCRIPTION OF PROCESSING

This pertains to personal data collected from the website missablondi.it, both automatically and voluntarily through the user’s choice to use the contact form to send information requests to the company.

Purposes:

1. Internet Navigation Security: Information is processed automatically and collected in an aggregated form to verify the correct functioning of the website and for security reasons, based on the legitimate interests of the data controller.
2. E-Commerce Web Visibility: The data controller has a legitimate interest in promoting its business on the web through its website. Given the data collected solely for the technical functionality and navigability of the site, this interest is considered to outweigh the interest of users in not having their personal data processed.
3. Fulfillment of Contractual Obligations: The controller requires certain information for the proper execution of the contractual relationship.
4. Management of newsletters and information and promotional material.  

III. TYPES OF DATA PROCESSED AND CONSENT

To fulfill the purposes outlined in Section II, the following data will be processed:

Tax code and other personal identification numbers, name and surname, address, or other personal identification elements, gender, contact phone and shipping address, payment references and methods.

This website also makes use of log files where information is stored that is automatically collected during user’s visits. The data collected could be: IP address, type of browser and parameters of the device used to connect to the site; name of the internet service provider (ISP); date and time of visit; the visitor’s web page of origin (referral) and exit; possibly the number of clicks, navigation data, session data (these data are collected through necessary cookies, which are essential for the proper functioning of the site, for this reason they cannot be deactivated), site usage data (these data are collected through performance cookies, which collect information on how a site is used. We use this to better understand how the pages of the site are used and to improve their appearance, content and functioning).

Except as indicated for browsing data that collects data automatically, visitors are free to provide or withhold their data. Non-provision could potentially hinder contract execution.

IV. LEGAL BASIS OF PROCESSING

Processing is necessary for the performance of a contract of which the data subject is a party or for the execution of measures requested by the data subject – Purpose 3.

Processing is necessary for the pursuit of the legitimate interest of the data controller or third parties – Purposes 1, 2 and 4.

• DATA SHARING

Personal data may be communicated to specific subjects considered recipients of such Personal Data. (hereinafter referred to as “Recipients“). In this regard, to carry out all necessary processing activities to achieve the purposes of this Privacy Policy, the following Recipients may be authorized to process your personal data:

• Third parties performing part of the processing activities and/or activities connected and instrumental to them on behalf of the data controller, appointed as data processors pursuant to Article 4 (8) of Regulation”natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (Processor).
• Individuals, employees, and/or collaborators of the data controller to whom specific processing activities. Specific instructions have been given to these individuals on the security and correct use of Personal Data and are defined, pursuant to Article 4 (10) of Regulation, as “natural  or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor,  are authorised to process personal data;”  (hereinafter referred to as “third parts”).
• Where required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities without these being defined as Recipients. In fact, pursuant to Rule 4 (9) of Regulation, “natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the 4.5.2016 L 119/33 Official Journal of the European Union EN framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;”.

• DURATION OF PROCESSING

Data collected by the website is used exclusively for the purposes outlined and stored for the time strictly necessary to perform the specified activities. User-entered data in the contact form will be retained for the time needed to respond to information requests and, subsequently, for the duration necessary to fulfill contractual obligations and legal obligations arising from the contract.

• DATA SUBJECT RIGHTS

As provided for in Article 15, you may access your Personal Data, request its correction and updating, if incomplete or incorrect, request its deletion if the collection has taken place in violation of a law or regulation, as well as object to the Processing for legitimate and specific reasons.

 In particular, we report below all your rights that you can exercise at any time against the Data Controller:

• Right of access: you will have the right, pursuant to Article 15, paragraph 1, of the Regulation, to obtain from the Data Controller confirmation as to whether or not your Personal Data is being processed and to the following information: a) the purposes of the Processing; b) the categories of Personal Data in question; c) the Recipients or categories of Recipients to whom your Personal Data has been or will be disclosed, in particular if Recipients from third countries or international organizations; d) where possible, the envisaged retention period of the Personal Data or, if this is not possible, the criteria used to determine such period; e) the existence of the right of the Data Subject to request from the Data Controller the rectification or erasure of Personal Data or the limitation of the Processing of Personal Data concerning him/her or to object to their Processing; f) the right to lodge a complaint with a supervisory authority; g) if the Personal Data are not collected from the Data Subject, all available information on their origin, h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and consequences of such Processing for the Data Subject.
• Right to rectification: you may obtain, in accordance with Article 16 of the Regulation, the rectification of your Personal Data that is inaccurate. Taking into account the purposes of the Processing, you may also obtain the integration of your Personal Data that is incomplete, including by providing a supplementary statement.
• Right to erasure: you may obtain, pursuant to Article 17, paragraph 1 of the Regulation, the erasure of your Personal Data without undue delay and the Data Controller will be obliged to erase your Personal Data, if one of the following reasons also exists: a) the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) you have withdrawn the consent on which the Processing of your Personal Data is based and there is no other legal basis for their Processing; c) you have objected to the Processing pursuant to Article 21, paragraph 1 or 2 of the Regulation and there is no longer any overriding legitimate reason to proceed with the Processing of your Personal Data; d) your Personal Data has been unlawfully processed; e) it is necessary to erase your Personal Data in order to comply with a legal obligation provided for by a European Union or national law.

in some cases, as specifically indicated in Article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete your Personal Data.

• Right to restriction of processing: you may obtain the restriction of Processing, pursuant to Article 18 of the Regulation, in the event that one of the following hypotheses occurs: a) you have contested the accuracy of your Personal Data (the restriction will continue for the period necessary for the Data Controller to verify the accuracy of such Personal Data; b) the Processing is unlawful but you have opposed the erasure of your Personal Data by requesting it,  instead, that its use is restricted; c) although the Data Controller no longer needs it for the purposes of the Processing, your Personal Data are used for the establishment, exercise or defence of legal claims; d) you have objected to the Processing pursuant to Article 21, paragraph 1, of the Regulation and you are awaiting verification as to whether the legitimate reasons of the Data Controller prevail over yours.

In the event of restriction of Processing, your Personal Data will only be processed, except for storage, with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person or for reasons of important public interest. We will notify you, in any event, before such restriction is lifted.

• Right to data portability: you may, at any time, request and receive, pursuant to Article 20, paragraph 1 of the Regulation, all your Personal Data processed by the Data Controller in a structured, commonly used and readable format or request their transmission to another Data Controller without hindrance. In this case, you will provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by providing us with written permission.
• Right to object: pursuant to Article 21, paragraph 2 of the Regulation and as reaffirmed by Recital 70, you may object, at any time, to the Processing of your Personal Data if these are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
• Right to lodge a complaint with the supervisory authority: without prejudice to your right to appeal to any other administrative or judicial body, if you believe that the Processing of your Personal Data conducted by the Data Controller is in violation of the Regulation and/or applicable legislation, you may lodge a complaint with the competent Data Protection Authority

To exercise all of your rights as identified above, you can contact us at the following address: ciao@missablondi.it