Information on the processing of personal data – EU Regulation 2016/679 (General Data Protection Regulation)
This information is intended to describe the methods of management and processing of personal data of users who consult the site http://www.astemercatinodelgioiello.it/
The data controller is Santori Giuseppina’s Jewelery Market
VAT number 02293020448 Viale Benedetto Croce 48, 63100 Ascoli Piceno (AP) – Italy 0736 656210.
Purposes and methods of treatment.
Following the consultation and use of the forms on the site, identifiable personal data may in fact be processed. We therefore inform you that such data, provided through request forms or registration procedure, purchase commission or mandate to sell without representation, may be processed to manage user requests for information, guarantee the correct performance of the services provided by the Data Controller and contractual and pre-contractual obligations including administrative and tax obligations. In these cases the provision of data is mandatory, under penalty of the possibility of receiving the requested service / contract. With the express consent, the data may be processed for promotional purposes and the sending of communications and materials relating to future auctions linked to the activity carried out by the Data Controller. The provision of data for the latter purposes is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing the data already provided in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller.
Legal basis for data processing is the contract signed by the user and / or the consent given for the aforementioned purposes. We inform you that if you are already our customer, we will be able to send commercial communications relating to the Controller’s services and products similar to those you have already used, unless you disagree.
Access to data and communication
The data will be processed with paper, electronic and / or automated tools. The treatments will take place at the headquarters of the owner and the data will be accessible only to the technical staff in charge of the Administrative Office, to any persons in charge of occasional maintenance operations, to third parties who carry out outsourcing activities on behalf of the Data Controller (by way of example, institutes of credit, professional firms, consultants etc.).
Duration of treatment
The data will be processed for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. They will be kept as long as: a contractual / commercial relationship with the Owner will last, their elimination is not requested. In any case, for the time necessary to perform the requested services and / or to carry out the legal obligations related to the activities carried out.
The computer systems and procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interests, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
No personal user data is acquired by the site in this regard. Cookies are not used to transmit information of a personal nature, nor are persistent cookies of any kind used, or systems for tracing users. The use of the so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe browsing and efficient site. The so-called Session cookies used on this site avoid the use of other IT techniques that are potentially prejudicial to the confidentiality of users’ browsing and do not allow the acquisition of the user’s personal identification data.
Rights of the interested party.
Pursuant to articles 13, paragraph 2, and from 15 to 21 of the Regulation, we inform you that with regard to the processing of your personal data, you can exercise the following rights:
- Right to obtain access to personal data and the following information:
- confirmation that personal data is being processed or not;
- the purposes of the processing;
- the categories of personal data;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed;
- if the data are not collected from the interested party, all available information on their origin;
- the existence of an automated decision-making process, including profiling;
- a copy of the personal data being processed.
- Right of rectification and integration of personal data;
- Right to delete data (“right to be forgotten”) if one of the following reasons exists:
- the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- the interested party withdraws consent to the processing of data and there is no other legal basis for the processing;
- the interested party opposes the processing and there is no legitimate overriding reason to proceed with the processing;
- the personal data have been unlawfully processed;
- personal data must be deleted to fulfill a legal obligation under the law of the Union or of the Member State to which the data controller is subject;
The data controller, if he has made personal data public and is obliged to delete them, must inform the other owners who process the personal data of the request to delete any link, copy or reproduction of his data.
- Right to limitation of processing in the event that:
- The data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
- The processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that its use be limited;
- Although the data controller no longer needs them for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
- The interested party opposed the processing, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
- Right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority www.garanteprivacy.it.
- Right to data portability:
or the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and possibly transmit them to another data controller, if the processing is based on consent or on a contract and is carried out by automated means. Where technically possible, the interested party has the right to obtain the direct transmission of data from one data controller to another.
- Right to object:
at any time to the processing of personal data, including profiling, in particular in the event that:
- the processing takes place on the basis of the legitimate interest of the owner, after explaining the reasons for the opposition;
- personal data are processed for direct marketing purposes.
- Right not to be subjected to a decision based solely on automated processing, including profiling, except in cases where the decision:
is necessary for the conclusion or execution of a contract between the data subject and a data controller, is authorized by Union or Member State law to which the data controller is subject or is based on the explicit consent of the data subject.
- Right to withdraw consent at any time;
obviously with all consequences deriving from the impossibility of being able to comply with legislative or contractual provisions if the processing is established by these provisions.
The exercise of rights is not subject to any formal constraints and is free.
How to exercise your rights
You can exercise your rights at any time by sending:
a registered letter a.r. a: Mercatino del Gioiello di Santori Giuseppina
VAT number 02293020448
Viale Benedetto Croce 48, 63100 Ascoli Piceno (AP) – Italy 0736 656210 or an email to [email protected]