INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 (“GENERAL DATA PROTECTION REGULATION – GDPR”)
Version 1.0 – Update: April 1st/2022
INFORMATION AND CONTACT DETAILS OF DATA CONTROLLER
Quintetto s.r.l., P.IVA 01086580071, with registered office in Via Risorgimento n° 33, 11020 – Nus (AO), Aosta Companies’ Register n° 86580071, in the person of its legal representative Ivano Gregori.
Contact details of the Data Controller: Email: firstname.lastname@example.org; Tel: +39/0165/18.45.290
Quintetto S.r.l., VAT number 01086580071, with registered office in Via Risorgimento n° 33, 11020 Nus (AO), Aosta Companies’ Register number 86580071, in the person of its legal representative pro tempore, as the Data Controller of your personal data (hereinafter “Quintetto” or “Data Controller”), informs you, pursuant to Art. 12 and 13 of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter referred to as “GDPR” for brevity), that your personal data will be processed by specifically authorised persons and only for the purposes and in the manner specified below.
Quintetto believes in the importance of privacy for all its customers and uses the data collected only to improve the experience of using the site, complying with the standards laid down by European (hereinafter “GDPR“) and national (hereinafter “Privacy Code“) regulations, updating the information and making it easier to read and understand.
The GDPR is a regulation aimed at strengthening and unifying data protection for all entities within the European Union, which requires a high level of transparency on how personal data is collected, stored and used, and more generally on the processing of personal data, and imposes strict limits on its use.
OBJECT AND PURPOSES OF DATA PROCESSING
Quintetto informs you that it will process, specifically, your common personal data, i.e. name and surname, contact data, i.e. e-mail address, telephone number, username and password and IP addresses and/or domain names, according to the purposes and methods defined and specified below.
In particular, the personal data provided to Quintetto shall be processed for the following purposes
- to allow the user to register and access the portal https://www.quintetto.it/ in the “Private Area” section to use all the functions implemented on the site;
- to allow the user to request information and estimates by contacting Quintetto directly at the addresses indicated;
- to guarantee the operation of the website and all the technical functions relating to the same, in order to allow the user the best possible browsing and purchasing experience on the site.
This information is effective only with reference to the website https://www.quintetto.it/ but not with reference to other and different portals or websites that may be consulted through the links present therein, for which Quintetto is in no way responsible.
The data provided in general terms will be processed, also following automatic collection during navigation, solely for the purpose of ascertaining and/or controlling access to the website and/or solely for the purpose of improving its functionality, in order to guarantee a better navigation experience.
LAWFULNESS OF DATA PROCESSING
With the exception of what has just been specified for browsing data, the communication by you to Quintetto of the personal data specified above has the following legal bases for the lawfulness of data processing:
- 6, par. 1, letter b) of the GDPR, for the purposes referred to in points a) and b) above.
- 6, par. 1, letter f) of the GDPR, for the purposes referred to in point c) above.
The provision of your personal data is, therefore, necessary for the full performance of the purposes referred to in points a), b) and c) above, and, consequently, your refusal to provide personal data may result in the failure to perform the said services and functions of this website, preventing all or part of its functionality.
METHODS OF DATA PROCESSING
The processing of the personal data that you have communicated is carried out by means of the operations indicated in Article 4 no. 2) of the GDPR, namely: “collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data“.
The personal data that you have communicated are subject to automated processing for the time strictly necessary to achieve the purposes for which they were collected, with technical and organisational methods adopted to prevent the loss of data, unlawful and/or incorrect use and unauthorised access, and such, therefore, as to guarantee a level of security appropriate to the risk pursuant to art. 32 of the GDPR, by specially authorised persons, in compliance with the provisions of art. 29 of the GDPR, or by employees and/or collaborators of Quintetto in their capacity as authorised persons and/or system administrators, who may carry out consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of the law necessary to guarantee, among other things, the confidentiality and security of the data as well as their accuracy, updating and relevance to the stated purposes and methods.
Please note, in particular, that the personal data you have communicated will be processed only at the Quintetto offices, except as specified below, will not, therefore, be disseminated, and, pursuant to art. 13, paragraph 1, letter (e), the same may be processed only by authorized persons and / or any external data processors under Art. 28 of the GDPR (in the person of individual professionals and/or complex professional associations), and/or by persons who operate as autonomous data controllers, including, explicitly, hosting companies and/or technical personnel in charge of website management and/or maintenance, but solely and exclusively for the purposes expressly and specifically indicated above.
DATA COMMUNICATION SCOPE
In relation to the aforementioned purposes, the data may be communicated to the following subjects and/or categories of subjects indicated below, or they may be communicated to companies and/or persons who provide services, including external services, on behalf of Quintetto.
For the sake of clarity, these include, by way of example but not limited to: professionals and consultants, including in associated form; persons who provide services for the management of the computer system and telecommunications networks (including e-mail and management of web portals and websites – cloud storage services – hosting); competent authorities and/or Supervisory Bodies for the fulfilment of legal obligations; persons who carry out control, audit and certification of the activities carried out by Quintetto who act as external data processors pursuant to art. 28 of the GDPR, or independently as subjects distinct from Quintetto.
Plugin Social Network
The site also incorporates plugins and/or buttons in order to allow easy sharing of content on your favourite social networks. When you visit a page on the site that contains a plugin, your browser connects directly to the servers of the social network from which the plugin is loaded, which server can track your visit to the site and, if appropriate, associate it with your social network account, particularly if you are logged in at the time of your visit or if you have recently surfed one of the websites containing social plugins.
If the user does not wish the social network to record data relating to his visit to the site, he must log out of his social network account and probably delete the cookies that the social network has installed in his browser.
Plugins are installed on this site with advanced privacy protection functions for Users, which do not send cookies or access the cookies present on the User’s browser when the page is opened, but only after clicking on the plugin.
With exclusive reference to navigation data, IP addresses and domain names, this site may share some of the data collected with services located outside Italy and the European Union area, in particular, with Google, Facebook, LinkedIn, also through social plug-ins and Google Analytics services. In the event that this should become necessary for any reason, Quintetto as of now ensures that the transfer of data will take place in accordance with the applicable legal provisions and, in particular, in accordance with Articles 44 – 45 – 46 – 47 – 48 and 49 of the GDPR and other applicable legislation.
DATA RETENTION PERIOD
In compliance with the principles of lawfulness, purpose limitation and data retention and minimisation, pursuant to Article 5 of the GDPR, the period of retention of your personal data is established for a period of time not exceeding the fulfilment of the aforementioned purposes for which they are collected and processed, i.e. for the entire duration of the fulfilment of the aforementioned purposes, and, therefore, once the purposes of processing have been fulfilled, your data will be deleted from all physical and IT supports.
AUTOMATED INDIVIDUAL DECISION-MAKING AND PROFILING
Quintetto informs you that, for the purposes of processing your personal data, it does not use automated decision-making processes, i.e. those aimed at making decisions based solely on technological means according to predetermined criteria (i.e. without human involvement), nor does it carry out profiling activities, i.e. those aimed at using your personal data to analyse or predict aspects concerning your professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements, etc.
RIGHTS OF THE DATA SUBJECT
Right of Access pursuant to art. 15 of the GDPR and Right of Rectification pursuant to art. 16 of the GDPR
As data subject, pursuant to art. 15 of the GDPR, you have the right to obtain confirmation from Quintetto as to whether or not personal data concerning you are being processed, to obtain access to the same and to all the information referred to in the same art. 15, paragraph 1, letters (a) to (h), by means of the issue of a copy of the data being processed in a structured, commonly used, machine-readable and interoperable format.
You also have the right, pursuant to Article 16 of the GDPR, to obtain from Quintetto the rectification and/or integration of the data being processed if they are not updated and/or inaccurate and/or incomplete.
Right of erasure pursuant to art. 17 of the GDPR and right to restriction of processing pursuant to art. 18 of the GDPR
As data subject, you have the right to obtain, without undue delay, from Quintetto, exclusively in the cases referred to in Article 17, paragraph 1, letters (a) to (f), of the GDPR, the erasure of data relating to you – with the exception of the cases specifically provided for in Article 17 paragraph 3.
As a data subject you, pursuant to Article 18 paragraph 1, letters (a) to (d), of the GDPR, have the right to request and obtain from Quintetto, the restriction of the processing of your personal data, i.e. that such data is not subject to further processing and can no longer be modified. Quintetto shall ensure that the restriction of processing is implemented by means of appropriate technical devices that guarantee its inaccessibility and immodifiability.
Right to data portability pursuant to art. 20 of the GDPR
As a data subject, you have the right to receive, pursuant to Article 20 of the GDPR, from Quintetto the personal data concerning you, the processing of which is carried out by automated means, in a structured, commonly used and machine-readable format, and you also have the right to transmit such data to another data controller, or to obtain from Quintetto, where technically feasible, the direct transmission of such data to another specifically identified data controller.
Right to object to processing pursuant to art. 21 of the GDPR
You have the right to object at any time to the processing of personal data relating to you, on grounds relating to your particular situation, in cases where the processing of your data is necessary (1) for the performance of a task carried out in the public interest and/or in the exercise of official authority vested in Quintetto; (2) for the pursuit of a legitimate interest of Quintetto or a third party; (3) for profiling activities carried out by Quintetto on the basis of the preceding points.
You also have the right to object to the processing of your personal data on grounds relating to your particular situation where the data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
PROCEDURE FOR EXERCISING OF THE DATA SUBJECT’S RIGHTS
The data subject may exercise the rights listed above by means of a request to be sent by e-mail to the address email@example.com.
Quintetto shall acknowledge receipt of your request and provide you with information on the action taken, with reference to the exercise of your rights provided for in Articles 15 to 22 of the GDPR, within 1 (one) month of receipt of the request. If necessary and taking into account the complexity and number of requests, Quintetto may extend this period by 2 (two) months, subject to a reasoned communication to be sent within 1 (one) month of receipt of the request.
Quintetto shall communicate any rectification, cancellation, restriction or opposition to all recipients, as identified in Article 4, paragraph 1, no. 9 of the GDPR, to whom such data has been transmitted, unless this proves impossible and/or involves a disproportionate effort.
Following the sending of your request for rectification, cancellation, restriction or opposition, if Quintetto has reasonable doubts about your identity, it will request further information to confirm it. These communications shall be sent by email from the aforementioned address and shall be processed by the person specifically authorised for this purpose.
In the event that Quintetto does not comply with your request within 1 (one) month from receipt of the request, the latter will inform you of the reasons for non-compliance, informing you as of now of your right to lodge a complaint with the Supervisory Authority (Garante per la protezione dei dati personali), as specified pursuant to Article 13, paragraph 2, letter (d) and governed by Articles 77 et seq. of the GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.