Information on the processing of personal data pursuant to Articles 12 et seq. EU Regulation No 2016/679 (“GDPR”)
please note that this information pursuant to art. 12 and following EU Reg. 2016/679 refers exclusively to the processing of personal data relating to the website https://www.quintetto.it/ and does not extend to third party sites that can be accessed through links on our website.
Data Controller and contact details
Via Risorgimento n° 33
11020 Nus (AOSTA)
VAT : 01086580071
QUINTETTO S.R.L., in its capacity as Data Controller, pursuant to art. 12 and following EU Regulation 2016/679, informs you that it will process your personal data only for the purposes and in the manner specified below and in compliance with the fundamental principles set out in art. 5 EU Regulation 2016/679 (lawfulness, correctness, transparency, limitation of purposes and storage, data minimisation, accuracy, integrity and confidentiality).
The Data Controller undertakes to ensure the adoption of appropriate technical and organizational security measures in order to preserve the integrity and confidentiality of data and to ensure the protection of the rights and freedoms of the persons concerned.
DATA SUBJECT TO PROCESSING
- A) Navigation data: during navigation, certain data are automatically collected, the transmission of which is implicit in the use of internet communication protocols. These data include, for example, log data, IP addresses, date and time of access, addresses in URI (Uniform resource identifier) notation, unique device identification codes, type of browser used (e.g. Firefox, Safari or Internet Explorer).
The processing of such data is carried out in order to allow correct navigation on the site, the use of applications, to ensure better navigation on the site and better usability of the services offered as well as to carry out statistical analysis on the use of our website, to verify the correct functioning of the site and improve the quality and relevance of the services offered by the site itself.
The data relating to navigation logs may also be processed to prevent and/or ascertain computer fraud and/or other computer crimes.
- B) Cookies
- C) Personal data provided voluntarily by the user
In case of optional, explicit and voluntary sending of e-mail messages to the addresses indicated on this site, the sender’s e-mail address will be acquired, necessary to respond to the requests made, as well as any other personal data provided in the communication sent. Such data will be processed exclusively for the purpose of processing the request submitted and will be kept for the time necessary to provide the requested service and to handle any disputes.
PURPOSES OF PROCESSING
The data may be processed for the following purposes:
- respond to any requests made by sending e-mail messages and/or other communication tools. Legal basis: art. 6 par. 1 letter b) EU Reg. 2016/679;
- to comply with obligations provided for by law, or by a regulation, Community legislation or an order of the Authority (e.g. tax obligations, administrative obligations, etc.). Legal basis: art. 6 par. 1 lett. c) Reg. UE 2016/679;
- ascertain, exercise or protect the rights of the Data Controller in judicial or administrative proceedings. Legal basis: legitimate interest of the data controller (art. 6 par. 1 lett. f) EU Reg. 2016/679).
OPTIONAL OR OBLIGATORY NATURE OF THE PROVISION OF DATA
The data provided voluntarily by the user through the sending of e-mail messages or other communication tools are optional, however, failure to provide them could make it impossible to respond to requests made by the user.
COMMUNICATION AND DATA TRANSFER
Within the scope of its activity and for the purposes indicated above, the Data Controller may make use of authorised data processors or of services provided by third parties who operate on behalf of the Data Controller and according to its instructions, also as Data Processors pursuant to art. 28 EU Reg. 2016/679.
These subjects include, by way of example only, subjects providing services for the management and/or maintenance of the information system and telecommunications networks, subjects dealing with the management and/or maintenance of the website, hosting providers, companies or professional firms providing assistance and consultancy to the Data Controller, as well as other subjects carrying out outsourcing activities on behalf of the Data Controller. Your data can be made accessible to these subjects only after verification by the Data Controller of compliance with applicable legislation on the processing of personal data, as well as the adoption by these subjects of adequate technical and organizational security measures for the protection of the rights and freedoms of individuals concerned. Personal data may also be communicated to subjects, entities, bodies or authorities when communication is required by law or by order of the administrative or judicial authorities, as well as when communication is necessary to exercise, ascertain or defend the rights of the Data controller in court.
The personal data of the data subject will not be disclosed.
In order to pursue the above mentioned purposes, it may be necessary to transfer personal data to servers located in countries outside the EU. This transfer outside the EU may take place in compliance with applicable legislation and only after verification by the Data controller that the non-EU country receiving the transfer provides adequate security guarantees, such as the existence of adequacy decisions issued by the EU Commission (art. 45 EU Reg. 2016/679) or the existence of protection clauses and/or standard contractual clauses approved by the European Commission (art. 46 EU Reg. 2016/679).
DATA RETENTION PERIOD
DATA SUBJECT’S RIGHTS
– Revocation of consent. Where the processing is based on consent, the data subject may at any time withdraw the consent previously given, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
– Right of access (Art. 15 GDPR). The data subject has the right to obtain confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to them. At any time the data subject has the right to obtain access to the following information: the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data are or will be communicated, the storage period of the data, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, where the personal data are not collected from the data subject, any available information as to their source, the existence of automated decision making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
– Right of rectification (art. 16 GDPR). The Data subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him/her. The Data subject also has the right to have incomplete personal data completed.
– Right to erasure (“right to be forgotten”) (art. 17 GDPR). The Data subject has the right to obtain from the Data Controller the cancellation of personal data concerning him/her without undue delay.
– Right to restriction of processing (Art. 18 GDPR). The Data subject has the right to obtain from the data controller restriction of processing where one of the following applies a) the accuracy of the personal data
is contested by the data subject (limitation of the processing for the time necessary to verify the accuracy of the data); b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pursuant to art. 21 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
– Notification obligation regarding rectification or erasure of personal data or restriction of processing (art. 19 GDPR). The Data Controller shall notify any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
– Right to data portability (art. 20 GDPR). The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: (a) the processing is based on consent or on a contract; (b) the processing is carried out by automated means.
– Automated individual decision-making, including profiling (art. 22 GDPR). The Data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her
RIGHT TO OBJECT (art. 21 GDPR)
According to art. 21 GDPR, the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on the pursuit of a legitimate interest of the Data Controller, including profiling based on those provisions.
The data controller shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing, and the personal data shall no longer be processed for such purposes.
PROCEDURES FOR THE EXERCISE OF RIGHTS:
To exercise your rights, the data subject may contact the Data Controller (firstname.lastname@example.org) and/or the Data Protection Officer (email@example.com) directly.
Please note that it will be the Data Controller’s responsibility to verify that the data subject is entitled to exercise his or her rights, in accordance with applicable legislation. The Data Controller undertakes to respond to requests as soon as possible and in any case no later than 30 (thirty) days.
Pursuant to art. 77 EU Reg. 2016/679 the Data subject has also the right to lodge a complaint to the competent supervisory Authority (E-mail: firstname.lastname@example.org – Certified mail: email@example.com). if you believe that the processing of your personal data is carried out in a manner and/or for purposes contrary to current legislation.
MODIFICATIONS AND UPDATES: The Data Controller reserves the right to make changes or updates to this information notice, also on the basis of any changes in current legislation and/or the provision of new services on the site.