PRIVACY NOTICE PURSUANT TO ART.13 GDPR 679/2016
Dear Data Subject, we hereby inform you that, for the establishment and execution of contractual, pre-contractual and/or economic relationships with you in progress, the undersigned may acquire some information considered 'Personal Data' by EU Privacy Regulation 679/2016 as specified below. The law in question requires that anyone who processes personal data must inform the data subject about which data are processed and certain qualifying elements of the processing. It must also be carried out with fairness, lawfulness and transparency, protecting your privacy and your rights. In compliance with this regulation and considering that transparency and fairness towards customers are fundamental to our business, we provide you with the following information:
Joint Data ControllersThe Joint Data Controllers of your personal data are:
Italian Style Network APS - Via E.Agnoletti, 8 - 50052 Certaldo (FI) - VAT 07412500485 - Tel. +39 3883281713 - Email: info@italianstylenetwork.it - Legal Representative: Federico Basili
Your data may also be communicated to our External Data Processors to whom we entrust certain processing activities, such as professionals or firms handling our accounting, providing tax consultancy, etc. The complete list of processors and the processing activities and data entrusted to them can be obtained by requesting it from the Data Controller at the above contacts. They will process your data according to our instructions and you can contact them at the indicated references for information.
Nature and category of data processedWe process your personal and contact data for sending our information. We may also use your image to publish it as a reference on our websites, magazines or otherwise as specified below. We do not process any data qualifying as sensitive (art. 9 EU Regulation 2016/679).
Purpose of processingPurpose of processing means the reason, the aim for which the data are collected. Depending on these purposes, in some cases it is necessary to obtain your prior consent in order to proceed with their collection and subsequent processing. Where necessary, these will be detailed in a consent request form, where you can freely grant it for all or only some. Below is a summary of the purposes for which your data are used together with the relevant legal basis:
| . | Purpose | Legal Basis | |
|---|---|---|---|
| 1 | Management of accounting and administrative obligations | Keeping accounting records Tax and accounting obligations Treasury or accounting management |
- Member State Law (Tax and Administrative Law) |
| 2 | Customer management | Customer administration, contract administration, orders, shipments and invoices, reliability and solvency checks | - European Union Law (GDPR 2016/679) - Civil Code |
| 3 | Supplier management | Supplier administration, contract administration, orders, arrivals, invoices, selection according to company needs | - European Union Law (GDPR 2016/679) - Civil Code |
| 4 | Litigation management | Contractual defaults, warnings, settlements, debt collection, arbitration, legal disputes | - Member State Law (Tax and Administrative Law) - Civil Code |
| 5 | Promotional activities | Promotional and direct marketing activities by electronic means (sms, mms, fax, etc.), sending information and/or advertising material by email or traditional means such as operator phone calls, postal mail. | - European Union Law (GDPR 2016/679) - Consent (Art.6 GDPR) |
Data will not be processed for purposes other than those indicated above. Should this occur, we will provide you with detailed information regarding such different purposes. |
Data processing is mainly carried out in an automated form with procedures suitable to guarantee their security and confidentiality, even when using technologically advanced means such as the internet. The data processed will be strictly necessary in relation to the purposes.
Recipients and/or possible categories of recipients:Your data may be communicated by us, meaning made known to one or more specific subjects, to the following recipients or groups of recipients
- to subjects who may access the data by virtue of legal, regulatory or EU provisions, within the limits established by such rules
- making available the archives, in which your data are also stored, to the maintainers of our information system and/or the software we use, in case of their failures or security problems, for the time strictly necessary to restore functionality.
- to companies/external consultants to whom we entrust certain processing operations as specified in the 'Data Processors' section
- to internal subjects who may become aware of your data, as data processors or persons in charge of processing, appointed by the undersigned data controller
Your data will not be disseminated by us, meaning made known to unspecified subjects in any way, including by making them available or consulting them.
Transfer of data outside the EUYour personal data may be transferred to non-EU countries as a result of using IT services that may rely on IT facilities located in such countries. The data subject is assured that the transfer can only take place in such circumstances and will be preceded by a check of the guarantees that such provider offers regarding their confidentiality and integrity.
| LEGAL BASIS FOR DATA TRANSFER Derogations in specific situations (art 49) | ||
| Explicit consent of the data subject | The data subject has explicitly consented to the proposed transfer, after being informed of the possible risks of such transfers for the data subject, due to the lack of an adequacy decision and appropriate safeguards | X |
| Performance of a contract between data subject and controller | The transfer is necessary for the performance of a contract concluded between the data subject and the controller or for the implementation of pre-contractual measures taken at the data subject's request | X |
| Performance of a contract between data subject and another person for the benefit of the data subject | The transfer is necessary for the conclusion or performance of a contract concluded between the controller and another natural or legal person for the benefit of the data subject | |
| Reasons of public interest | The transfer is necessary for important reasons of public interest | |
| Exercise of rights in court | The transfer is necessary to establish, exercise or defend a right in court | |
| Vital interests of the data subject | The transfer is necessary to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent | |
| Transfer from a register accessible to anyone with a legitimate interest | The transfer is made from a register which, under Union or Member State law, is intended to provide information to the public and can be consulted both by the general public and by anyone who can demonstrate a legitimate interest, only provided that the conditions for consultation laid down by Union or Member State law are met | |
| Indicate how to obtain a copy of such data and/or where they are made available (information to be given to data subjects) | Request the data from the joint controllers by email or post at the addresses indicated above |
Data relating to regulatory tax obligations (keeping accounting records, tax obligations) will be kept for 10 years from the date of termination of contracts with customers and suppliers (art. 2220 civil code which provides for the retention of accounting records for 10 years; art. 22 of Presidential Decree 29 September 1973, n.600).
For potential customers/suppliers for whom there has never been a sale or purchase, they will be kept for 2 years from the date of entry into the database.
Data for marketing purposes will be kept for 2 years. At the end, they will be deleted or consent will be requested again.
We also inform you of the existence of certain rights that you may exercise if you believe that the processing we carry out is in violation of the Regulation:
- you have the right to request from the data controller access to your personal data (Art.15) and rectification (Art.16) or erasure (Art.17) or restriction of processing concerning you (Art.18) or to object to their processing (Art.21)
- if you have given consent for one or more specific purposes, you have the right to withdraw such consent at any time (Art.13 para.2 letter c)
- you have the right to lodge a complaint with the Data Protection Authority (Art.77) or to take appropriate legal action (Art.79)
The provision of data for the purposes indicated in the 'Purpose of Processing' section from points 1 to 4 is necessary for the conclusion of the contract and for the provision of the requested services. In addition, their communication is a legal obligation to comply with all tax and accounting obligations required by current legislation. In their absence, it will not be possible to proceed with their provision. For these purposes, your prior consent is not required as provided for by Art.6 paragraph 1 letters b) and c) (for common data) of EU Regulation 2016/679.
The provision of data for the purposes indicated in the 'Purpose of Processing' section at point 5 is optional and is at the discretion of the data subject. It will have no consequences regarding the provision of the requested service. For these, pursuant to art. 6 letter a) of EU Regulation 2016/679, your prior consent is required.