Privacy Policy

1. IDENTITY OF THE DATA CONTROLLER. CONTACT DETAILS

In compliance with the obligations prescribed by Article 13 of the European Regulation 2016/679 (General Data Protection Regulation, hereinafter "GDPR") and the current national legislation on "the protection of natural persons with regard to the processing of personal data and the free movement of such data," the company Studio C.E. di Cristian Errati e C. sas based in Strada della Bassa 36 - 46048 Roverbella, TAX IDENTIFICATION NUMBER AND VAT NUMBER 02044130207 (hereinafter "the Owner"), who can be contacted for these purposes at e-mail: info@lachiusina.it in view of the importance it recognizes to the protection and security of the personal data conferred by the user (henceforth, in terms of GDPR, "Data Subject", in this category including, in addition to natural persons, also legal persons) to whom such data are referred, directly or indirectly, through the website of the Owner and/or through its other multimedia channels of contact (by way of example only mailing service newsletter, sms, whatsapp, etc...) provides you with the following information.

With access by browsing the website, or other contact with the Data Controller, the Interested Party assumes all responsibility in relation to the availability and truthfulness of the data provided, which will be processed in accordance with principles of lawfulness, correctness, transparency, minimization, accuracy, integrity and confidentiality, collected for purposes determined explicit and legitimate purposes and subsequently processed in a manner that is not incompatible with those purposes, as well as stored in a form that permits the identification of the Data Subjects for a period of time not exceeding the achievement of the purposes for which they are processed, unless they need to be stored for a longer period of time, due to legal obligation or by order of an Authority.

2. Navigation data

The computer systems and software procedures responsible for the operation of this site as well as by the multimedia contact channels used by the Owner, acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified, through processing and association with other data held by third parties.

3. DATA DISCLOSED BY THE USER

The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller, private messages sent by users ("Interested Parties") to promotional profiles/pages on social media (where this possibility is provided), as well as the completion and submission of forms on the Data Controller's website, entail the acquisition of the sender's ("Interested Party") contact data necessary to respond, as well as all personal data included in the communications and/or possibly related to the promotional purposes of the Data Controller shared by the Interested Party.

These are personal data that do not belong to special categories (such as, for example, name, surname, telephone and e-mail address, etc.), given by the same data subject to enable his or her identification, and/or the acquisition of contractual and/or pre-contractual information.

4. PURPOSE AND LEGAL BASIS

The processing of personal data referring to the Data Subject, as acquired automatically or voluntarily given when accessing the contact services or through links to the e-mail address of the Data Controller, where applicable, is carried out to implement pre-contractual or contractual measures (art. 6, par.1, lett. b of the GDPR), or to enable the maintenance of the site and/or other communication channels, ensure security, check its proper functioning and obtain statistics in relation to its use (art. 6, par.1, lett. f of the GDPR), or for the pursuit of the direct or indirect promotional purposes of the Data Controller in case of consent freely and specifically given by the Data Subject (art. 6, par.1, lett. a of the GDPR).

Where provided prior express consent, the data provided by the Interested Party have the character of optionality and therefore consent with respect to the processing of the same may be denied or revoked by the interested party at any time and with the same ease with which it is granted, without affecting the lawfulness of the processing carried out prior to the revocation, with the consequence that the failure to provide and/or revocation of consent to the processing of such data will not prevent access to the service by the Interested Party (c.so-called "user") but the Controller will not be able to send its commercial communications, allow access to any dedicated benefits and/or personalize the forwarding of the same.

In any case, the processing of all personal data described above may be carried out for the management and execution of the fulfilments required by current legislation (accounting, administrative, tax, etc.), or for the management of disputes and possible litigation (art. 6, par.1, lett. c and lett. f of the GDPR).

5. MODE OF PROCESSING AND RETENTION TIME

The processing of all the aforementioned data will take place in a predominantly automated form, with logics strictly related to the aforementioned purposes, by means of directly managed archives and/or integrated systems of a paper and/or computer nature and/or websites owned by or in use by the Data Controller and for it by specifically trained and authorized individuals (Art. 28, par. 3, lett. b and 29 of the GDPR) or designated (art. 2 quaterdecies D.Lgs. 101/2018), or by third parties appointed as Data Processors pursuant to art. 28 of the GDPR, to consult the list of which the data subject may contact the Data Controller at the contact addresses indicated above.

The Data Controller has taken appropriate security measures against the risk of loss, misuse or alteration of such data through the adoption of technical and organizational measures appropriate to the risk and referred to in Article 32 of the aforementioned GDPR, with the adoption of protected data transmission protocols (known as http or https), and storage on servers located in the territory of the European Union, subject to an advanced back up and disaster recovery system, protected by firewalls, with strict restriction of access to personal data as necessary and for the purposes communicated only.

The personal data provided by the Data Subject or otherwise processed by the Data Controller are saved for the time necessary to fulfill the specific purposes, i.e., for a period of time not exceeding 12 months after the date on which the service is provided (exclusively to comply with the same) or the revocation of consent in the case of processing carried out for promotional purposes of the Data Controller. In any case, no longer than 5 years from the automatic or voluntary conferment, except for possible regulatory obligations of preservation and/or the need to ascertain crimes by the Judicial Authority.

6. RIGHTS OF INTERESTED PARTIES

The Interested Parties have the right to obtain, in the cases provided for, access to their personal data, rectification, cancellation of the same, restriction of the processing that concerns them or to oppose the processing, for this purpose by contacting the Data Controller at the addresses indicated in point 1 and expressing their willingness to exercise the rights provided for in Articles 15-22 of the GDPR fully consultable at www.garanteprivacy.it/regolamentoue, within the limits and conditions stipulated therein.

Finally, in accordance with Articles 77 and 79 of EU Reg 2016/679, the Data Subject has the right to seek judicial redress, without prejudice to any other available administrative or extrajudicial remedy, including the right to lodge a complaint with a Supervisory Authority (Garante per la protezione dei dati personali, Piazza Venezia n. 11 - 00187 Roma, www.gpdp.it - www.garanteprivacy.it, e-mail: garante@gpdp.it, Fax: (+39) 06.69677.3785 Telephone switchboard: (+39) 06.69677.1).

The Data Controller reserves the right to make changes at any time to this Policy, with binding effects from the date of its publication, giving information on this page which therefore may be subject to updates over time, also in compliance with European and national regulations on the subject. Users (Interested Parties) are therefore invited to constantly check the content of the Policy in order to ensure that they agree with any changes (taking as reference the date of last modification indicated at the bottom of the same), being obliged to cease browsing the website and respectively the use of the service provided through the other communication channels of the Data Controller in the case of non-acceptance of the same.

Last modified 6/21/2024