Extended information on the processing of Personal Data pursuant to articles 12 ess. of EU Regulation 2016/679.
The EU Regulation 2016/679 on the protection of Personal Data (hereinafter “Regulation”) governs the rules relating to the protection of Personal Data of natural persons, as well as the rules relating to the free circulation of such data.
This document sets out the methods and purposes of the processing of Personal Data by the VAT number Ariaramnes of Farahmand Babellahi based in Viale Giovanni Falcone 44, Parma 43122, PR, which pursuant to art. 26 of the Regulation is the VAT number “Owner” of the data processing (hereinafter “Owner”), as well as any further mandatory information pursuant to the Regulation.
The user is invited to carefully read this Information to fully understand on what basis Personal Data is collected, how it is used, stored and to whom it is disclosed.
For the above, it should be noted that, on the basis of art. 4 of the Regulation, for:
– “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”);
– “Treatment” means any operation or set of operations, carried out with or without the aid of automated processes such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction , consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction applied to Personal Data;
– “Data Processor” or “Data Processor” means any person authorized to process personal data under the direct authority of the Data Controller.
- PURPOSE OF THE TREATMENT
Personal Data is provided by the interested party in the context of the relationship with the Data Controller.
Personal Data may include name, address, place of residence, gender, date and place of birth, e-mail address, landline and mobile number, other contact details, information provided by the interested party regarding their habits, situation professional, to the methods of use of the site, including the information collected through cookies.
The Personal Data is provided and processed by the Data Controller for contractual purposes, ancillary to the performance of the relationship, for the fulfillment of the law and/or regulations and for other purposes are specified in detail below:
- a) Establishment and execution of contractual relationships and consequent obligations
The Data Controller may process the Contact Data for the purpose of establishing and executing contractual relationships, the provision of the services requested, the response to reports and complaints and to provide information relating to the service.
- b) Management for access to the website
Contact data and website usage data are collected to allow access and management of the Personal Area.
- c) Marketing
The Data Controller may process the Data for marketing and advertising communication purposes such as, for example:
– customer satisfaction surveys in order to improve subsequent experiences;
– communications with automated contact methods (e-mail, newsletters, social media, automated telephone calls, sms, mms or other electronic means) and traditional (paper mail, telephone with operator) containing information relating to the organization of activities, events, shows also through third party partners, which may be of interest to you;
– communications containing information and/or advertising material on products or services offered by the Data Controller in order to offer the user advice and information;
– communications containing information and/or advertising material on products or services offered by subsidiaries and/or associated companies of the Data Controller or with which the Data Controller may enter into partnership agreements, operating in the following sectors: publishing, mass consumption, distribution, finance, insurance , automotive, services and to humanitarian and charitable organizations, as well as telecommunications.
- d) Profiling purposes
The Data Controller may process the Data for the creation of profiles and for the analysis of the interested party’s consumption habits or choices based on the details of the purchases as well as the data provided directly by the interested party.
- e) Methods of payment
In order to be able to offer you Nexi payment, your personal data will be transmitted to Nexi at checkout in the form of contact details and order details, so that Nexi can assess the user’s suitability for its payment methods and customize these methods of payment. The user’s personal data will be treated in line with Nexi’s privacy policy.
- METHODS OF TREATMENT
In compliance with the provisions of art. 5 of the Regulation, Personal Data will be processed lawfully and correctly; in a manner of transparency and clarity towards the interested party; collected and recorded for specific, explicit and legitimate purposes, and subsequently processed in terms compatible with these purposes, adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed; will be reported accurately and, if necessary, updated.
The Personal Data will be processed by the Data Controller with automated and non-automated tools according to logic strictly related to the aforementioned purposes and, in any case, in order to guarantee the security and confidentiality of the data.
They may have access to Personal Data for the purposes referred to in art. 1 the Persons in charge of the treatment specifically appointed by the Data Controller.
- PROVISION OF PERSONAL DATA
The provision of Personal Data is mandatory to manage the contractual relationship and to respond to requests for information. Any refusal by the interested party makes it impossible to carry out the purposes referred to in point n. 1 letters a) and b).
The provision of Personal Data for the purposes referred to in letters c) and d) – Marketing, profiling and third party marketing purposes – is optional.
Pursuant to article 6, letter a) of the Regulation, the Data Controller will process the data provided for each individual purpose only if expressly and specifically authorized by the interested party. Any refusal or the provision of inaccurate and/or incomplete information could prevent the carrying out of the activities indicated therein, but will not prevent the execution of the contractual relationship and will not affect the lawfulness of the treatment based on the consent given before a possible revocation of the treatment .
For the purposes stated above, where necessary, consent for the processing of Personal Data may be requested and expressed through appropriate selection signs.
Consent can be revoked at any time.
- CONSERVATION OF PERSONAL DATA
In compliance with the provisions of art. 5 of the Regulation, the Personal Data being processed are stored in such a way as to allow the identification of the interested party for the time necessary for the execution of the contract and in compliance with the time limits indicated by the applicable legislative and regulatory provisions.
It is understood that, once the purpose of the processing has been exhausted or in the event of exercising the right to oppose the processing or withdraw the consent given, the Data Controller will in any case be entitled to further store the Personal Data processed for a maximum period of 10 years from the cessation of the relationship for contractual and legal purposes, if any, in order to verify any outstanding issues including accounting documents.
The Data provided and processed solely for the purposes of profiling, marketing and third party marketing referred to in paragraph 1 lett. c) and d) will be kept until the interested party requests to revoke his consent to the pursuit of the aforementioned purposes and in any case no later than 24 months from the date of the last consent.
After this period, the data will be canceled and/or made anonymous so as not to allow, even indirectly or by linking other databases, to identify the interested parties.
The electronic storage of Personal Data takes place in servers located within the European Union capable of guaranteeing an adequate level of security. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
- DISCLOSURE OF PERSONAL DATA
Personal Data cannot be disclosed to third parties without the express consent of the interested party.
- RIGHTS OF THE INTERESTED PARTY
At any time, the interested party can exercise all the rights that are expressly recognized by the Regulation, as indicated below:
– Right to obtain the indication of the identification details of the Data Controller, of the data processors and of the subjects or categories of subjects to whom the Personal Data may be communicated;
– Right to information: right to receive clear, transparent and easily understandable information on how to use Personal Data and rights;
– Right of access: right to obtain access to Personal Data if such data are being processed, so that the user is aware and can verify if the Personal Data is used in accordance with the Regulation
– Right of rectification: right of integration, updating or rectification of information in case of inaccuracy or incompleteness;
– Right of cancellation: allows you to request the cancellation or removal of data where there is no valid reason to continue using them;
– Right to restrict data processing: right to inhibit further use of the information. When data processing is restricted, information may be kept but not used;
– Right to data portability: right to obtain and reuse Personal Data in different services by moving, copying or transferring information between company IT systems in a safe and secure way;
– Right to object to processing: right to object to processing for direct marketing purposes;
– Right to lodge complaints: right to lodge a complaint on the ways in which the Data Controller processes or processes Personal Data with the National Guarantor Authority;
– Right to withdraw consent: if the Data Controller has given his consent to carry out any activity with his Personal Data, he has the right to withdraw this consent at any time.
- OWNER AND MANAGER OF THE TREATMENT
The Data Controller is VAT number Ariaramnes di Farahmand Babellahi, with headquarters in Viale Giovanni Falcone 44, Parma 43122, PR, VAT number: 03030690345
PEC: farahmand.babellahi@pec.it
- COMMUNICATIONS AND EXERCISE OF THE RIGHTS OF THE INTERESTED PARTY
To exercise the rights referred to in paragraph 6, the interested party can contact the internal data processor at any time, alternatively sending:
– a registered letter with return receipt to: P.IVA Ariaramnes di Farahmand Babellahi, with headquarters in Viale Giovanni Falcone 44, Parma 43122, PR, P.Iva : 03030690345
— a PEC to the address: farahmand.babellahi@pec.it
– an email to the address: info@ariaramnes.com