INFORMATION ON THE PROCESSING OF USERS’ PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 (“GDPR”)
|HOLDER OF THE TREATMENT||GORILLA S.r.l. with registered office in Rome, Via Giuseppe Mercalli 13
VAT number: 16213181007
|DATA PROTECTION OFFICER (DPO)||E-mail firstname.lastname@example.org
|Categories of data processed||common data: master data- data|
|Minimum data protection measures:||The server operating system, in which the web application and database is allocated, is installed on a cloud-based hardware infrastructure provided by the company Serverplan s.r.l. that can guarantee high levels of integrity, availability and confidentiality of information|
|Purpose of the processing||Legal basis of the processing||Data retention period||Consequences of refusal to provide data||Recipients of the data||Subjects authorized to process|
· Send, by e-mail, the informative communications (“Newsletter”) of the Data Controller to those who explicitly request it, by entering their e-mail address in the appropriate data collection form.
Registration will allow the Data Controller to manage the information and respond to your requests, including cancellation.
· Description and promotion of the service to potential customers.
|Implicit consent in filling out the form||The data collected will be kept until you ask to unsubscribe from the newsletter service. After this deadline, it will be destroyed or made anonymous compatibly with the technical procedures of cancellation and backup.||Failure to fill out the form will make it impossible to send the newsletter||The Data Controller;
The data can be communicated to subjects operating as data controllers (such as, by way of example, supervisory and control authorities and any public entity entitled to request the data) or
processed, on behalf of the Data Controller, by persons designated as Managers, who are given adequate operating instructions (such as, by way of example, companies that perform the management and / or maintenance service of the Websites of the Joint Data Controllers and information systems; companies that offer e-mail sendingservices, companies that perform tasks of couriers and / or intermediaries to the sale).
|The data may be processed by employees of the company functions responsible for pursuing the purposes indicated above, who have been expressly authorized to process and who have received adequate operating instructions.|
|2||Execution of the Contract:
The processing of your personal data is necessary for the acquisition of preliminary information for the conclusion of the contracts you will enter into with the Data Controller, for the completion and execution of the contract
|The contract||10 years after the last invoice was issued||Failure to provide data will make it impossible for the company to follow up on your pre-contractual / contractual requests, to provide the service and / or perform the contract|
|3||Shipping of the order||The contract||The Data Controller will process your personal data exclusively for the time necessary to manage the existing contract between you and the Data Controller. In any case, your personal data will be kept for a maximum period of 10 years from the termination of the contract||Failure to provide the requested data will make it impossible for the Data Controller to continue with your registration on the Site.|
registration and access to the reserved area
Your personal data may be used by the Data Controller to satisfy your request for registration on the Site and to be able to provide you with the services connected to the reserved area of the Site.
Registration within the web platform
Sending requests through web platform tools.
Your personal data may be processed by the Data Controller to satisfy your requests made by writing to one of the e-mail addresses available on the Site or by filling out the registration and / or contact forms on the Site
|The contract||The data collected for this purpose will be processed for the time strictly necessary to satisfy your request and subsequently kept for 10 years after the request is processed||Failure to provide the requested data will make it impossible for the Data Controller to execute your request.
Mandatory retention of documents to comply with legal obligations such as
contracts, documents, invoices prescribed by the legal system
|Legal obligations||Your personal data will be processed for this purpose for the time necessary for the fulfillment of the legal obligations established by current legislation. In this regard, your personal data will be kept for 10 years from the termination of the contract or, if later, from a binding decision issued by an authority competent to do so (for example, court ruling), without prejudice to any retention obligations relating to particular categories of data, for longer periods of time, prescribed by the legal system||Failure to provide the data will prevent the Data Controller from performing the activity requested by you and which presupposes the fulfillment of the legal obligation by the Data Controller itself.|
Direct marketing, promotion and sale of products and services through the use of the results of the analysis activity Marketing conducted for legitimate interestThe Data Controller intends to process your personal data in order to send you commercial communications of products and services of the Data Controller, including direct marketing conducted using the results of the analysis or profiling activity, as well as proceed with direct sales and the carrying out of surveys or market research. The processing involves the processing of data for the simple purpose of sending the user communications regarding additional features, products and services offered strictly related to the relationship between the parties. The processing of personal data is necessary for the legitimate interests pursued by the Data Controller. These legitimate interests include the case of sending the user promotional material about its products and services. The Data Controller believes that the user has a reasonable expectation that this type of data processing will be carried out. The interested party, in fact, cannot but expect that the Data Controller does not carry out a processing of his personal data precisely because this is aimed at pursuing a legitimate interest. This evaluation is recognized by law in Recital no. 47 of the GDPR and is placed at the basis of the Treatment in question, only following an appropriate balancing of the interests and rights involved. In fact, the Data Controller believes that the processing in question aims to strengthen a direct and lasting relationship with the customer and that this interest is prevalent.
|legitimate interest||Your personal data, processed as described, will be deleted within 12 months from the dissolution of the last contractual bond with the Data Controller. If you decide to withdraw your consent or to object to the processing, your personal data will be deleted within 30 days of the request.||Failure to provide data will not affect the satisfaction of your requests and the execution of contracts but will make it impossible for the Data Controller to send you marketing communications.|
|The rights of the interested parties (where applicable)
In relation to the data subject to the processing referred to in this statement, the interested party is recognized at any time the right to:
|How to exercise the right|
|A||Access (Article 15 of EU Regulation no. 2016/679);||the interested party may request the exercise of his rights by writing an email to the address email@example.com or by registered letter to the address:
Via Giuseppe Mercalli 13
00197 Roma RM
|B||Rectification (Article 16 of EU Regulation no. 2016/679);|
|C||Cancellation (Article 17 of EU Regulation no. 2016/679);|
|D||Limitation (Article 18 of EU Regulation no. 2016/679);|
|and||Portability, understood as the right to obtain from the data controller the data in a structured format of common use and readable by automatic device to transmit them to another data controller without impediments (Article 20 of EU Regulation no. 2016/679);|
|F||Opposition to processing (Art. 21 EU Regulation No. 2016/679);|
|G||Withdrawal of consent to processing, without prejudice to the lawfulness of the processing based on the consent acquired before the revocation (Article 7, paragraph 3 of EU Regulation no. 2016/679);|
|H||Propose a complaint to the Authority for the Protection of Personal Data (Article 51 of EU Regulation no. 2016/679).||The information to lodge a complaint with the guarantor is available at: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524|