INFORMATIVA SUL TRATTAMENTO DI DATI PERSONALI
PRIVACY POLICY
This information notice is prepared in accordance with Articles 13 et seq. of EU Regulation 2016/679 (hereinafter also GDPR) and contains important information on the processing of your Personal Data. The data controller informs you that it will process your Personal Data in compliance with the Privacy, Personal Data Protection Regulations and the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity, confidentiality.
Therefore, in relation to the above, the data controller provides the following information.
DATA CONTROLLER
The data controller is Easytech S.r.l., Via della Fangosa 32 50032 Borgo San Lorenzo Firenze, Italy C.F. 04617270485 P. IVA 01695620979, info@easytechitalia.com, Telephone: 055 845 5216, in the person of its president.
PURPOSE, LEGAL BASIS OF THE PROCESSING AND NATURE OF THE CONFERMENT
The Personal Data you provide through the Website will be processed by the controller for the following purposes:
2.1. Website navigation. Art. 6(1)(f) and recital 47 of the GDPR: processing is necessary for the purposes of pursuing the legitimate interests of the data controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data are not overridden, having regard to the reasonable expectations of the data subject based on his or her relationship with the data controller. Activities strictly necessary for the operation of the website and the provision of the platform navigation service, therefore, the provision is necessary.
2.2. Contact request via the Contact form. Art. 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request. The provision of personal data necessary for the provision of the services requested by the Data Subject is necessary. Failure to provide the data will make it impossible to obtain what has been requested or to use the services of the data controller.
2.3. Soft-spam activity. In the context of a purchase through the Website, in order to allow the direct offer by the Data Controller of products similar to those already purchased, provided that you do not object to such processing in the manner set out in this Policy. The legal basis of the processing is the legitimate interest of the Data Controller, which may be deemed equivalent to the interest of the data subject in receiving ‘soft-spam’ communications pursuant to Article 130, paragraph 4, of Legislative Decree No. 196/2003, as amended.
2.4. For the performance of the Newsletter activity. The data subject has given consent to the processing of his/her personal data (ex art. 6, par. 1, lett. a GDPR). Consent revocable at any time (without prejudice to the processing carried out until such revocation).
2.5. For the performance of Marketing activities. The data subject has given his or her consent to the processing of his or her personal data (pursuant to Art. 6(1)(a) GDPR). Consent revocable at any time (without prejudice to the processing carried out until such revocation).
2.6 Organisational management of the contractual relationship, including payments and invoicing. ex Art. 6 para. 1 lit. b GDPR: the performance of a contract to which the data subject is a party.
2.7 Fulfilling legal, accounting, administrative and tax obligations. ex art. 6 par. 1 lett. c GDPR: the fulfilment of legal obligations to which the data controller is subject.
RECIPIENTS OF PERSONAL DATA
The processed data will not be disclosed to third parties. The following may become aware of your data, in relation to the processing purposes set out above: a) subjects who may access the data by virtue of legal provisions provided for by the law of the European Union or by the law of the Member State to which the data controller is subject; b) subjects appointed by the data controller as authorised processors pursuant to Art. 29 GDPR and art. 2-quaterdecies of Legislative Decree 196/2003 and subsequent amendments and additions; c) persons who process data on behalf of the data controller who have been appointed, by contract or other legal act, as data processors pursuant to art. 28 GDPR.
TRANSFER OF PERSONAL DATA
The management and storage of personal data will take place on servers located within the European Union and, therefore, your personal data will not be transferred to countries outside the European Economic Area. However, should it be necessary to move the location of the servers, the data controller ensures that the transfer of data outside the European Economic Area will take place in compliance with the law and by entering into agreements, if necessary, that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
PERSONAL DATA RETENTION PERIOD
Your personal data will be retained for the period necessary to pursue the purposes related to the point entitled ‘PURPOSES OF THE PROCESSING’ of this policy. Specifically, they will be processed for a period of time equal to the minimum necessary in accordance with Recital 39 of the GDPR, without prejudice to a further retention period that may be imposed by law pursuant to Recital 65 of the GDPR.
RIGHTS OF THE DATA SUBJECT
You, or a person delegated in writing, may exercise the following rights: a) the right of access under Art. 15 of EU Reg. 2016/679; b) the right of rectification under Art. 16 of EU Reg. 2016/679; c) the right to be forgotten under Art. 17 of the EU Reg. 2016/679; d) the right to restriction of processing when one of the cases provided for in Art. 18 of the EU Reg. 2016/679 is applicable; e) the right to request certification that the operations carried out pursuant to Articles 16, 17 and 18 of the EU Reg. EU 2016/679 have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate use of means compared to the protected right; f) the right to data portability provided for by Art. 20 of the EU Reg. 2016/679; g) the right to object to the processing of personal data provided for in Article 21 of the EU Reg. 2016/679; h) the right to withdraw consent at any time, as set out in Article 7 of the EU Reg. 2016/679.
COMPLAINT AND JUDICIAL REDRESS
You may, in addition to the above, exercise: a) the right to lodge a complaint pursuant to Art. 77 GDPR; b) the right to judicial review pursuant to Art. 79 GDPR.
Should you wish to exercise your rights as provided for by law or consult the list of data processors, you may contact one of the contacts listed in point 1 of the information notice entitled ‘DATA CONTROLLER’.
In any event, the data controller remains available at all times for any need and, in the event that the processing should be modified with respect to what is described above, the data controller will immediately provide an updated information notice.