PRIVACY POLICY

/PRIVACY POLICY
PRIVACY POLICY 2018-05-24T16:29:25+00:00

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA

M. Gaspari S.r.l., with registered offices in Piazza della Repubblica 10, 20121 Milano, Tax Code and VAT Number 09727190960 (hereinafter, “Controller”), as Data Controller, wishes to inform in accordance with Art. 13, Italian Legislative Decree No. 196 of 30.6.2003 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your information will be processed with the following methods and for the following purposes:

1. Data subject to Processing
The Controller processes the personal identification data (for example, name, surname, company name, address, telephone, e-mail, bank and payment references) – hereinafter, “personal data”or also “data”) communicated by you at the time of the conclusion of agreements for the Controller’s services.

2. Purpose of the Data Processing
Your data is processed only subject to your specific and clear consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR), for the following Marketing Purposes:

  • to send you via e-mail, post and/or SMS and/or telephone, newsletters, commercial communications and/or advertising material on products or services offered by the Controller and survey of the satisfaction level of the quality of the services.

We wish to inform you that, if you are already our clients, we may send you commercial communications relative to services and products of the Controller similar to those that you have already used, unless you dissent (Art. 130 par. 4 Privacy Code). 

3. Processing methods
The processing of your personal data is carried out with the operations indicated in Art. 4 Privacy Code and Art. 4 no. 2) GDPR and specifically: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of the data. The processing of your personal data is done in  paper, electronic and/or automated form.

The Controller will process your personal data for the time necessary to fulfil all the aforementioned purposes and in any case for not more than 10 years following the termination of the relationship for Service Purposes and for not more than 2 years following the collection of the data for Marketing Purposes.

4. Access to the data
Your data may be made accessible for the purposes:

  • to employees and partners of the Controller or the companies in their capacity as employees and/or internal managers of the processing and/or system administrators.

5. Communication of the data
Your data will not be circulated.

6. Transfer of data
The personal data is stored on servers located in York (UK), within the European Union. It remains however understood that the Controller, should it become necessary, will have the right to move the servers also outside the EU. In that case, the Controller guarantees, as of now, that the transfer of the data outside the EU will take place in conformity with the applicable legal provisions, subject to the stipulation of standard contractual clauses required by the European Commission.

7. Nature of data provision and consequences of refusal to answer
The provision of the data for the purposes listed is mandatory. Without it, we will not be able to provide you with the Services).
The provision of the data for the purposes listed is instead optional. You can therefore decide not to provide any information or later refuse the possibility of processing data already provided: in that case, you will not receive newsletters, commercial communications and advertising material pertaining to the Services offered by the Controller. You will continue however to be entitled to the Services.

8. Rights of the interested party
In your capacity as interested party, you have the rights provided in Art. 7 Privacy Code and Art. 15 GDPR and specifically the right:

i. to obtain confirmation of the existence or otherwise of the personal data concerning you, even if not recorded yet, and their communication in an intelligible form.

ii. to be informed: a) of the origin of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning the data controller, data processors and the representative designated as per Section 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) of the entities or categories of entities to whom the personal data may be communicated or who may learn of the data as designated representative in the territory of the State, processors or employees.

iii. to obtain: a) the updating, correction or, where interested, the integration of the data; b) cancellation, anonymization or blocking of data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

  1. to object, in all or in part: a) for legitimate reasons to the processing of your personal data, even though pertinent to the purpose of the collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales material or to conduct market research or commercial communication, through the use of automated call systems without the intervention of an operation, through e-mail and/or through traditional marketing methods by telephone and/or postal service. We wish to point out that the interested party’s right to object as explained in the preceding point b), for direct marketing purposes by automated means extends to the traditional means and in any case the interested party retains to possibility of objecting even just in part. Therefore, the interested party can decide to only receive communications through traditional methods or just automated communications or neither of the two types of communication.

Where applicable, he/she also has the rights provided in Articles 16-21 GDPR (Right of correction, right of oblivion, right of limitation of processing, right of portability of the data, right of opposition), as well as the right to file a complaint with the Data Protection Authority.

9. Methods for exercising your rights
You may at any time exercise your rights by sending:

  • a registered letter with return receipt to M. Gaspari S.r.l. – Piazza della Repubblica 10, 20121 Milano.
  • an e-mail to the addressMAIL.

10. Controller, processor and employees
The Data Controller is M. Gaspari S.r.l. with registered office in Piazza della Repubblica 10, 20121 Milano.

The updated list of processors and those responsible for  data processing is kept at the registered office of the Data Controller.