we inform you that the processing of your personal data will be carried out in compliance with current legislation on privacy and will be based on principles of correctness, lawfulness, transparency and data protection. To this end, in compliance with the provisions of Article 13 of the 2016/679 European Regulation (GDPR), we indicate below the general information concerning the processing of personal data carried out through this website, further specific information will be presented where necessary directly on the web pages where data collection will take place in order to provide it with any type of service.
This information refers exclusively to the data of those who interact with the services accessible from the home page www.sartoriapirozzi.it (the site), without extending to other websites eventually reached by the user through the links on the site.
Contact details of the owner and the DPO
The data controller is Sartoria Pirozzi based in Viale Gramsci, 23, 80122 Naples.
The owner, in accordance with the GDPR, has appointed the Data Protection Officer (DPO), which you may contact to request explanations regarding this Disclosure or to exercise the rights provided by the legislation regarding personal data protection described in the following text. To contact the DPO you can use one of the following means:
- by email: firstname.lastname@example.org
- by ordinary mail: Viale Gramsci, 23, 80122 Naples
- 081 680076
For any communication to the DPO, must report in the request its contact data, essential to be able to identify and contact.
Type of data processed
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
This information is not collected to be associated with identified data subjects, as the data are used only for the purpose of obtaining anonymous statistical information on the use of the site and for checking its correct functioning, but due to their very nature they could, through processing and associations with data held by third parties, allowing users to be identified.
It should be noted that the data could be used by the competent Authorities to ascertain responsibility in case of hypothetical computer crimes.
Data provided voluntarily by the user
To access some services reserved for users, it is necessary to register and enter some personal data.
The provision of some identification data is necessary in order to authenticate and verify the legitimation of access, in the different levels of the reserved areas, to the subjects that access it. Under no circumstances will sensitive or judicial data be processed.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.
The data you provide will be processed for:
- the carrying out of the strictly necessary operations in order to proceed with the provision of any services requested by you, including the navigation between the pages of the site;
- the provision of technological services (mailing-lists, newsletters, assistance and maintenance remotely or locally, etc.), also by specifically authorized third parties;
- activities imposed by laws, regulations or provisions for the execution of commercial orders;
- statistical processing of aggregate data in relation to site performance;
- evaluations regarding the use of the site by users;
- optimize the commercial offer also through focused and selected analyzes;
- send advertising and / or commercial proposals based on the profiling of your data, implemented to highlight information and commercial proposals tuned to the interests you showed by accessing the pages and using the services available on this site.
In the pages of the site where their personal data are explicitly collected, they will be reported where necessary the additional specific privacy information, as well as the methods for the acquisition of his consent in cases where the holder uses this legal basis of treatment.
The processing of your personal data will be carried out on the basis of one or more of the following conditions. In particular, the treatments carried out for the purposes described above, which concern:
- point 1 and point 2, have as a legal basis the need to implement its express requests to receive a service directly available through the site: it is therefore the provision of data strictly necessary and connected to a pre-contractual and / or contractual phase or functional to give feedback to a specific request, as such the data collected from time to time are mandatory and, if it does not intend to provide them, it will not be possible to provide the service or respond to what you requested;
- point 3, will have as a legal basis the need to comply with a legal obligation such as the obligation to implement security measures provided by specific laws of the banking / financial sector applicable for certain services provided through the site and as such these data and related treatments are mandatory;
- point 4, being anonymized data, that is data from which it is not possible to re-identify, even indirectly, a physical person, such data are no longer personal data, therefore the related treatments are subtracted from the application of privacy legislation and it is not necessary a particular legal basis
In addition, if you are under the age of 16, for the processing of your data for these purposes you will need to collect the authorization from the holder of parental responsibility towards you.
Where the owner can use another legal basis (legitimate interest, public interest), it will be provided with specific and specific information.
Processing methods, safety measures and storage times
All data will be processed in mainly electronic format. The personal data as well as any other information that can be associated, directly or indirectly, to a specific user, are collected and processed applying technical and organizational security measures that guarantee a level of security appropriate to the risk, taking into account the state of the art and of the implementation costs, or, where foreseen, security measures prescribed by specific legislation such as, for example, not exhaustive: measures envisaged by applicable measures issued by the Authority for the protection of personal data or by specific regulations and regulations for the banking sector / financial and will only be accessible to specifically authorized personnel.
Precisely with regard to the aspects of protection of personal data, you are invited, pursuant to art. 33 of the GDPR to report to the holder any circumstances or events from which a potential “breach of personal data (data breach)” may occur in order to allow an immediate evaluation and the adoption of any actions aimed at countering such event, sending a communication to email@example.com. It is recalled that personal data breach means “the security breach that involves accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed”.
The measures adopted by the owner do not exempt the user / customer from paying the necessary attention to the use, where required, of a password / PIN of adequate complexity, which must periodically update as well as carefully guard and make inaccessible to others, in order to avoid improper and unauthorized use.
The personal data processed will be stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed, without prejudice to the need to keep them for a longer period following requests from the Authorities competent in the matter of prevention and prosecution of offenses or, in any case to assert or defend a right in court.
Categories of Recipients of personal data
Personal data will be processed by authorized personnel by the owner as well as by third parties, even if established in foreign countries with respect to the European Union, only if this is necessary for the operation and maintenance needs of the site and the services made available through the site itself, without prejudice to any obligations provided for by law (ex: inspections of the Tax Authority). In no case will they be disseminated to the public.
As foreseen by the GDPR, the holder shall appoint the third party companies who carry out all or part of the activities in question exclusively on behalf of the owner as personal data processing managers. In the case of involvement of third parties established in foreign countries with respect to the European Union, for the relative transfer of data abroad appropriate guarantees are adopted corresponding to the adequacy decisions issued by the European Commission and / or by the National Guarantor Authority for the protection of personal data from time to time appropriate to the case. Further information regarding the cases of any transfers of data to foreign countries with respect to the European Union and the related guarantees adopted, as well as information regarding the companies appointed as personal data processing managers, may be requested from the DPO.
Personal data provided by users who request dispatch of informative material (various documentation, reports, answers to questions, publications, etc.) are used only to perform the service or provision requested and are communicated to third parties only in the case where this is necessary for this purpose (example: mailing service for publications).
Rights of the interested parties
In relation to the processing of your personal data carried out through this site, at any time, as an interested party you can exercise the rights provided by the GDPR. In particular, it may:
- access to your personal data, obtaining evidence of the aims pursued by the owner, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and possible consequences for the data subject, if not already indicated in the text of this Notice;
- obtain, without delay, the correction of inaccurate personal data concerning you;
- obtain, in the cases foreseen by the law, the cancellation of your data;
- obtain the limitation of the treatment or oppose the same, when admitted on the basis of the provisions of law applicable to the specific case;
- in the cases envisaged by the law request the portability of the data that you have provided to the holder, that is to say to receive them in a structured format, commonly used and readable by automatic device, and also request to transmit this data to another holder, if technically doable;
- if it deems it appropriate, propose a complaint to the supervisory authority.
For the processing of personal data for which the legal basis is consent, it may always revoke it and in particular exercise the right to oppose direct marketing.
To exercise these rights, simply contact the DPO referring to the contact details given at the beginning of this Notice.