PURSUANT TO artICLE 13 OF (eu) REGULATION n. 679/2016 (“GDPR”)
Below is reported the information required by the legislation relating to the processing of personal data, in accordance with art. 13 of the European Union regulation no. 679/2016 (here in after “GDPR”).
1. Type of data processed and collection methodology
The personal data processed, such as Name & Surname, Address, Telephone, Email address, are provided directly by users (e.g. by telephone, email) to request and use the services / products offered.
We do not knowingly process "sensitive" personal data that can reveal racial and / or ethnic origin, religious or philosophical beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, the user's health or sex life. We therefore ask users not to give us these types of personal data.
The personal data collected may refer both to the user and to third parties whose data the user provides. The user assumes responsibility for the personal data of third parties published or shared through the site and guarantees to have the right to communicate or disseminate them, freeing the data controller from any liability to third parties.
2. Identity and contact details of the data controller
The data controller is the Tananei company in the person of its legal representative Mr. David Meacci based in Via Sassa 49, 51010 Marliana (PT), Italy, tel. +39 328 5597126, e-mail: firstname.lastname@example.org.
3. Purposes of the processing
The data processed are used for the following reasons:
to be able to contact our visitors and users to carry out the preliminary activities and consequent to the management of requests for information and contact and / or sending information material, as well as for the fulfillment of any other obligation arising
for the preliminary activities and consequent to the purchase of services and / or products, the management of the related orders, the provision of the services themselves and / or the production and / or shipment of the products purchased, the related invoicing, the management of payment and the provision of assistance, as well as the fulfillment of any other obligation deriving from the contract
promotional activities on services / products similar to those already purchased (Clause 47 GDPR): the data controller, even without explicit consent, may use the contact data already communicated, for the purpose of direct sales of their services / products, limited to in the case of services / products similar to those being sold, unless the user explicitly refuses
comply with applicable laws and regulations.
In no case are the personal data processed sold to third parties and not even used for undeclared purposes.
The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the service and / or supply of the requested product. If the personal data expressly provided for are not provided (Article 13, subparagraph 2, letter e, GDPR), the data controller will not be able to follow up the processing related to the management of the requested services and / or the contract and the services / products to it connected, nor to the obligations that depend on them.
4. Method of data processing
The processing of personal data is carried out using IT tools and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
In some cases, external parties may also have access to personal data (Article 13, 1st subparagraph GDPR) to the data controller's organization (such as service providers, postal couriers, hosting providers, etc.) to carry out the activities related to the relationship. established and to meet certain legal obligations.
If necessary, these subjects may be appointed as data processors by the controller, as well as access the personal data of users whenever necessary and will be contractually obliged to keep personal data confidential. The updated list of data processors can be requested by email at email@example.com
5. Legal basis for the processing
The processing of personal data relating to the user is based on the following legal bases:
- the consent given by the user for one or more specific purposes
- the processing is necessary for the execution of a contract with the user and / or for the execution of pre-contractual measures
- the processing is necessary to fulfill a legal obligation to which the data controller is subject
- the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties - the processing is necessary for the execution of a task of public interest or for the exercise of public authority vested in the data controller
- the processing is necessary for the pursuit of a vital interest of the data controller or third parties.
However, it is always possible to ask the data controller to clarify the legal basis of each processing at firstname.lastname@example.org.
6. Where the data processing is made
Personal data are processed at the operational headquarters of the data controller and in any other place where the parties involved in the processing are located. For further information, contact the data controller at the following email address email@example.com or at the following postal address Via Sassa 49, 51010 Marliana (PT), Italy.
7. Security measures (art. 32 GDPR)
The processing is carried out in a manner and with suitable tools to guarantee the security and confidentiality of personal data, having the data controller adopted adequate technical and organizational measures that guarantee, and allow to demonstrate, that the processing is carried out in compliance with the relevant legislation.
8. Data storage period (art. 13, 2° subparagraph, letter. a GDPR)
Personal data will be kept for the period necessary to fulfill the purposes for which they were collected.
In particular, personal data will be kept for the entire duration of the contractual relationship, for the execution of the related and consequent obligations, for compliance with applicable legal and regulatory obligations, as well as for own or third party defensive purposes.
If the processing of personal data is based on the user's consent, the data controller can keep the personal data until the consent is revoked.
Personal data may be stored for a longer period if necessary to fulfill a legal obligation or by order of an authority.
All personal data will be deleted or stored in a form that does not allow the identification of the user within 30 days of the end of the retention period. At the expiry of this term the right of access, cancellation, rectification and the right to the portability of personal data can no longer be exercised
9. Automated decision-making processes
All personal data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects for the person or which may significantly affect them.
10. User rights
Users can exercise certain rights with reference to the personal data processed by the data controller. In particular, according to (art. 15 - 20 GDPR) the user has the right to:
• withdraw consent at any time;
• object to processing of his personal data;
• access their personal data;
• verify and request rectification;
• obtain restriction of the data processing;
• obtain the erasure of their personal data;
• receive their personal data or have them transferred to another data controller;
• bring infringements of this regulation to the attention of the judicial authorities.
To exercise their rights, users can direct a request to the contact details of the data controller indicated in this document. The requests are made free of charge and processed by the owner as soon as possible, in any case within 30 days.
Furthermore, for reasons relating to the particular situation of the user, in accordance with Art. 21 GDPR, the same may object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the data controller at firstname.lastname@example.org. The user has the right to have their personal data deleted if there is no legitimate overriding reason of the data controller with respect to the one that gave rise to the request, and in any case in the event that the user has opposed the processing for commercial promotion activities.