Dear user, This document has been prepared to provide information on how your personal data will be processed, the information about which is provided below.
The following information is provided pursuant to European Regulation 2016/679 (hereinafter referred to as “GDPR”). Data controller – pursuant to article 4, paragraph 1, n. 7) of the GDPR – is Eneide Jewels by Vittoria Curcio.
Purpose and legal basis of the processing
Your personal data is processed in accordance with the GDPR and the current regulatory provisions regarding the processing of personal data. It should also be noted that the processing in question is based on the principles referred to in Article 5 of the GDPR, and in particular the principles of correctness, lawfulness, transparency and protection of the privacy and rights of the data subjects.
The personal data provided will be processed by the Data Controller for the purposes listed below:
- compliance with the obligations established by laws or regulations;
- compliance with tax and accounting obligations;
- provide services requested by you;
- sending marketing information through digital and non-digital channels (such as Facebook; e-mail addresses; brochures);
- any contact requests or information that can be sent;
The provision of personal data is:
- mandatory in relation to the obligations established by laws, regulations and / or EU legislation and by the orders of the authorities and legitimate control bodies, as well as tax and accounting obligations;
- strictly necessary for the conclusion of contractual relations or the management and execution of existing contractual relations and those in the process of being established. Refusal of consent will not allow you to receive marketing information from the Data Controller or to use the services described therein.
As indicated below, your rights under the GDPR and current legislation include the right to withdraw your consent at any time. In this case, the Data Controller may not continue to use the user’s personal data for the purposes for which consent was revoked.
Methods of processing and storage times
Your personal data will be processed in printed, computerized and telecommunication form, using methods capable of guaranteeing the security and confidentiality of the data in accordance with the provisions of article 32 of the GDPR. We inform you that your data will be processed only for the time strictly necessary to achieve the purposes for which the data were collected, specified in the previous point 1, and in no case for more than ten years, as specified for accounting records pursuant to of article 2220 of the civil code.
Communication of personal data
In order to achieve the purposes described in point 1 above, the Data Controller may have to disclose the user’s personal data to third parties in the following categories: 1. authorities and supervisory bodies; 2. subjects who fulfill administrative and tax obligations on behalf of the Owner; 3. subjects appointed by the Data Controller pursuant to Article 28 of the GDPR as data processors, or a natural person or business entity that processes personal data on behalf of the Data Controller; 4. subjects that provide services for the management of digital and non-digital communications; 5. subjects whose services the Data Controller uses to provide the requested service.
Rights of the data subject
By sending a request directly to the Data Controller’s registered office at the address indicated above or at the e-mail address info@eneidegioielli.com, it is possible to exercise the following rights at any time, in accordance with articles 15 to 22 of the GDPR:
- the right to obtain confirmation of any processing of personal data concerning you;
- the right to obtain information on the purposes of the processing, the categories of personal data in question, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, when possible, the retention period;
- the right to obtain the rectification or cancellation of personal data concerning you;
- the right to obtain the limitation of the processing of personal data concerning you;
- the right to obtain data portability, i.e. the right to receive the personal data concerning you that you have provided to the Data Controller in a structured, commonly used and machine-readable format, and the right to transmit the data to a other unimpeded controller;
- the right to object at any time to the processing of personal data concerning you, including processing for direct marketing purposes;
- the right not to be subject to the decision-making process based exclusively on the automated processing of data on natural persons;
- the right to ask the Data Controller to provide access to the data, to rectify or delete them or to limit the processing of the user’s data or to oppose their processing and the right to data portability;
- the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation;
- the right to lodge a complaint with a supervisory authority.