PRIVACY POLICY

PRIVACY

Information for the processing of personal data - Information document pursuant to and for the purposes of articles 13-14 of GDPR (General Data Protection Regulation) 2016/679

In compliance with EU Regulation 679/16 (GDPR), we provide you with the necessary information regarding the processing of the personal data we collect from you. The information is not valid for other websites that may be consulted through links on the owner's domain internet sites, which is not to be considered in any way liable for third-party websites.

1) Data Controller, Data Processor and place of processing

THE DATA CONTROLLER
The data controller is Centrufficio Loreto s.p.a. - registered office in Viale Andrea Doria 17 - 20124 (Milano, Italy) and operational headquarters in Via Doria, 19 - 20093 Cologno Monzese (MI, Italy) in the person of its legal pro-tempore representative.

PLACE OF THE DATA PROCESSING
Data processing is carried out at the premises of the Data Controller and at the premises of identified external subjects.    

2) Types of data processed

Personal and browsing data

"personal data": any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Web Browsing Data

During their normal operations, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website and/or the compilation of data collection forms entails the subsequent acquisition of the sender's address - which is necessary to reply to requests - as well as any other personal data included in the messages.

Cookies

See the cookie policy at the following link www.centrufficiostore.it/cookie

3) Purposes of processing for which consent is given if requested (art. 6 GDPR)

  1. A) Personal data, voluntarily provided, will be processed for the following purposes:
  • browsing within this website;
  • possible compilation of data collection forms to request quotations and / or contacts and / or to send applications;
  • possible completion of data collection forms for online booking;
  • accounting/administrative activities in general

For the application of the instructions on the protection of personal data, the processing carried out for administrative-accounting reasons relates to organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, processing for such purposes includes internal organizational activities, those related to the fulfillment of contractual and pre-contractual obligations, information activities.

  1. B) The personal data provided through the compilation of the data collection forms present on the websites or data collection modules in general (such as name, surname, e-mail address) will be processed, with prior consent, by the Data Controller and the Data Processors for commercial promotion activities and newsletter sending via e-mail.

4. PROCESSING METHODS AND DATA STORAGE

The processing will be carried out automatically and manually, using tools and methods that guarantee maximum security  and confidentiality, by processors appointed specifically in compliance with art. 13-14 of the GDPR. The data will be retained for a period not exceeding the purposes for which the data was collected and subsequently processed.

5) Communication and dissemination

Your data, collected for processing, will not be disclosed and may be communicated to companies contractually linked to Centrufficio Loreto s.p.a., in order to comply with the contracts or related purposes. The data may be disclosed to third parties belonging to the following categories:

  • suppliers of services for the management of information systems and telecommunications networks used by Centrufficio Loreto s.p.a.;
  • firms or companies providing assistance and consulting services;
  • competent authorities for the fulfillment of legal obligations and/or provisions of public bodies, where required.

Subjects belonging to the aforementioned categories carry out the function of Data Processors, or operate in total autonomy as separate Data Controllers. The list of designated privacy managers is constantly updated and available at the headquarters of  Centrufficio Loreto s.p.a. with registered office in Viale Andrea Doria 17 - 20124 (Milano, Italy) and operational headquarters in Via Doria, 19 - 20093 Cologno Monzese (MI, Italy). Any further communication and diffusion will be subject to your explicit consent.

6) Nature of the conferment and refusal

Apart from what has been specified for browsing data, the user is free to provide personal data. The disclosure of the data for the purposes of point A) is necessary. Any refusal to provide the data for the purposes of point A) will make it impossible to obtain the requested service or to use the services offered by the Data Controller. The consent to the processing of data for the purposes of point B) is optional. Any refusal of consent for the purposes described in point B) will not have any consequence on the purposes described in point A).

7) Rights of the data subjects

You may assert your rights as expressed in Articles 12-23 by contacting the data processing owner or the data controller at our offices, either by phoning +39 02 253771, or by sending an e-mail to privacy@centrufficio.it.

In your capacity as data subject, you have the rights set forth in Art. 15 of the GDPR and specifically the right to:

  • obtain confirmation of the existence of your personal data, even if not yet registered, and their communication in an intelligible form;
  • obtain information on:

a) the origin of the personal data;
b) the purpose and the methods of processing;
c) the logic applied whenever the processing involves electronic tools;
d) the identity of the data controller, data processors and the designated representative  as per article 5, paragraph 2 of the Privacy Code and article 3 paragraph 1 of the GDPR;
e) persons and subject categories to whom the personal data may be communicated, or who may acquire such data in their capacity as designated representative at national level, data processors or persons in charge of processing;

  • obtain:
  1. updates, corrections or additions to the data;
  2. the deletion, transformation into anonymous form or blocking of data which have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
  3. certification that the operations under a) and b) have been made known, including their content, to those to whom the data has been communicated or distributed, except in the event of such compliance proving impossible or leading to the use of manifestly disproportionate means in respect of the right protected; 
  • object to, in whole or in part:

a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose for which it was collected;
b) to the processing of your personal data for the purposes of sending advertising or direct sales material or to carry out market research or commercial communication, through the use of automated calling systems without human intervention, by email and/or through traditional marketing methods by telephone and/or mail.

Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to objection), and the right to lodge a complaint with a Data Protection Authority. At any time you can obtain confirmation of the existence of your personal data, as well as the communication of such data and the purposes of the processing.  In addition, you can obtain the deletion, transformation into anonymous form or blocking of data processed unlawfully, as well as the updating, correction or, if you are interested in doing so, integration of the data.  You may oppose the processing of the data itself, for legitimate reasons.

8) Privacy Policy Changes

The data processing owner reserves the right to amend, update, add or remove parts of the privacy information at any time and at its sole discretion. The interested party should check periodically to see if changes have been made. In order to facilitate such checks, the information will contain the date of the latest revision. Use of this site after the publication of changes shall represent acceptance of such changes.

9) Social plug-ins

Our website may contain Social Networks plug-ins (e.g. FaceBook.com, managed by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States ("Facebook"). If you access one of our web pages with this plug-in, the Internet browser connects directly to the social network and the plug-in appears on the screen thanks to the connection to the browser. Before using these plug-ins, we invite you to consult the privacy policy of these social networks, on their official websites.

10) Data sharing with third-party companies: