Pursuant to article 13 and 14 of the European Regulation 2016/679 (GDPR), Torre di Sopra di Camilla Sacchi, as Data Controller for Personal Data Processing, acting through its legal representative, hereby informs you about the purposes and modalities regarding gathering, communication, disclosure and transfer of any personal data gathered through this website.
1. Purpose
The treatment of any personal data provided on a voluntary basis that are stored with the Data Controller, requested or communicated by third parties are instrumental and are collected through data processing activities that you provided upon registration with Torre di Sopra di Camilla Sacchi. Your personal data will be used in order to:
1 - without your express consent (art. 6 lett. b), e) of the GDPR), for the following purposes:
provide personalized services, as promoted in the website www.torredisopra.com;
fulfil pre-contractual, contractual and tax requirements deriving from an existing relationship with you;
fulfil legal or regulation requirements as well as a European norm or order from Authorities (such as money laundering);
exercise the right of the Data Subject such as the right of defence;
2 - only with prior and specific consent (art. 130 Privacy Regulation and art. 7 of the GDPR), for the following marketing purposes:
send by e-mail, mail and/or sms and/or phone calls, newsletter, commercial and/or marketing communication on products or services offered by the Data Controller and customer satisfaction surveys on quality of services provided;
send by e-mail, mail and/or sms and/or phone calls, newsletter, commercial and/or marketing communications from third parties (such as business partners, insurance companies);
send market research requests, also by e-mail, related to the products or services offered by the Data Controller.
We hereby inform you that if you are already a client, we could send you commercial communications related to services and products of the Data Controller similar to those you already used, except if you deny your consent (art. 130 c. 4 Privacy Regulation).
2. Modalities
Your personal data may be processed using paper and/or electronic tools by appointed administrators and are carried out as specified in art. 4 Privacy Regulation and art. 4 n. 2) GDPR and in detail: collection, recording, organisation, storage, consultation, adaptation, alteration, modification, selection, retrieval, comparison, use, combination, blocking, transmission, erasure and/or destruction. Your personal data are processed both using paper and electronic/automatic tools.
We also inform you that your personal data will be processed in accordance with the modalities set forth in the UE Regulation 2016/679:
processed in a legit and correct way;
collected and recorded for specific, explicit and legitimate purposes;
correct and, if necessary, updated;
relevant, complete and not exceeding the purposes of the processing.
3. Data Communication and Dissemination
Personal data may be processed by the employees of Torre di Sopra di Camilla Sacchi for the purposes indicated in point 1) above. These employees, appointed as controllers, will receive adequate training and operating instructions from Torre di Sopra di Camilla Sacchi and they will work under direct responsibility of the appointed Data Processor.
Torre di Sopra di Camilla Sacchi might communicate the personal data to third parties as per the following list, in connection with the internal organisation such as administrative, accounting and tax activities and only if these activities are deemed necessary to comply with the obligations within the parties:
public authorities and supervisory bodies;
companies that gather and process data necessary for contractual purpose;
insurance companies;
credit verification companies;
companies checking customer satisfaction;
companies providing storing or data entry.
Personal data processing by third parties, acting as independent data processors, will be carried out under applicable laws.
The collected personal data will not be disseminated by Torre di Sopra di Camilla Sacchi.
4. Data transfer
Personal data are stored on servers located within the European Community. It is understood that the Data Controller, if deemed necessary, may move servers outside of the EU. In such a case, the Data Controller will transfer data outside of the EU under applicable laws and take standard safeguards as foreseen by the European Commission.
5. Exercise of rights under articles 15 – 22
Under articles 15-22 of the Legislative Decree n. 196 of June 30 2003, and subsequent amendments and additions introduced by the Legislative Decree n. 101 of 10 August 2018 in line with the European Regulation 2016/679 (GDPR), you can exercise your rights by asking the Data Controller. Under article 15, the data subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
the purpose of processing;
the categories of personal data concerned;
the recipients and the categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are in third countries or are international organisations;
whenever possible, the envisaged period of storage of personal data or, if not possible, the criteria used to determine such period;
the existence of the right of the subject to request from the Data Controller rectification or erasure of personal data concerning him/her l or to object to such processing;
the right to lodge a complaint with a supervisory authority;
when data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making processing, including profiling, and in this case, information about the logic involved, as well as the importance and the envisaged consequences for the data subject;
to be informed of adequate safeguards in case personal data are transferred to third countries or to international organisations.
The data subject has also the right to obtain:
the right of rectification of inaccurate personal data concerning him or her without any undue delay;
the right to be forgotten, i.e. the erasure of his/her personal data without any undue delay, when:
a - the personal data are no longer necessary in relation to the purposes;
b - the data subject withdraws his/her consent;
c - the data subject objects to the processing;
d - the personal data have been unlawfully processed;
e - the personal data have to be erased to comply with legal obligations under a Union or Member State law to which the Data Controller is subject;
f - the personal data have been collected in relation to the offer of services of information companies to minors, where the minor has less than 14 years.
the right of restriction of processing, i.e. the right to obtain the restriction of the processing when:
a - the data subject contests the accuracy of his/her personal data, for a period enabling the Data Controller to verify the accuracy of the personal data;
b - the processing is unlawful, and the data subject opposes to the erasure of the personal data and requests the restriction of its use;
c - the Data Controller no longer needs the personal data for the purposes of the processing, but the data subject requires the data for the establishment, exercise or defence of legal claims;
d - the data subject has objected to the processing in case of specific situations pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.
the right regarding notification in case of rectification or erasure of personal data or restriction of processing;
the right of portability of personal data, i.e. the right to receive in a commonly used and machine-readable format the personal data concerning him/her and provided to a Data Controller and the right to transmit such personal data to another Data Controller without hindrance from the previous one;
the right to objection, i.e. the right to object to the processing of his/her personal data at any time:
a - when the personal data are processed on grounds related to his/her particular situation [art. 6, paragraph 1, letters e) or f)], including profiling based on these provisions;
b - when the personal data are used for direct marketing purposes;
c - when the personal data are processed for scientific or historical research or for statistical purposes.
The right not to be subject to a decision based only on automated processing of his/her personal data, including profiling, that may produce legal effects on him/her or have similar effects on him/her.
6. Data Controller
The Data Controller is Torre di Sopra di Camilla Sacchi, is an Italian public company, with registered office in Via U. Peruzzi 109/b, 50010 Bagno a Ripoli, Fi, through its legal representative.
The updated list of internal and external data processors can be accessed by sending a written request to the registered office.
7. Storage Period
Your personal data will be stored for a period not exceeding the one necessary for the above mentioned purposes. In particular, your personal data will be processed for the whole period of the subscribed contract in relation with the service we provide and for the subsequent period:
within the timeframe of the existing legislation;
within the limits under the legislation and regulations about the data storage (for instance tax deductions);
within the period necessary to protect the rights of the data subject in case of any disputes in connection with the services provided by us.
Torre di Sopra di Camilla Sacchi has evaluated any risk that may affect privacy and has implemented procedures, technical and organizational measures (also of physical nature) to safeguard your personal data and avoid destruction, loss, improper use or unauthorised disclosures of these data.
8. Nature of the data provision and processing without consent
In line with the current legislation related to the processing of personal data, some personal data may be processed without consent if gathered to comply with legal or contractual obligations.
The provision of data and the related consent to process the personal data are thus mandatory in relation with contractual or legal obligations even outside of the European Community.
Without the consent of the data subject to the processing of his/her personal data, the performance of the relationship will have to be interrupted.
MOD.PRV. 034 – Web Site Notice - Torre di Sopra di Camilla Sacchi Via Peruzzi, 109b 50012 Bagno a Ripoli