POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 – www.caterinab.it
Date of last update: 23/02/2023
With this document Asolo Gold S.p.A., Owner of the site www.caterinab.it (hereinafter only the “Site“), intends to provide information on the management methods of the Site itself in relation to the processing and protection of the personal data (“Data“) of the individuals who navigate on it or who otherwise contact the company by the means indicated on the Site (hereinafter “Users” or “Interested Parties“).
This document represents a Policy pursuant to Article 13 of the European Regulation of April 27, 2016 No. 679 (hereinafter “GDPR”) and is valid only and exclusively for the Site and not for other sites or web pages that can be consulted by the user through links or other interactive links that may be activated through the Site. Therefore, users are invited to read the Policies on data processing rendered by the owners of each site to which they may be redirected in the course of navigation.
This policy does not exclude that further information on the processing of personal data is also given to the Data Subjects in different ways, for example by sending specific information following the activation or request of a specific service.
- Identity and contact details of the Data Controller
The Data Controller of the processing of personal data for the purposes described in this Policy is Asolo Gold S.p.A, current at Via delle Industrie 9, 31020, San Zenone degli Ezzelini (Treviso), P. Iva 01696060266 (hereinafter also “Data Controller” or “Company“).
For all matters relating to the processing of data, for the exercise of rights arising from the Regulations (on this point see paragraph 9 below), as well as for any doubts or clarifications regarding this Policy, the data subject may contact the Data Controller by sending a registered letter with return receipt to the above address, or a communication to the following e-mail address: [email protected]
- Purpose and legal basis for processing
I dati personali raccolti attraverso il Sito sono trattati per le seguenti finalità:
- ensure the proper functioning of web pages and their contents and obtain statistical information on the use of services;
- provide assistance/make contact with the user or otherwise respond to/follow up on requests for information sent by the user by filling in the data collection forms in dedicated areas of the Site (including but not limited to: “Contact Us” section, “Personalize” etc.) or by requesting to take advantage of specific services on the Site (e.g. Login/Register) and manage the activities related to the provision of the requested services);
- send newsletters to the user, i.e. e-mail communications with promotional and advertising content sent to all interested parties who request it in the section on the Site.
We also inform you that:
- in relation to the purposes referred to in (a) above, the legal basis lies in the legitimate interest of the Owner (Art. 6.1 lett. f) GDPR) to ensure the proper functioning of the Site and its improvement;
- in relation to the purpose referred to in point b) above, the legal basis lies, as the case may be: in the need to execute pre-contractual measures taken at the request of the data subject (Art. 6.1 lett. b) GDPR); in the legitimate interest of the Data Controller (Art. 6.1 lett. f) GDPR), consisting in the need to respond to the data subject’s requests, taking into account the data subject’s reasonable expectations, even where the request is not pre-contractual in nature;
- in relation to the purposes referred to in point c) and d), the processing will be carried out only after the acquisition of your express consent (art. 6.1 lett. a) GDPR), except for the hypotheses: i) of so-called “soft spam” as described below, for marketing by the Data Controller; and ii) profiling through cookies, if consented to by the data subject through the cookies banner.
Interested Parties are informed that in Italy the Privacy Code (art. 130, paragraph 4, Legislative Decree 196/2003 and subsequent amendments) allows soft spam. This means that without having to acquire the explicit consent of the Interested Parties, it is possible to use the e-mail address that was provided with a previous purchase, for the purpose of direct sales of services similar to those that the Interested Party has already purchased from the Data Controller, provided that the Interested Party does not object to such use. It should be noted that the User may object to this processing at any time by contacting the Data Controller at the addresses mentioned in point 1) or by clicking on the appropriate link to object to the receipt of communications considered as unsolicited, present in all e-mails with commercial content sent by the Data Controller.
It is clarified that the personalization of commercial offers could occur, even in the absence of express consent to profiling, where the user has consented to the Site’s use of profiling cookies.
With reference to the activity of sending newsletters (letter d), it should be noted that consent is acquired when the customer, having read this information, declares that he/she wishes to subscribe to the newsletter.
It should be noted that the Interested Party may object at any time to the receipt of newsletters or, in any case, of commercial communications deemed undesired by contacting the Data controller at the addresses mentioned in point 1) or by clicking on the special link to object to the receipt of communications deemed undesired, present in all e-mails with commercial content sent by the Data controller.
- Nature of data provision
The provision of data for the purposes referred to in point a) above is optional and yet necessary for the proper functioning and use of the Site. Any refusal to provide data in relation to the aforementioned purpose could therefore result in the inability to navigate the Site, to view all of its contents and to access the related services.
The provision of data for the purposes referred to in letters b) is optional; however, any refusal to provide the data in relation to the aforementioned purposes will result in the impossibility of processing your requests (e.g.: obtaining product information, quotes, etc.).
The provision and consent to the processing of your data for the purposes referred to in letters c) and d) is entirely optional. Any refusal will result in the impossibility for the Controller to carry out marketing activities towards you, to send newsletters, while it will not result in any negative consequences with regard to the purposes in letters a) and b).
- Type of data processed
In pursuit of the above purposes, the following categories of data will be processed:
- Data provided by the user: identification data (name, surname, sex, date of birth); contact data (phone number, e-mail address, etc.); etc. Any additional data of a personal nature voluntarily provided in the compilation of data collection forms and/or through the voluntary sending of e-mails will be processed in accordance with the principles of correctness, lawfulness and transparency, as well as in compliance with the principle of “minimization”, i.e. acquiring and processing data limited to what is necessary in relation to the purposes pursued.
- Mode of Treatment
The processing of your personal data will be carried out using paper and IT tools, in compliance with the provisions on the protection of personal data and, in particular, with the appropriate technical and organizational measures pursuant to Article 32.1 GDPR, as well as with the observance of any precautionary measures that guarantee their relative integrity, confidentiality and availability.
- Categories of data recipients
Your personal data will not be disclosed, except where required by a law or regulation or by EU legislation.
Your personal data may be disclosed, strictly in relation to the above purposes, to the following parties or categories of parties:
- hird parties and companies that provide services to the Controller, such as – by way of example – the management of the information system and telecommunications networks (including e-mail), the development and management of the Site, sending commercial communications, etc.;
- firms, companies or professionals in the context of assistance and consulting relationships;
- call center for customer care;
- authorities responsible for fulfilling legal obligations.
In addition, your data will be processed, exclusively for the above-mentioned purposes, by company employees specifically authorized and instructed by the Data Controller pursuant to Article 29 of the GDPR.
- Transfer of personal data to third countries
The Data Controller does not intend, at present, to transfer Data to non-EU/EEA countries. In any case, the Data Controller assures that any such transfers will take place in full compliance with the conditions set forth in Chapter V of the GDPR (Art. 44 et seq.), in order to ensure that the level of protection of individuals guaranteed by the GDPR is not undermined. The transfer will therefore take place to countries that the European Commission has deemed to guarantee an adequate level of protection, either in accordance with Article 44 GDPR or in compliance with specific standard contractual clauses approved by the European Commission pursuant to Article 46 GDPR, provided that the recipient of the data provides adequate safeguards and that the data subjects have enforceable rights and effective remedies. Any exceptions to the above will only take place in compliance with Article 49 GDPR.
- Retention period
Personal data collected for the purpose of responding to requests for information will be retained for the time necessary to provide the response to the data subject and in any case no longer than 24 months from the processing of the request, unless a contractual relationship is subsequently established, in which case the data will be retained for a period of 10 years from the termination of the relationship, in accordance with current regulations. Data processed for the purpose of sending newsletters will be retained until a request to unsubscribe is received from the user, and in any case no longer than 24 months from the collection of consent, unless renewed.
In the event of an unsubscribe request, we will delete the user’s data from our databases within 96 hours of the unsubscribe request.
For direct marketing activities, data will be retained for a period of 24 months after the collection of consent, unless renewed.
Please note that at the end of this period, the data will be subject to automatic deletion or irreversible anonymization. However, a longer period of data retention may possibly be determined by requests made by the Public Administration or other Body or Authority, or by the Owner’s participation in judicial proceedings involving the processing of data.
- Rights granted to the data subject
The data subject may exercise his or her rights under the GDPR at any time in the manner described in paragraph 1 above. In particular, the data subject is entitled to:
- Right of access
The data subject may ask us whether or not we process any of his or her data, and if so, he or she may obtain access to that data from us in the form of a copy. When the data subject makes a request for access, we also provide him or her with additional information, such as the purposes of processing, the categories of personal data involved, and any other information necessary for the data subject to exercise this right.
- Right of rectification
The data subject has the right to correct his or her data if it is inaccurate or incomplete. Upon request, we will correct inaccurate personal data and, taking into account the purpose of processing, complete incomplete data.
- Right of cancellation
Data subjects have the right to have their personal data deleted. The erasure of personal data can only occur in certain cases, listed in Article 17 of the GDPR. This includes situations where the data subject’s personal data is no longer necessary in relation to the initial purposes for which it was processed, as well as situations where it has been processed unlawfully. In relation to how we provide some services, we inform that it may take some time before backup copies are deleted. We also inform you that the Data Controller will, within the limits of the state of the art, provide for the deletion of the data subject’s personal data, except in cases where their retention is required by law.
- Right to limitation of processing
The data subject has the right to obtain the restriction of the processing of his or her personal data, which means that we suspend the processing of the data subject’s data for a certain period of time. Circumstances that may give rise to this right (Article 18 GDPR) include situations where the accuracy of personal data has been disputed, but time is needed to verify its (in)accuracy. If the data subject has obtained a restriction on the processing of your data, we will inform him or her before this restriction is lifted.
- Right of opposition
The data subject has the right to object to the processing of your personal data, which means that you can request us to stop processing your personal data for certain purposes (e.g., direct marketing). Please note that this right is granted to the data subject only in special circumstances (Art. 21 GDPR) and, in particular, in cases where the legal basis for processing is the legitimate interest of the Data Controller.
- Right to data portability
The right to data portability means that the data subject can ask us to provide him or her with personal data in a structured, commonly used, machine-readable format and to ask us to transmit such data directly to another data controller, where this is technically feasible.
- Right to withdraw consent
The data subject has the right to withdraw consent to the processing of personal data at any time if the processing is based on his or her consent (e.g., direct marketing). In any case, revocation of consent does not affect the lawfulness of processing based on consent prior to revocation.
- Right of access
- Right to submit a complaint with the supervisory authority
The Data Subject also has the right to lodge a complaint with the supervisory authority if he or she believes that a processing operation concerning him or her violates the GDPR and/or current legislation on the processing of personal data.
Please note that in Italy said authority is represented by the Italian Data Protection Authority, based in Rome. A Data Subject not resident in Italy may lodge a complaint before the Supervisory Authority designated in his or her country of residence.
- Non-existence of an automated decision-making process
The processing referred to in this Notice is not subject to automated decision making.