NOTICE PURSUANT TO ARTS. 12, 13 and 14 of GDPR 679/2016
personal data collected from the data subject
(last update 12 FEB 2019)
We wish to inform you that the European Regulation no. 679/2016 (General Data Protection Regulation) establishes rules concerning the protection of personal data processing of individuals as well as rules concerning the free movement of such data.
Your personal data will be processed according to the principles of correctness, lawfulness, transparency, restriction of purposes and storage, minimization and accuracy, completeness and confidentiality as required by the Regulation. We also want to remind you that by processing we mean: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” (art. 4 par. 2 of the Regulation).
We want to draw your attention to the fact that the data being processed by our company may sometimes be photographic images and video footage collected for institutional, public relations and marketing purposes concerning exhibitions, conventions, fashion shows, museums and events in general. These data may be processed by us in printed and/or audiovisual format through any means of dissemination such as the web or social networks. Obviously, if the event is not unequivocally public and/or if there is the need for processing with purposes other than those set out below in point 3 you will be provided with the appropriate additional information and you will be asked, where necessary, for your specific consent, that you will be free to give or refuse.
Lastly, we specify that your data will be processed in complete conformity with the requirements of the Regulation and of any other applicable law and will be carried out both manually and with the aid of electronic and automated means; the Controller will implement technical and organizational measures to ensure a level of security that is adequate to the processing risk, with particular reference to access procedures by the appointed persons in charge of the processing.
That being said, in compliance with the provisions of art. 12 and art. 13 of the Regulation, we specify the information you are entitled to for the processing the data supplied by you.
Below we provide specific information on:
1) Who the data controller is;
2) The existence or otherwise of a Data processor;
3) The purposes for which we process your data and the legal basis that allows such processing;
4) Who can we communicate your data to;
5) The geographical scope within which your data might circulate;
6) How long we will store your data;
7) What cookies are and how are they used;
8) Your rights;
9) If and why the conferment of your data is mandatory;
10) The existence or otherwise of automated decision-making processes.
1. Data controller.
Artissima s.r.l. sole proprietorship with registered office on via Magenta 31, 10128 Torino, Italy is the data controller responsible for your Personal Data Processing.
If you wish to contact the company you may do so at the following addresses: Corso Vittorio Emanuele II 12, -Turin, Italy / email@example.com / + 39 011 19744106
2. Existence or non-existence of a Data Protection Officer.
The company declares that they don’t avail themselves of a Data Protection Officer.
3.Purposes of the processing and lawful legal basis.
The data you provide will be processed for the following purposes:
A) Contractual, accounting, administrative and tax-related.
In the context of these purposes, the processing of data concerns the fulfillment of the obligations foreseen by the law and enables an effective administrative management of the contractual relationships in place.
The legal basis of the processing, i.e. the one that makes the processing lawful, is that provided for by art. 6, par. 1, letter b) of the GDPR which states “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
B) Commercial (newsletter) and marketing, advertising and other activities connected to them.
In the context of these purposes, the processed data will concern advertising communications and communications relating to events organized and/or participated in by us. Specifically, we include, among other things, the sending of informative, promotional and advertising material and the sending of newsletters and of other promotional and commercial communication initiatives, including via email or phone.
The legal basis of the processing, i.e. the one that makes the processing lawful, is that provided for by art. 6, par. 1, letter a) of the GDPR which states that “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”.
C) In the context of this purpose, the processed data will concern the analysis of the choices and preferences made by our customers/users regarding the services we offer and/or as a result of the participation in events we organize and/or participate in. Specifically we remind you that it is our prerogative to contact our customers without intruding, and for this purpose we want to send them only communications that are of interest to them. Through profiling we get to know our customers/users better and this allows us to improve our relationship. The profiled marketing activities that we carry out are, therefore, always to the benefit of our customers/users as they are aimed at sending them communications relating to the services and initiatives which are better suited to their interests. In compliance with the law and in order to protect your rights, we will only process the data that is strictly necessary for each purpose indicated in this privacy information notice.
The legal basis of the processing, that is the basis that makes the processing lawful, is that provided by art. 6 par.1, letter a) of GDPR which reads “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”.
4. Possible recipients of processed personal data.
A) Your personal data may be communicated to the External Processing Managers we have appointed, such as: Labor Consultants, Tax Advisors, Data Processing Centers, Associated Companies, Subsidiaries or Parent companies, Retailers, Banks and Credit Institutions, Financial Companies and Credit Insurance Companies.
They may also be disclosed to public and private agencies (foundations, social security, welfare and insurance institutions), doctors in charge of matters of hygiene and safety on the workplace, Chambers of Commerce, Armed Forces and Police, customs and tax offices at the national level pursuant to the law.
B) As specified in the introduction, your data may be disseminated on catalogues, leaflets or other printed paper and/or also through the internet, on websites and/or social networks and/or other forms of information technology.
5. Geographical scope of the processing.
Your personal data will be processed only at the national or European level.
6. Retention period.
Your personal data will be stored:
– for the administrative purposes expressed in point 3) letter A), your data will be stored for a period of time suitable to ensure the proper execution of contractual obligations and the fulfilment of administrative and fiscal obligations, (Italian Civil Code): 10 years.
– for purposes expressed in point 3) letter B), Commercial and marketing, that is collected for purposes related to the sending of informative, promotional and advertising material and for sending newsletters and other promotional and communication initiatives, without prejudice to your right to withdraw the given consent at any time: 24 months.
– for the purposes set forth in letter c), Profiling, without prejudice to your right to withdraw the given consent at any time: 24 months.
The specific information notice on cookies can be found on our website.
8. Your rights.
You may exercise these rights by contacting the Data Controller:
A) Right of access: the right to obtain from the Controller the confirmation whether or not there is an ongoing processing of your personal data and in this case, to gain access to the data and the detailed information concerning the origin of the data, the purposes of the processing, the categories of processed data, the recipients of their communication and/or transfer and whatever else concerns you.
B) Right to rectification: the right to obtain from the Controller the rectification of personal data that is incorrect, without undue delay, as well as the completion of personal data that is incomplete, also by providing a supplementary statement.
C) Right to erasure (“right to be forgotten”): the right to obtain from the Controller the cancellation of the data in the cases provided for when:
– The data are no longer needed in relation to the purposes for which they were collected;
– The consent has been withdrawn and there is no other legal basis which makes the processing lawful;
– The data have been processed unlawfully;
– The data must be erased for a legal obligation;
D) Right to restriction: the right to obtain from the Controller the restriction of the processing when, among others, the accuracy of the data themselves has been contested. This restriction will allow the Controller to verify the accuracy of the data. Furthermore, if the processing is unlawful and the data subject has objected to erasure.
E) Right to object: the right to object, at any moment, to the processing of data that have the legitimate interest of the Controller as a legal basis and/or that are processed for the purpose of direct marketing, profiling included.
F) Right to data portability: the right to receive your personal data in a structured format of common use and readable by automatic devices, and to transmit such data to another Data controller. This right is to be exercised only when the processing is based on consent or on a contract and only for electronic data.
G) Right of withdrawal of given consent: the right to withdraw, at any time, the consent previously given, without undermining the lawfulness of the processing based on the consent given before the withdrawal.
H) Right to lodge a complaint with a supervisory authority: the right to lodge a complaint with a competent supervisory authority if the data subject thinks that the processing that involves them violates the Regulation. This right may be exercised through the supervisory authority of the Member State where the data subject resides or works, or in the State where the alleged violation took place.
9. Legal or contractual obligation relating to the communication of data.
The conferment of data is mandatory as required by legal and contractual obligations (point A of the purpose), therefore, a refusal would make it impossible for our Company to establish and/or continue the relationship.
The conferment of other data not connected to legal and contractual obligations but referable to commercial, marketing, advertising and promotional activities, for the detection of the degree of customer satisfaction and similar purposes (point B of the purposes), as well as data concerning profiling, point C) of the purposes, is instead optional because data are collected to optimize the relationship with the customer within our business. The refusal to provide data for these purposes, while not jeopardizing the contractual relationship, will make it impossible to propose commercial and promotional initiatives, specifically targeted to the preferences of the counterparty offered by our company.
Therefore, an eventual refusal would imply the impossibility for our company to establish and/or continue the relationship, because it would not allow the entering of your name in the electronic lists that are necessary for the optimal and rational management of our marketing activities.
10. Automated decision-making processes.
Within our business there is no automated decision making process, including profiling, as per art. 22 paragraphs 1 and 4.