PRIVACY POLICY
as per Article 13 of EU Regulation 2016/679, General Data Protection Regulation
(“Regulation” or “GDPR”)
This information notice is provided according to Article 13 of EU Regulation 2016/679, General Data Protection Regulation (“GDPR”) in relation to the processing of personal data collected within or through the website https://realaromi.it and any subdomain (the “Website”), owned and managed by ILLVA SARONNO S.p.A. .
Third-party websites that are possibly linked to in this Website are regulated by a separate privacy policy and they are in no way linked to this information notice.
This information notice applies to all users interacting with the pages of the Website.
All users are invited to read this information carefully.
DATA CONTROLLER | ILLVA SARONNO S.p.A. Via Archimede, 243 21047 Saronno (VA) VAT no. 02649100126 (“Company” or “Data Controller”) | |||||
PERSONAL DATA PROCESSED | In addition to the provisions set forth in other pages (with particular reference to the “Cookie”), by the Website and the use of the respective features and/or subscription to services offered therein, the following data can be collected and processed:
The Website does not contain any information or feature or service directly offered to users of minor age. Minors shall not provide information or personal data without the consent of those having parental responsibility. Users of minor age are invited not to provide any personal data without prior authorization of their parents or by those exercising parental responsibility. In case the Company will be notified that personal data have been provided by a minor, the Company will immediately delete said data or request appropriate consent by the parents (or by the holder of parental responsibility), reserving the right to prevent any access to the services offered on the Website to any user who hided the minor age or who communicated personal data without consent of the parents (or of the holder of parental responsibility). | |||||
LEGAL BASIS AND PURPOSE OF PROCESSING | The processing of personal data is exclusively carried out for the following purposes: (i) fulfilment of contractual or pre-contractual obligations (art. 6 lett. B) GDPR) – for the execution of services or for providing information requested through the Website and/or through electronic forms herein posted and for fulfilling all obligations arising out of pre-contractual or contractual relationships with the user and for managing interactions with the users; (ii) fulfilment of legal obligations (art. 6 lett. c) GDPR)- for the fulfilment of obligations set forth by national and/or European laws or regulations in force, included the Tax area, as well as the fulfilment of orders of the competent entities or authorities; (iii) on the basis of a legitimate interest of the Company (art. 6 lett. d) GDPR) for the legal defence of a right or interest before any competent authority or entity (even with respect to cybercrime). | |||||
CONSEQUENCES OF THE REFUSAL TO PROVIDE DATA | The provision of data for the purposes set out in paragraphs (i) (fulfilment of contractual obligations) above is purely optional. However, since the processing of data for such purposes is necessary in order to allow subscribing to the newsletter and for using the online services offered through the Website, the missing, partial or incorrect provision of data will prevent the user, as the case maybe, from registering to the newsletter or from using the services provided online and, in general, will prevent the handling of users’ specific requests. | |||||
DATA COMMUNICATION | Data can be communicated to the following categories of subjects (“recipients”):
In addition to the above, in order to pursue the mentioned purposes, personal data may be disclosed to Company’s staff that has been expressly authorized (in particular belonging to the IT and administration offices) and/or to third parties operating on behalf of the Company, such as, by way of example and not limited to:
that will process the personal data in their quality as data processors on behalf of the Company or as independent data controller, as the case maybe and on the basis of the specific relationships with the Company. In case of transfer of personal data in countries outside the European Union, conditions and requirements set out in the GDPR will be duly complied with. The data will be transferred, therefore, on the basis of requirements provided by GDPR, such as – for example – the adoption of Standard Contractual Clauses approved by the European Commission or by using third parties having operating in countries for which the European Commission issued an adequacy decision. | |||||
DATA RETENTION | Personal data will be retained for the entire duration of the contractual relationship and, subsequently, for the period of time allowed by applicable law on statutory or time limitation periods (also with respect to administrative and tax purposes) and, in general, for the time necessary for the exercise of Company’s rights in relation to claims raised by public authorities, public and private entities and subjects. | |||||
RIGHTS OF DATA SUBJECTS Right to access Right to rectification Right to erasure Right to restriction of processing Right to object Right to data portability | As a data subject, the user may ask to the Data Controller to exercise the following rights:
| |||||
The user has the right to present a claim before the Supervisory Authority (http://www.garanteprivacy.it/) in the cases referred to by Article 77, GDPR, and then when the user believes that the data are processed infringing the law. The above rights can be exercised by sending without any formality a request to the Data Controller. The request can be sent to the Data Controller via mail or e-mail to the following address privacy@disaronno.it. |
This Privacy Policy can be amended and updated, also depending on modifications of the applicable law provision. The Data Controller therefore invites users to periodically visit the present page for becoming aware of any change or update.
Last update: September 2022.