Privacy Policy

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Regulation (EU) 2016/679 and Legislative Decree 196/2003, as amended


We would like to inform you that the following information is provided in accordance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation), hereinafter referred to as “GDPR”, and the applicable national legislation in force.


Data Controller:
The Data Controller is the company D'Alba Sas Di Carluccio Maria D.A. & C., with registered office in Uggiano La Chiesa (LE), Via Mulino a Vento no. 63 - ZIP code 73020. Contact details: E-mail: info@mulinoavento.it; PEC: mulinoavento@pec.it; tel: 0836812942.

 

Personal data are processed for different purposes, each based on a specific legal basis and retained for a defined period of time.

Common personal data of the data subject, such as personal details and contact information, are processed for the performance of the contract concerning the provision of the requested service, as well as for the implementation of any pre-contractual measures requested by the data subject. The legal basis for such processing is therefore the performance of a legal relationship to which the data subject is a party. In the event of any dispute, the processing may also be based on the legitimate interest of the Data Controller in protecting and defending its rights. The data will be retained for the entire duration of the contractual relationship and, subsequently, for the period required by applicable law. In the event of a dispute, the data may be retained for the entire duration of the proceedings and until the expiry of the time limits for exercising any legal actions or appeals.

Personal data may also be processed for the fulfilment of obligations in the tax and accounting field. In this case, the legal basis for the processing is compliance with a legal obligation to which the Data Controller is subject. The data will be retained for the duration of the contractual relationship and, after its termination, for the period required by law.

Subject to the data subject’s specific consent, personal data may also be processed for direct marketing purposes, such as sending newsletters and promotional communications. In this case, the legal basis for the processing is the consent of the data subject, which may be withdrawn at any time. In the absence of withdrawal, the data will be retained for a maximum period of 24 months from the date consent is granted.

Furthermore, subject to specific consent provided through a separate document, photos and videos of the data subject may be published for marketing and promotional purposes, for example on the website and/or on the Data Controller’s social media pages. Also in this case, the processing is based on the consent of the data subject, which may be withdrawn at any time. In the absence of withdrawal, the data will be retained for the entire duration of the contractual relationship.

 

Place of Processing:
Your personal data will be processed at the Data Controller’s premises.


Description of Processing Methods:
Your data will be processed by automated and manual means, using tools designed to ensure maximum security and confidentiality. The persons who will process your data are expressly authorized and have received the necessary instructions to carry out the processing in an appropriate manner, in compliance with the purposes set out in this document and for the time strictly necessary to achieve the purposes for which the data were collected. Your data may be processed by electronic, paper or telematic means. Appropriate and proportionate security measures have been adopted in order to minimize the risks of unauthorized access, data loss, unlawful use or disclosure. In accordance with the defined retention period, depending on the purpose for which they are used and the category to which they belong, the data will be deleted or anonymized once the retention period has expired.


Provision of Personal Data and Refusal:
The provision of personal data is necessary for the performance of the contract and for compliance with related legal obligations. Refusal, in whole or in part, to provide the requested data or the provision of incorrect or incomplete data will make it impossible for the Data Controller to execute the contract and related obligations. With regard to processing purposes based on consent, the provision of your data is optional; however, refusal to provide the necessary data will make it impossible to pursue those purposes.


Categories of Data Recipients:
The following categories of subjects will process your personal data on behalf of the Data Controller pursuant to Article 28 of the Regulation, as Data Processors:

  • IT consultants (or consulting companies) for services related to software and hardware assistance and
    maintenance;
  • Software houses providing services functional to the above purposes;
  • E-mail providers;
  • PEC providers;
  • Accountant for tax and accounting obligations;
  • Banking and insurance institutions;
  • Consultants and freelance professionals, individually or in association;
  • Web hosting service providers;
  • Social networks.


Your data may also be disclosed, by way of example and not exhaustively, to lawyers, authorities and supervisory and control bodies, and in general to public or private entities entitled to request the data (e.g. Revenue Agency, Financial Police). You may obtain a list of recipients by contacting the Data Controller using the details provided above.


Rights of Data Subjects:
As a data subject, you have the right to:

  • request at any time access to your personal data and related information (Art. 15 GDPR); rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR); erasure of your personal data (where one of the conditions set out in Art. 17(1) GDPR applies and subject to the exceptions in paragraph 3); restriction of processing (where one of the conditions set out in Art. 18(1) GDPR applies);
  • request and obtain, where the legal basis is contract or consent and processing is carried out by automated means, your personal data in a structured, commonly used and machine-readable format, also for transmission to another controller (data portability – Art. 20 GDPR);
  • object at any time to the processing of your personal data in the presence of particular situations concerning you (Art. 21 GDPR).
    To exercise your rights, you may contact the Data Controller using the details above.

 

Remedies and Competent Authorities:
If you believe that the processing of your data is in violation of the GDPR, you may lodge a complaint with a supervisory authority (Italian Data Protection Authority – www.garanteprivacy.it) pursuant to Art. 77 GDPR, or take legal action pursuant to Art. 79 GDPR.