1. Data Controller
The Data Controller is the sole proprietorship of the individual company Lara di Guido Belli (hereinafter "Owner") C.F. BLLGDU46P03L424A VAT number 01724980303, located in Viale IV Novembre n. 96/2 in Feletto Umberto (UD) — telephone: 0432 574114 — email: email@example.com. The Data Controller informs pursuant to Art. 13 D.Lgs. N. 196 of 30 June 2003 (hereinafter, "Privacy Code") and Art. 13 EU Regulation n. 2016/679 (hereinafter, "GDPR") and subsequent amendments (including, for example, Legislative Decree No. 101 of 10 August 2018) that your data will be processed in compliance with the aforementioned law for the purposes and with the methods listed in this statement based on principles of correctness, lawfulness, transparency, and protection of confidentiality.
2. Objective of Processing
This information refers only to the data provided through navigation on the website www.lara-linen.it.
The Owner only deals with the personal data provided by the user (e.g. name, surname, company name, address, telephone number, e-mail address) (hereinafter "personal data") for the sole purpose of providing the interested party with the services required by the Owner, specifically relating to requests for information on products and services offered by the Owner.
During navigation data is collected through the computer systems and functional logic of the site, some of which could allow for the identification of the interested party (IP address of navigation). This last type of data will be kept by the owner and the Internet service provider in compliance with the limits established by current legislation and must be provided to the Judicial Authority in the case of computer crimes or damage to third parties, established or hypothetical.
The same data may be used anonymously, for statistical purposes only.
We inform you that any requests by data subjects that inadvertently contain data of a "particular" nature (e.g. "sensitive data") or data that may have an impact on the data subject or third parties, will be promptly deleted from the systems upon notification to the interested party.
3. Purposes of processing without consent
Your personal data is processed without your prior consent expressed in accordance with the provisions of Art. 24 sec. a), b), c) Privacy Code and Art. 6 sec. b), e) GDPR), for the following purposes:
- to fulfill the pre-contractual, contractual and tax obligations arising from relationships with you;
- to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
- to exercise the rights of the owner (e.g. the right to defense in court)
4. Purposes of processing upon explicit consent
Your personal data is processed only upon Your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following purposes:
A. to send You via e-mail, mail and/or SMS and/or by telephone, newsletters, commercial communications and/or advertising material on products offered by the Owner and/or to determine the degree of satisfaction in the quality of products supplied (hereinafter "Consent to marketing communications“);
B. to proceed to process Your requests sent through the Site
C. to comply with accounting, tax and contractual obligations resulting from your request
D. in all cases in which the Owner must fulfill a legal obligation or any action aimed at protecting their rights.
5. Methods of processing
The personal data communicated by You will be processed by the Data Controller on paper and/or computer, even in an automated manner, in compliance with the principles established by current legislation regarding the protection of personal data.
The processing of your personal data is carried out by means of the operations indicated in Art. 4 paragraph 1 n. 2 GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data.
6. Duration of processing
The Owner will process your personal data for the time necessary to fulfill the purposes set out in point 3 and point 4 of this statement and in any case no later than one year from the last activity provided, unless different obligations (e.g. fiscal and accounting) are required by law, by a regulation, by community legislation or by an order of the Authority. In the latter cases, the Owner will only retain the data necessary for the fulfillment of the obligations that remain even after the termination of the contract (Article 2220 of the Civil Code).
Excluded are the cases in which the rights deriving from the contract and/or the supply of products, in which case the personal data exclusively necessary for such purposes, will be processed for the time necessary to their pursuit.
7. Data protection
Your personal data will be protected through the application of specific security and confidentiality measures, both organizationally and digitally, to prevent loss or destruction of the same, disclosure and/or tampering, and unauthorized access that does not conform to the purposes for which they are collected.
8. Access to data
Your data may be made accessible (always and only for the purposes referred to in point 3 and point 4 of this statement) to the following subjects:
- to employees of the Owner that are specifically appointed
- third parties, specifically appointed by the Owner, for accounting and tax management purposes and payments;
- external suppliers appointed by the Owner under contracts and specifically appointed, relating to hardware and software assistance, hosting, maintenance and development of the website and any other outsourced activities on behalf of the Owner;
- to the persons in charge and/or internal managers of processing and/or system administrators;
- to third-party companies or other subjects (as an indication, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Owner, in their capacity as data controllers
- third parties, private and public, in the fulfillment of legal obligations, in the exercise and/or protection of a right of the Owner
- a public or judicial authority on request
The Owner has instructed such subjects to use the data received, which will be treated in full compliance with this document and in full compliance with the principle of correctness, lawfulness and transparency and the current provisions of the law, particularly Art. 28 of the EU Regulation n. 2016/679, with adequate physical and digital protections.
9. Data communication
Without the need for express consent (pursuant to Article 24 sec. a), b), d) Privacy Code and Art. 6 sec. b) and c) GDPR), the Owner may communicate your data for the purposes referred to in point 3 and point 4 of this document to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the said purposes. These subjects will process the data in their capacity as independent data controllers. The Owner has instructed these subjects to use the data received with adequate physical and digital protection.
10. Data transfer
Personal data is stored:
- in paper and/or digital formate at the headquarters of the Owner;
- on web servers located within the European Union and/or European Economic Area
11. Nature of providing data and consequences of refusal to consent
The provision of data for the purposes referred to in section 3 of this statement is mandatory. In the absence of consent, we cannot guarantee the requested service.
The provision of data for the purposes referred to in section 4 of this statement is optional. You can, therefore, decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications and advertising material concerning the products offered by the Owner. You will still be entitled to the services referred to in section 3 of this statement.
12. Your rights
As an interested party, benefit from the rights referred to in Art. 7 of the Privacy Code and Art. 15 GDPR namely to:
- obtain confirmation of the existence or non-existence of personal data processing that concerns you
- obtain indication of the origin of personal data, of the purposes and methods of processing, of the logic applied in case of treatment carried out with the aid of electronic tools, of the identification data of the Data Controller, of the persons in charge and of the designated representative, of the subjects or the categories of subjects to whom personal data may be communicated or who may become aware of it as a designated representative in the territory of the State, managers or agents;
- object, in whole or in part to the processing of your data
- obtain the modification, update, anonymization, and cancellation of your data
- ensure data portability in a structured and readable format
- lodge a complaint with the Guarantor Authority
13. How to exercise your rights
You can exercise your rights at any time by sending a registered letter addressed to the Owner at Lara di Guido Belli Viale IV Novembre n. 96/2 - 33010 Feletto Umberto (UD) or an e-mail to the address: firstname.lastname@example.org
Requests will be processed as soon as possible depending on the type of request, tentatively within one week of receipt.
14. Co-owners, managers, and agents
The updated list of co-owners, managers, and persons in charge of processing is kept at the registered office of the Owner.