The website www.stiavelli.com collects some Personal Data of its own Users.
This information was written on the basis of the regulations regarding personal data protection, included in the articles 13 and 14 of the EU Regulation 2016/679 (hereinafter, GDPR) and of the current regulations regarding personal data protection.
Stiavelli Irio srl (hereinafter, Data Controller), with registered office in Prato (PO), via per il Poggio Secco, 46/E – headquarters: via Pantano, Capalle (FI)– VAT No. 01993990975 – Tel. 055898448 – Fax 055898477 – email: firstname.lastname@example.org.
- Types of collected data and purpose of the processing
a) Contacts and Live chat. It is possible to contact the Data Controller to ask for information and for any request related to offered products and services. The collected data are those inserted in the specific contact form in the section “Contacts”, in the box designated for the online chat and in the messages sent to the e-mail address of the Data Controller; cookies, usage data and IP addresses (these last ones are used only with the purpose of obtaining anonymous statistic information about the website use and of controlling the correct functioning). The purposes of the processing of your data is to fulfill your requests and the legal basis of the processing lies in the execution of pre-contractual and contractual measures (art. 6, let. B, GDPR).
b) Contents on external platforms. These services allow to view contents hosted on external platforms directly from the pages of this website and to interact with them. If such service is installed, it is possible that, even if the Users do not use this it, the same collects traffic data related to the pages on which it is installed.
The widgets installed on this website are:
– Facebook (Facebook, Inc.). Facebook’s social link is a service to interact with the social network Facebook, provided by Facebook Inc. Collected personal data: Cookies and usage data.
c) Newsletter. The Data Controller, prior specific and informed written consent, released by selecting the specific flag, processes your data for the purposes and the procedures referred to in the dedicated information. The legal basis of the processing lies in your consent.
- Data processing procedure and place
Data processing is carried out through IT and/or telecommunication tools, with organizational procedures and logics that are strictly related to the above mentioned purposes and, particularly, through the adoption of security measures compliant with the EU Regulations 679/2016.
Beyond Data Controller, in some cases, other external subjects (as service providers for hosting, maintenance and Data Controller’s coworkers) can access the data and, if necessary, be appointed as responsible of the processing by the Data Controller.
- Legal basis of the data processing
The Data Controller processes the personal data of the User for the purposes covered by:
Point 1, lett a) the processing of your data is necessary to fulfill your requests (especially for the execution of pre-contractual measures, such as request for information, and contractual ones).
Point 1, let. c) the processing of your data will occur only prior your specific consent, released with the modalities referred to in the specific information on the website we are referring.
At any time, you can ask the Data Controller to clarify the solid legal basis of each processing.
- Place and area of communication of your data
The data are processed and stored at the registered office of the Data Controller by the personnel authorized by the Data Controller self or by eventual people in charge of occasion maintenance operations.
Your data may be communicated to third parties, belonging to the following categories: subjects providing services to manage the website used by the Data Controller and the communication networks (including e-mails); external coworkers and people authorized by the Data Controller; competent authorities for the fulfilment of legal obligations and/or regulations from public authorities, on demand; companies which manage Data Controller’s information systems; companies providing management softwares for personal data and accounting, and platforms to send marketing communications (Mailchimp).
Your data will not be disclosed.
Subjects belonging to the above mentioned categories perform the function of Data Processor or operate autonomously with respect to the Data Controller.
- Nature of data provision and consequences of not answering
The data transmission for the purposes referred to at point 1, lett. a) is functional to benefit from the required services, therefore, an eventual refusal to provide them makes the Data Controller unable to carry our such services. Regarding the purpose referred to at point 1, lett. c) the Data Subject can decide not to transmit any data or to later deny the possibility of processing already provided data: in such case, he cannot receive newsletters, marketing communications and advertising material concering the services offered by the Data Controller.
- Storage period
The personal data are processed and stored for the time required by the purposes they had been collected for.
the personal data collected for purposes related to the execution of a contract or of pre-contractual measures between Data Controller and User will be hold until the execution of such contract will be completed and, anyway, in agreement with the regulations in force.
The Data Controller may be obliged to store Personal Data for a longer period of time, complying with a legal obligation or with an order from the authority.
The Data Controller will process the personal data for the time necessary to comply with the above mentioned purposes and, however, no more than 2 years from their collection for marketing purposes.
At the end of the storage period, the personal data will be cancelled. Therefore, after such a deadline, the right of access, cancellation, rectification and portability of the data cannot be exercised anymore.
- Rights of the User
The Users can exercise specific rights with reference to the data processed by the Data Controller.
Particularly, pursuant to GDPR, the User has the right to:
– revoke the consent at any time:
– oppose to the processing of his data;
– access his data;
– verify and ask for rectification;
– obtain a limitation in the processing;
– obtain cancellation or removal of his own personal data;
– receive his own data or let them be transferred to another Data Controller;
– complaint to the Control Authority (Privacy Authority).
How to exercise your rights
To exercise his own rights, the User can send a request to the contact details of the Data Controller, mentioned at the beginning of this information.
- System log and maintenance
Because of needs related to functioning and maintenance, this application may collect system logs, that is files recording interactions and can also contain personal data, such as User’s IP address.
- Information not contained in this policy
At any time, you can require further information about the processing of personal data to the Data Controller, by using the contact details. In particular, you can refer to the specific information for the newsletter on the website.