The website www.stiavelli.com collects some Personal Data of its own Users.
This information was written on the basis of the regulations regarding personal data protection, included in the articles 13 and 14 of the EU Regulation 2016/679 (hereinafter, GDPR) and of the current regulations regarding personal data protection.

Data Controller
Stiavelli Irio srl (hereinafter, Data Controller), with registered office in Prato (PO), via per il Poggio Secco, 46/E – headquarters: via Pantano, Capalle (FI)– VAT No. 01993990975 – Tel. 055898448 – Fax 055898477 – email: info@stiavelli.com.

  1. Types of collected data and purpose of the processing
    a) Contacts and Live chat. It is possible to contact the Data Controller to ask for information and for any request related to offered products and services. The collected data are those inserted in the specific contact form in the section “Contacts”, in the box designated for the online chat and in the messages sent to the e-mail address of the Data Controller; cookies, usage data and IP addresses (these last ones are used only with the purpose of obtaining anonymous statistic information about the website use and of controlling the correct functioning). The purposes of the processing of your data is to fulfill your requests and the legal basis of the processing lies in the execution of pre-contractual and contractual measures (art. 6, let. B, GDPR).
    b) Contents on external platforms. These services allow to view contents hosted on external platforms directly from the pages of this website and to interact with them. If such service is installed, it is possible that, even if the Users do not use this it, the same collects traffic data related to the pages on which it is installed.
    The widgets installed on this website are:
    – Google Maps: it is a service to view maps, managed by Google Inc., which enables this website to integrate such contents within its own pages. The personal data collected by the Data Controller through the platform are cookies and usage data: you can consult Google’s privacy policy (https://policies.google.com/privacy?hl=it), considering that your data, in such case, could be processed by the same, also in non-EU countries. In any case, Google keeps on providing a series of mechanisms for international data transfer and has the certification according to the EU framework – U.S., which represents a legal system to transfer personal data from SEE to the United States, where the certified organizations ensure a protection level compliant with the European regulation for data protection.
    – Facebook (Facebook, Inc.). Facebook’s social link is a service to interact with the social network Facebook, provided by Facebook Inc. Collected personal data: Cookies and usage data.
    Processing location: USA – Privacy Policy. (Facebook has the certification according to the EU framework – U.S., which represents a legal system to transfer personal data from SEE to the United States, where the certified organizations ensure a protection level compliant with the European regulation for data protection).
    -E-mail; it is a service that enables the User to directly send a message of electronic mail to the Data Controller by using the platform connected to the e-mail address of the Data Controller. You can consult the privacy policy of the e-mail provider used by the User.
    -Google+: the button and the services related to Google+ are necessary for the interaction with the social network Google Plus and are provided by Google, Inc. Collected personal data: cookies and usage data. Processing location: USA – Privacy Policy.
    – LinkedIN: Linkedin’s button is a service to interact with the social network Linkedin, provided by Linkedin, Inc. Collected personal data: cookies and usage data. Processing location: USA – Privacy Policy. Subject compliant with the Privacy Shield.
    c) Newsletter. The Data Controller, prior specific and informed written consent, released by selecting the specific flag, processes your data for the purposes and the procedures referred to in the dedicated information. The legal basis of the processing lies in your consent.
    – MailChimp is an online e-mail marketing platform to create campaigns and manage the relative reports. Within the platform, there are different lists, with names and relative e-mail addresses, to which the newsletters are sent. The inserted data will only be used to send commercial communications related to our activity and will not be disclosed to third parties. MailChimp, headquartered in the United States participates and certified its compliance to GDPR, by the EU-U.S. Privacy Shield Framework. For further information, please consult MailChimp’s privacy policy on the website www.mailchimp.com
  2. Data processing procedure and place
    Data processing is carried out through IT and/or telecommunication tools, with organizational procedures and logics that are strictly related to the above mentioned purposes and, particularly, through the adoption of security measures compliant with the EU Regulations 679/2016.
    Beyond Data Controller, in some cases, other external subjects (as service providers for hosting, maintenance and Data Controller’s coworkers) can access the data and, if necessary, be appointed as responsible of the processing by the Data Controller.
  3. Legal basis of the data processing
    The Data Controller processes the personal data of the User for the purposes covered by:
    Point 1, lett a) the processing of your data is necessary to fulfill your requests (especially for the execution of pre-contractual measures, such as request for information, and contractual ones).
    Point 1, let. c) the processing of your data will occur only prior your specific consent, released with the modalities referred to in the specific information on the website we are referring.
    At any time, you can ask the Data Controller to clarify the solid legal basis of each processing.
  4. Place and area of communication of your data
    The data are processed and stored at the registered office of the Data Controller by the personnel authorized by the Data Controller self or by eventual people in charge of occasion maintenance operations.
    The personal data are stored on servers located within the European Union, with the exception of what indicated at points 1, lett. b) and lett. c) of this privacy policy. .
    Your data may be communicated to third parties, belonging to the following categories: subjects providing services to manage the website used by the Data Controller and the communication networks (including e-mails); external coworkers and people authorized by the Data Controller; competent authorities for the fulfilment of legal obligations and/or regulations from public authorities, on demand; companies which manage Data Controller’s information systems; companies providing management softwares for personal data and accounting, and platforms to send marketing communications (Mailchimp).
    Your data will not be disclosed.
    Subjects belonging to the above mentioned categories perform the function of Data Processor or operate autonomously with respect to the Data Controller.
    The User can require information about the list, constantly updated, of the Data Processors to the Data Controller, by contacting him at the address mentioned at the beginning of this privacy policy.
  5. Nature of data provision and consequences of not answering
    The data transmission for the purposes referred to at point 1, lett. a) is functional to benefit from the required services, therefore, an eventual refusal to provide them makes the Data Controller unable to carry our such services. Regarding the purpose referred to at point 1, lett. c) the Data Subject can decide not to transmit any data or to later deny the possibility of processing already provided data: in such case, he cannot receive newsletters, marketing communications and advertising material concering the services offered by the Data Controller.
  6. Storage period
    The personal data are processed and stored for the time required by the purposes they had been collected for.
    Therefore:
    the personal data collected for purposes related to the execution of a contract or of pre-contractual measures between Data Controller and User will be hold until the execution of such contract will be completed and, anyway, in agreement with the regulations in force.
    The Data Controller may be obliged to store Personal Data for a longer period of time, complying with a legal obligation or with an order from the authority.
    The Data Controller will process the personal data for the time necessary to comply with the above mentioned purposes and, however, no more than 2 years from their collection for marketing purposes.
    At the end of the storage period, the personal data will be cancelled. Therefore, after such a deadline, the right of access, cancellation, rectification and portability of the data cannot be exercised anymore.
  7. Rights of the User
    The Users can exercise specific rights with reference to the data processed by the Data Controller.
    Particularly, pursuant to GDPR, the User has the right to:
    – revoke the consent at any time:
    – oppose to the processing of his data;
    – access his data;
    – verify and ask for rectification;
    – obtain a limitation in the processing;
    – obtain cancellation or removal of his own personal data;
    – receive his own data or let them be transferred to another Data Controller;
    – complaint to the Control Authority (Privacy Authority).
  8. How to exercise your rights
    To exercise his own rights, the User can send a request to the contact details of the Data Controller, mentioned at the beginning of this information.

  9. System log and maintenance
    Because of needs related to functioning and maintenance, this application may collect system logs, that is files recording interactions and can also contain personal data, such as User’s IP address.
  10. Information not contained in this policy
    At any time, you can require further information about the processing of personal data to the Data Controller, by using the contact details. In particular, you can refer to the specific information for the newsletter on the website.