PRIVACY POLICY
Personal Data Processing Policy in Accordance with Articles 13 and 14 of Regulation (EU) 679/2016
In accordance with articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on data protection (hereinafter the "Regulation" or "GDPR"), in relation to the processing of your personal data, CALLIGARIS SRL (hereinafter the "Data Controller"), whose identity and details are shown below,
informs you
of the following:
1) Identity and Details of the Data Controller
Within the meaning of articles 4 and 24 of the Regulation, the Data Controller is CALLIGARIS S.R.L., with headquarters in VIA SREBERNIC, 13/A - 34077 RONCHI DEI LEGIONARI (GO) Italy, tel.: 0481/1474295, fax: 0481/1777012, e-mail: info@calligaris.net, certified email: calligaris@pec.it. You may contact the Data Controller in writing, by post or via email, at the above-mentioned addresses.
2) Purpose and Lawfulness of Data Processing
The personal data that you provide directly, or that is collected by the Data Controller, will be processed exclusively: a) to meet your requests for information and/or product personalisation; b) for compliance with a legal obligation to which the Data Controller is subject.
The lawful basis for personal data processing for the purposes in point a) is article 6, paragraph 1, letter b) of the Regulation (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”).
The lawful basis for personal data processing for the purposes in point b) is the legal obligation to which the Data Controller is subject in accordance with article 6, paragraph 1, letter c), of the GDPR (“processing is necessary for compliance with a legal obligation to which the Data Controller is subject;”).
3) Data Processing Method
Your personal data may be processed electronically or automatically and, in any case, using only methods and procedures strictly necessary to achieve the purposes described above. In relation to the above-mentioned purposes, your personal data will be processed using manual, electronic and telematic tools, only for the stated purposes and, in any case, using methods that guarantee data security and privacy. Processing will take place using systems to store, manage and transmit data applying logic strictly connected to the data processing purposes, based on the data in our possession, which you commit to keep relevant by duly informing us of any necessary corrections, additions and/or updates.
4) Data Recipients or Categories of Personal Data Processors.
Personal data may be communicated for the above-mentioned purposes to subjects who carry out activities necessary to provide the services offered by the Site (for example: analysis of the Site's functioning), who will process the data in their capacity as Data Processors (article 28 of the Regulation) and/or as authorised subjects who process the data under the authority of the Data Controller or Processor (article 29 of the Regulation), i.e. subjects expressly tasked with data processing in accordance with the GDPR and national regulation of reference, such as providers of IT and/or storage services or other technical and organizational services, or employees and collaborators of the Data Controller.
5) Transfer of Personal Data to Third-Party Countries or International Organizations.
The User's personal data will not be transferred to third-party countries outside the European Union, or to international organizations.
6) Data Retention Period.
Personal data subject to processing will be stored in accordance with article 5, paragraph 1, letter e) of the Regulation, in a format that allows the identification of the data subject to whom they refer, only for the time necessary to achieve the purposes mentioned in point 2 for which they are processed, or the time strictly necessary to comply with legal obligations.
At the end of the retention period, your data will be deleted, or anonymised.
7) Data Subject Rights.
In accordance with article 15 and following articles of the Regulation, the data subject has the right to request from the Data Controller:
- access to their personal data;
- rectification or cancellation of their data or the limitation of the purposes for which the data can be processed;
- object to the processing;
- data portability in accordance with article 20 of the Regulation;
- if the processing is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a) of the Regulation, withdraw their consent at any time, without prejudice to the lawfulness of the processing based on the consent provided before the consent was withdrawn.
Without prejudice to any other administrative or judicial remedy, if the data subject believes the data processing infringes the GDPR, they have the right to complain with a supervisory authority, in the country in which they habitually reside, work or in which the alleged infringement occurred, in accordance with art. 77 of the Regulation. (the Italian supervisory authority is the Data Protection Authority).
To exercise the above-mentioned rights, the data subject may contact the Data Controller at the addresses provided in point 1 of this policy.
8) When the communication of personal data is a legal obligation or a requirement necessary to finalise a contract, and if the data subject has the obligation to provide personal data and possible consequences of failing to provide them.
The provision of your data is essential to process and meet any request for information and/or to be contacted and/or to receive personalised product solutions, sent to the Data Controller. If you do not provide your personal data, the Data Controller will be unable to process your request for information and/or personalised products.
9) Application of Automated Processing, Including Profiling.
In accordance with article 13, paragraph 2, letter f) of the GDPR, we inform you that your personal data will not be subject to automated processing, including profiling, as provided by article 22, paragraphs 1 and 4 of the Regulation.
10) Processing for Purposes Other Than Those for Which The Data Were Collected.
Should the Data Controller wish to process personal data for purposes other than those for which the data were collected, before proceeding, it will inform the data subject about this additional purpose and provide them with any other pertinent information, in accordance with article 13, paragraph 2 of the Regulation.
11) Updates.
This Privacy Policy may be modified and/or updated to comply with changes and/or integrations to the applicable regulations, adapt to new or updated services, or to technology innovations.