Information pursuant to art. 13 of the Regulation (EU) n. 679/2016 (“GDPR”)
“Andrea Cabassi” and “Permettimi d’insistere” are sites owned by Andrea Cabassi resident in via Benedetta 5/1 in Parma, Italy (TIN CBSNDR75D13G337V) which protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of infringement. As required by European Union Regulation no. 679/2016 (“GDPR”), and in particular to art. 13, here below is provided to the user (“Interested”) the information required by law concerning the processing of his personal data.
Who we are and what data we treat (article 13, paragraph 1 letter a, article 15, lett. B GDPR).
“Andrea Cabassi” and “Permettimi d’insistere” in the person of Andrea Cabassi resident in Via Benedetta 5/1 in Parma, Italy (TIN CBSNDR75D13G337V), operates as Data Controller and can be contacted at firstname.lastname@example.org. Collects and / or receives information regarding the interested party, such as:
- Personal data at the time of contact or request for samples such as: name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile, fax, fiscal code, e-mail address / es
- Telematic traffic data such as Log, IP address of origin.
“Andrea Cabassi” and “Permettimi d’insistere” does not require the interested party to provide data c.d. “Special”, or, according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, data biometrics intended to uniquely identify an individual, data relating to health or sex life or sexual orientation of the person. In the event that the service requested of “Andrea Cabassi” and “Permettimi d’insistere” required the processing of such data, the interested party will receive a specific notice in advance and will be required to give appropriate consent.
The Data Controller has appointed a Data Protection Officer (Data Protection Officer -DPO) who can be contacted for any information and requests: Andrea Cabassi resident in Via Benedetta 5/1 in Parma, Italy (TIN CBSNDR75D13G337V), email@example.com.
For what purposes we need the data of the interested party (art. 13, 1st paragraph GDPR).
The data is used by the Data Controller to process the request for the purchase of material, to manage and execute the requests for contact forwarded by the interested party, to provide assistance, to fulfill the legal and regulatory obligations to which the Data Controller is bound in relation to the activity carried out. In no case “Andrea Cabassi” and “Permettimi d’insistere” sells the personal data of the interested party to third parties or use them for undeclared purposes.
In particular, the data of the interested party will be processed for:
a) the registration and the requests for contact and / or information material
The processing of the personal data of the interested party takes place in order to carry out the preliminary activities and consequent to the request for registration, to the management of requests for information and contact and / or sending of informative material, as well as for the fulfillment of any other obligation arising. The legal basis of these treatments is the performance of the services inherent to the application for registration, information and contact and / or sending of informative material and compliance with legal obligations.
b) management of the contractual relationship
The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the purchase of a product, the management of the related order, the supply of the Service itself and / or the production and / or shipment of the purchased Product, the relative invoicing and payment management, the handling of complaints and / or reports to the assistance service and the provision of assistance, fraud prevention and the fulfillment of any other obligation deriving from the contract.
The legal basis of these treatments is the performance of the services relating to the contractual relationship and compliance with legal obligations.
c) promotional activities on Services / Products similar to those purchased by the interested party (Recital 47 GDPR)
The data controller, even without your explicit consent, may use the contact details provided by the interested party, for the purpose of direct sales of their Services / Products, limited to the case in which they are Services / Products similar to those covered by the sale, unless the interested party explicitly opposes it.
d) commercial promotion activities on Services / Products other than those purchased by the interested party
The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regards to Services / Products that the Owner offers only if the Interested party has authorized the processing and does not object to this.
This processing can be done in an automated way, with the following methods:
and can be done:
- if the interested party has not withdrawn his consent for the use of the data;
- if, in the event that the processing is carried out through contact with a telephone operator, the interested party is not registered in the register of oppositions referred to in D.P.R. n. 178/2010;
The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked freely by the interested party at any time (see Section III).
e) computer security
The Data Controller, in line with the provisions of Recital 49 of the GDPR, treats, even through its suppliers (third parties and / or recipients), the personal data of the interested party related to the traffic to a strictly necessary and proportionate extent to ensure the safety of the networks and information, namely the ability of a network or information system to withstand, at a given security level, unforeseen events or unlawful or malicious acts that compromise availability, authenticity, or integrity and confidentiality of personal data stored or transmitted.
The Owner will promptly inform the Interested Parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR concerning notifications of personal data breach.
The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out processing pertaining to the protection of the sites and systems of the “Andrea Cabassi” and “Permit me to insist” sites
The personal data of the interested party may also be processed for profiling purposes (such as analysis of the data transmitted and the chosen Services / Products, propose advertising messages and / or commercial proposals in line with the choices made by the users themselves) exclusively in the event that the interested party has provided explicit and informed consent. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).
g) fraud prevention (recital 47 and article 22 GDPR)
– the personal data of the interested party, with the exception of particular data (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow checks with the purpose of monitoring and preventing fraudulent payments, by software systems that perform a check in automated and preliminary way to the negotiation of Services / Products;
– overcoming these checks with a negative result will make it impossible to carry out the transaction; the interested party may in any case express his / her own opinion, obtain an explanation or contest the decision motivating his / her reasons to the Customer Assistance service or to the contact firstname.lastname@example.org;
– the personal data collected for anti-fraud purposes only, unlike the data necessary for the correct performance of the requested service, will be immediately canceled at the end of the control phases.
h) the protection of minors
The Services / Products offered by the Data Controller are reserved to subjects legally able, on the basis of the national legislation of reference, to conclude contractual obligations.
The Owner, in order to prevent illegitimate access to its services, implements preventive measures to protect its legitimate interest, such as checking the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.
Communication to third parties and categories of recipients (art. 13, 1st paragraph GDPR)
i) newsletters, delivery of product(s) samples or excerpts, promotional communications and proposals.
The Owner does not transfer your personal data to countries where GDPR is not applied (countries outside the EU) unless specifically indicated otherwise for which you will be informed in advance and your consent will be required if necessary.
The legal basis of these treatments is the performance of the services inherent in the relationship established, compliance with legal obligations and the legitimate interest of “Andrea Cabassi” and “Permettimi d’insistere” to carry out treatments necessary for these purposes.
What happens if the interested party does not provide his identified data as necessary for the performance of the requested service? (Article 13, 2nd paragraph, lett. And GDPR)
The collection and processing of personal data is necessary to process the requested services as well as to provide the Service and / or supply the requested Product. If the interested party does not provide the personal data expressly provided for as necessary within the order form or the registration form, the Owner will not be able to process the processing related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.
What happens if the interested party does not consent to the processing of personal data for commercial promotion activities on services / products other than those purchased?
In the event that the interested party does not give his consent to the processing of personal data for these purposes, said processing will not take place for the same purposes, without this having effects on the provision of the services requested, nor for those for which he already has given his consent, if requested.
In the event that the interested party has consented and should subsequently revoke it or oppose the processing for commercial promotion activities, your data will no longer be processed for such activities, without this involving consequences or effects detrimental to the Data Subject and to the services required.
How we treat the data of the interested party (art. 32 GDPR)
The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of personal data of the interested party and imposes similar security measures on third party suppliers and Data Processors.
Where we process the data of the interested party
The personal data of the interested party are stored in paper, computerized and telematic archives located in countries where the GDPR (EU countries) is applied.
How long is the data of the interested party stored? (Article 13, 2nd paragraph, letter a GDPR)
Unless they explicitly express their will to remove them, the personal data of the interested party will be kept until they are necessary with respect to the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of your registration and in any case no later than a maximum period of 12 (twelve) months of inactivity, or if, within that period, the Services and / or products purchased are not associated with the the registry itself.
In the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the Data Subject, for which he initially gave consent, these will be kept for 24 months, unless the consent given is revoked.
In the case of data provided to the Data Controller for the purposes of profiling, these will be kept for 12 months, unless the consent given is always revoked.
It should also be added that, in the event that a user forwards to “Andrea Cabassi” or “Permettimi d’insistere” personal data not requested or not necessary for the purpose of performing the requested service or for the provision of a service closely connected to it, “Andrea Cabassi” or “Permettimi d’insistere” cannot be considered the owner of these data, and will cancel them as soon as possible.
Regardless of the determination of the interested party to remove them, personal data will in any case be kept in accordance with the terms established by current legislation and / or national regulations, for the exclusive purpose of guaranteeing the specific requirements of certain services.
In addition, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) which remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the Data Controller will only keep the data necessary for the related prosecution.
The cases in which the rights deriving from the contract and / or the registry registration are asserted, in which case the personal data of the interested party, exclusively those necessary for such purposes, will be treated for the time necessary to the their pursuit.
What are the rights of the interested party? (articles 15 – 20 GDPR)
The interested party has the right to obtain from the data controller the following:
- a) confirmation that personal data concerning him is being processed and in this case, to obtain access to personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
- when possible, the period of storage of personal data provided or, if this is not possible, the criteria used to determine this period;
- the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing;
- the right to lodge a complaint with a supervisory authority;
- if the data are not collected from the interested party, all available information on their origin;
- the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the data subject.
- the appropriate guarantees provided by the third country (outside the EU) or an international organization to protect any data transferred
- b) the right to obtain a copy of the personal data subject to processing, provided that this right does not infringe the rights and freedoms of others; In case of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs.
- c) the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay
- d) the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay, if the reasons provided by the GDPR to the art. 17, among which, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and always if the conditions established by law exist; and in any case if the treatment is not justified by another equally legitimate reason;
- e) the right to obtain the treatment limitation from the data controller, in the cases provided for in art. 18 of the GDPR, for example where you have disputed the accuracy, for the period necessary for the Owner to verify its accuracy. The interested party must be informed, in due time, even when the suspension period has been completed or the reason for the limitation of the processing has ceased, and therefore the limitation itself revoked;
- f) the right to obtain communication from the holder of the recipients to whom requests for corrections or cancellations or limitations of processing have been transmitted, unless this proves impossible or involves a disproportionate effort.
- g) the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him and the right to transmit such data to another data controller without hindrance by the data controller to whom he supplied them , in the cases provided for by art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one data controller to the other, if technically feasible.
For any further information and in any case to send your request, you must contact the Owner at email@example.com. In order to guarantee that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.
How and when can the interested party object to the processing of their personal data? (Art. 21 GDPR)
For reasons related to the particular situation of the interested party, the same may object at any time to the processing of his personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Owner at firstname.lastname@example.org.
The interested party has the right to the cancellation of their personal data if there is no legitimate prevailing reason of the Owner with respect to the one that gave rise to the request, and in any case in the event that the Data Subject has opposed the processing for commercial promotion activities.
Who can the complainant propose? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the interested party may submit a complaint to the competent control authority in the Italian territory (Guarantor Authority for the protection of personal data) or to the one that carries out its tasks and exercises its powers in the Member State where the violation of the GDPR occurred. Any update of this Statement will be communicated promptly and by appropriate means and will also be communicated if the Owner processes the data of the Interested Party for purposes other than those referred to in this Notice before proceeding and following the manifestation of the relative consent of the Interested if necessary.
Cookies policy of the “Andrea Cabassi” and “Permettimi d’insistere” sites in compliance with the Privacy Guarantor directive.
This page describes the ways in which personal information is received and collected and how it is used by “Andrea Cabassi” and “Permettimi d’insistere”. To this end, cookies are used, that is, text files to facilitate user navigation.
1) What are cookies?
Cookies are text files that the sites you visit send to the user’s browser and which are stored before being re-transmitted to the site on the next visit.
2) What are cookies used for?
Cookies can be used to monitor sessions, to authenticate a user so that he can access a site without typing each time his name and password and to memorize his preferences.
3) What are technical cookies?
The so-called technical cookies are used for navigation and to facilitate access and use of the site by the user. Technical cookies are essential for example to access Google or Facebook without having to log in to all sessions. They are also very delicate operations such as home banking or credit card payment or other systems.
4) Are Analytics cookies technical cookies?
In other words, cookies that are inserted into the browser and retransmitted by Google Analytics or through the Blogger Statistics service or similar are technical cookies ?. The Guarantor has stated that these cookies can be considered technical only if “used for the purpose of optimizing the site directly by the owner of the site itself, which can collect information in aggregate form on the number of users and how they visit the site. Under these conditions, for analytics cookies the same rules apply, in terms of information and consent, provided for technical cookies. “
5) What are profiling cookies?
They are used to track user navigation to create profiles on his tastes, preferences, interests and even his research. It will certainly have happened to you to see advertising banners related to a product that you just searched for on the internet. The reason lies precisely in the profiling of your interests and the servers appropriately addressed by cookies have shown you the ads deemed most relevant.
6) Is user consent required to install cookies on your terminal?
For the installation of technical cookies no consent is required while profiling cookies can be installed in the user terminal only after the latter has given consent and after having been informed in a simplified way.
7) How can webmasters request consent?
The Privacy Guarantor has established that when the user accesses a website, a banner containing a brief information, the request for consent and a link for the more extensive information such as that shown on this page should appear on which what profiling cookies are and how they are used on the site in question.
8) How should the banner be made?
The banner must be designed to hide part of the content of the page and specify that the site uses profiling cookies, including those of third parties. The banner must be able to be eliminated only with an active action by the user as it could be a click.
9) What indications should the banner contain?
The banner must contain the brief information, the link to the extended information and the button to give consent to the use of profiling cookies.
It is permissible to use a technical cookie that takes into account the user’s consent so that the user does not have to express his consent again on a subsequent visit to the site.
No. You can use other systems as long as the identified system has the same requirements. The use of the banner is not necessary for sites that use only technical cookies.
12) What should be included in the more extensive information page?
The characteristics of the cookies installed also by third parties must be illustrated. You must also indicate to the user the ways in which to browse the site without having your preferences traced with the possibility of browsing in incognito and with the cancellation of individual cookies.
13) Who is required to inform the Guarantor who uses profiling cookies?
The site owner has this burden. If you use only third-party profiling cookies on your site, you do not need to inform the Guarantor, but you must indicate which third-party cookies are and indicate the links to the information in this regard.
14) When will this legislation come into effect?
The Guarantor has given one year to get in order and the deadline is 2 June 2015.
COOKIES USED ON THIS SITE
Log files: Like many other websites, this also uses log files, that is, it records the history of operations as they are performed. The information contained in the log files includes IP addresses, browser type, Internet Service Provider (ISP), date, time, entry and exit page and the number of clicks. All this to analyze trends, administer the site, monitor the user’s movement within the site and collect demographic data, IP addresses and other information. This data cannot be traced back to the identity of the user in any way.
The website www.andreacabassi.com and www.permettimidinsistere.com and its administrator have no control over the cookies that are used by third parties, therefore, to deepen the theme, it is advisable to consult the privacy policies of these third parties as well as the options to disable the collection of this information. The administrator of this site cannot therefore control the activities of the advertisers of this blog. It is however possible to disable cookies directly from your browser. The site www.andreacabassi.com and www.permettimidinsistere.com does not use own profiling cookies but those present are exclusively controlled by third parties such as Google, Facebook or Twitter.
USE OF GOOGLE ANALYTICS AND STATCOUNTER ON THIS SITE
As said cookies analytics are considered technical if used only for optimization purposes and if the users’ IPs are kept anonymous. We inform the user that this site uses the free service of Google Analytics and Statcounter. We remind you that the data is used only to have the data of the most visited pages, the number of visitors, the aggregate data of visits by operating system, by browser, etc. These parameters are stored on Google’s servers and statcounter which governs their Privacy according to these guidelines.
A user can disable Google Analytics or statcounter while browsing using the additional component available for Chrome, Firefox, Internet Explorer, Opera and Safari.