Information on the processing of personal data (Data protection legislation – Legislative Decree no. 196 dated 30/06/2003 – Art. 13 – EU Regulation 679/2016 on the processing of personal data – Art. 13 – Legislative Decree 101/2018)
Calabughi S.r.l. with registered office in Via Mercanti, 8 – 56127 – Pisa (PI), Tax code and VAT number 02004130502 (hereinafter, “Holder”), as data controller, informs you pursuant to art. 13 of Legislative Decree no. 196 dated 30/06/2003 (hereinafter, “Privacy Code”), Article 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) and Legislative Decree 101/2018 that your data will be processed in the following manner and for the following purposes:
Scope of Processing
The Data controller processes personal data, including particular (for example, name, surname, company name, address, telephone number, e-mail address, bank and payment references, general and specific information on the persons concerned aimed at the proper performance of the contract) – hereinafter, “personal data” or also “data” communicated by you when concluding contracts for services of the Data controller. Processing of personal data is intended as any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other form of sharing, comparison or interconnection, limitation, cancellation or destruction.
Purpose of processing
Your personal data are processed:
- A) without your express consent (Article 24 letters a), b) and c) of the Privacy Code, letters b) and e) of GDPR), for the following Service Purposes:
– allow the user access to the site www.cetilarsport.it;
– conclude contracts for the services of the Data Controller;
– to fulfil the pre-contractual, contractual and tax obligations deriving from existing business relationships with you;
– to fulfil the obligations contemplated by law, by a regulation, by community legislation or by an order of the Authority;
– to exercise the rights of the Data Controller, for example the right of defence in court.
- B) For the performance, with your prior express written consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), of direct marketing activities, such as the sending – also by e-mail and SMS – of advertising material, newsletters and communications with information and/or promotional content in relation to products or services provided and/or promoted by the Data Controller or his business partners, including free gifts and samples.
- C) For the performance, with your express written consent, of activities of individual, aggregate, market research and third party profiling, aimed, for example, at the analysis of consumer habits and choices, the production of statistics on the same or the evaluation of the degree of satisfaction with respect to products and services offered. We inform you that for the provision of consent to the processing of your data by third party websites that profile through cookies and similar tools (e.g. Facebook), we invite you to visit the policies of the relevant social media.
2.1 Type of data collected
Pursuant to EU Regulation 679/2016 on the processing of personal data, when using our services, you agree that our company may collect some of your personal data. The purpose of this policy is to tell you what information we collect, why and how we use it.
2.1.1. Data provided by the user
When you buy or request a quote online we ask you to provide us with some data that are needed in order for you to use our services.
These are, by way of a non-limiting example, the data we request from you:
Name, Surname, Company and Reference
email address
tax number
telephone number, fax number, address
Payment information
2.1.2. Data that we automatically collect from the website
We collect the following data through the services we use
technical data: e.g. IP address, browser type, information about your computer, information about the current (approximate) location of the instrument you are using;
data collected using cookies or similar technologies.
Processing procedures
Processing of your personal data is performed through the operations specified in art. 4 of
Commented [User1]: No changes required the Privacy Code and art. 4 no. 2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data can be processed using paper and electronic and/or automated means. The data relating to the purposes referred to in point 2.A) will be kept for 10 years in relation to tax or legal requirements while all other data, including those relating to the purposes referred to in point 2.B) and 2.C), will be kept for 2 years from the date of termination of the purpose of the service offered.
Access to data
Your data may be made accessible for the purposes referred to in Article. 2, and, with your prior consent 2.B) and 2.C) to:
Data Controller employees and collaborators as appointed persons and/or internal data processing managers and/or system administrators; third-party companies or other entities (by means of example, bank institutions, professional firms, consultants, business partners, insurance companies for the provision of insurance services, etc.) that carry out outsourced activities on behalf of the Data Controller, as external data processing managers.
Data communication
Without the need for express consent (pursuant to art 24 letters a), b), c) of the Privacy Code and article 6 letters b) and c) of the GDPR), the Data Controller may communicate its data for the purposes set out in art. 2.A) to supervisory bodies, court authorities, insurance companies for the provision of insurance services, as well as to those entities to whom the communication is mandatory by law for said purposes. These entities will process the data as independent data controllers. Only with your consent for the purposes set out in item 2.B) and 2.C) to third party companies such as business partners and event organizers.
Your data will not be disclosed.
Data transfer
Personal data are not stored on servers located outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures with immediate effect that the transfer of data outside the European Union will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
Nature of data provision and consequences of refusal to respond It should be noted that with reference to the purposes referred to in point 2.A) of the paragraph “Purposes of processing” in the absence of personal data concerning you and the associated consent to treatment, the service cannot be provided. On the other hand,
failure to provide data for the purposes set out in items 2.B) and 2.C) of the paragraph “Purposes of processing” will not have any effect on the provision of services.
Rights of the interested party
In your capacity as interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 of the GDPR and precisely the rights of:
obtain confirmation as to whether or not personal data concerning you exist, even if not yet recorded, and their communication in intelligible form; obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the help of electronic means; d) the identification details of the data controller, managers and of the appointed representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing; obtain: a) the updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; to object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; where applicable, you also have the rights under Articles 16-21 of the GDPR (Right of rectification, right to be forgotten, right of restriction of processing, right to data portability, right of opposition), as well as the right of complaint to the Data Protection Authority.
How to exercise your rights
You can exercise your rights at any time by sending:
a registered letter with advice of receipt to – Calabughi S.r.l. with registered office in Via Mercanti, 8 – 56127 – Pisa (PI) or an e-mail to info@calabughi.com.
Data controller, manager and appointed individuals
The data controller is Calabughi S.r.l. with registered office in Via Mercanti, 8 – 56127 – Pisa (PI), CF and VAT 02004130502. The updated list of data managers and individuals appointed to data processing is stored at the registered office of the Data Controller.