INFORMATION ON THE PROCESSING OF PERSONAL DATA

***

For the purposes of the protection of individuals with regard to the Processing of their personal data as well as the free movement of the same, orienting this Processing to the principles of lawfulness, correctness and transparency, in accordance with EU Regulation 2016/679 and the applicable Italian legislation on the matter, and in relation to the personal data of which ‘900 e design will come into possession – through the website www.900edesign.it (hereinafter also simply “the Site”) or the other contact channels indicated therein – and will carry out its processing, the following information is provided.

1. Data controller.

The Data Controller of personal data is Marchisio Chiara, based in Via Vico 18, 12084 – Mondovì – CN tel. 3393558855, e-mail 900 and design@gmail.com – VAT number 03507760043

2. Contact details of the DPO-DPO

The data protection officer (DPO or DPO) can be contacted by e-mail, at design@gmail.com, or by phone, at 3393558855

3. Purposes of the processing for which personal data are intended

With the exception of navigation data and cookies (referred to in a different disclosure), personal data that the Data Subject communicates through the Site and other contact channels may be processed for the purposes set out below.

A) Contract performance or inquiries

The Data Controller may process “common” personal data (e.g., identification data, contact data, etc.), for the performance of a contractual relationship, as well as to respond, even before the conclusion of the contract, to contact needs expressed or, if required, fulfill specific requests made by the Data Subject (including cost estimates).

B) Pursuit of other purposes

The Controller may also process common personal data to fulfill any legal obligations, or to pursue other legitimate interests of the Controller, such as defense in court, or statistical calculations.

4. Legal basis for treatment

The legal bases for the processing referred to the purpose indicated in 3.A) above are the need to execute the contract to which the Interested Party is a party, or pre-contractual measures taken at the request of the same Interested Party.

The legal bases for the processing referred to in the purposes indicated in 3.B) above are the need to fulfill legal obligations to which the Controller is subject, or the legitimate interest of the Controller.

5. Categories of recipients to whom personal data have been or will be disclosed

The categories of Recipients to whom personal data have been or may be disclosed are as follows:

1. Any parties external to the Owner, whose activity is necessary for the fulfillment of the contract (such as banks, credit card and insurance providers, couriers and holders of independent processing);
2. persons authorized and instructed by the Owner, who have committed to confidentiality or have an appropriate legal duty of confidentiality (e.g., employees of the Owner);
3. Any Managers, with whom a contract is entered into under Article 28 GDPR;
4. the Holder may also have to communicate or transmit data to Public Authorities, including judicial authorities.

These recipients are not located in third countries, nor are they international organizations.

Personal data are not subject to dissemination.

6. Period of retention of personal data

The Data Controller retains the Data Subject’s data for a period of 12 months, unless a different period is necessary, in order to achieve the stated purposes (such as the duration of legal proceedings).

7. Nature of data provision and consequences of refusal

Disclosure of data marked with an asterisk is necessary: failure to provide it will make it impossible for the Holder to provide what is to be requested by the data subject.

Disclosure of data without an asterisk is optional: failure to provide it will still allow us to provide what to be requested.

8. Rights of the Interested Party

The EU Regulation guarantees the Data Subject the following rights with regard to the processing of personal data:

1. Right of access with possible request for a copy of the processed data (Art. 15 GDPR);
2. Right to rectify inaccurate personal data without undue delay as well as to supplement incomplete personal data (Art. 16 GDPR);
3. Right to the deletion of personal data without undue delay – the so-called ‘right to be forgotten’ – for any of the reasons stated in (a) to (f) of Art. 17 GDPR;
4. Right to limitation of processing for any of the cases indicated from (a) to (d) of Art. 18 GDPR;
5. Right to data portability (Art. 20 GDPR);
6. Right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Art. 6, paragraph 1, letters (e) or (f) GDPR, including profiling; i.e., where data are processed for direct marketing purposes – to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such direct marketing (Art. 21 GDPR).

Inquiries should be addressed by e-mail to dpo@tunnelmb.com.

8. Right to file a complaint with the Supervisory Authority

A Data Subject who believes that the processing of personal data concerning him or her violates EU Regulation 2016/679 may lodge a Complaint with the Supervisory Authority (for Italy: Garante per la protezione dei dati personali www.garanteprivacy.it).

9. Amendments to this policy

This Policy is effective as of 10-12-2018.

The Owner reserves the right to change its content, in part or in full, including due to changes in the Privacy Policy.

The Holder will make the Publication on the Site of the updated version of this act, and from that moment it will be binding: the Interested Party is therefore invited to visit this section regularly.