WHY THIS NOTICE
This page describes how to manage the site in relation to the processing of personal data of users who consult it. This is an information that is provided pursuant to art. 13 of the European Regulation 679/2016 (GDPR) to those who interact with the web services of the site https://www.nicolettagava.it/, accessible electronically from the address: https://www.nicolettagava.it/. The information is provided only for the site of https://www.nicolettagava.it/. The information is also based on the Recommendation n. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by the art. 29 of the directive n. 95/46 / EC, adopted on 17 May 2001 to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages, regardless of the purpose of the link. The Recommendation and a summary description of its purposes are reported in other pages of this site.
OWNER AND EXTERNAL MANAGER OF THE TREATMENT
The data controller is the company Nicoletta Gava S.r.l., in the person of the legal representative with registered office in Via Don Minzoni, 14 - 10121 Turin.
External Data Processor (appointed under Article 28 of the GDPR) is the company IDEAREWEB DI FABRIZIO SANSON Registered office in Sarre (AO) Fraz. Grand Cré n. 84
You can exercise your rights with a written request sent to Nicoletta Gava S.r.l. to the postal address of the registered office or to the email address firstname.lastname@example.org.
PURPOSE OF NAVIGATION DATA
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.
PURPOSE OF DATA PROVIDED VOLUNTARILY
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
The compilation of registration data and the use of e-commerce services will be aimed at the possible correct and complete execution of commercial / contractual relationships for the legal obligations envisaged:
- legal obligations connected to commercial relationships
- legal obligations connected to contractual relationships
- obligations under laws and regulations
- compliance with the provisions of Authorities legitimated by the law and by supervisory and control bodies
- processing cases implemented by the public administration governed by law
- prevention of fraud and "network and information security"
- communication of offenses to the judicial authority
- sending communications and information relating to the services provided by the Data Controller.
Only on specific and distinct consent the data will be processed for the following marketing purposes: sending of advertising material and information on promotional activities of the company Nicoletta Gava S.r.l..
LEGAL BASIS OF TREATMENT
The Company Nicoletta Gava S.r.l. and the external manager the company IDEAREWEB DI FABRIZIO SANSON process your personal data lawfully, where the treatment:
(a) it is necessary for the performance of a contract of which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the latter;
b) is necessary to fulfill a legal obligation to which the data controller is subject;
(c) it is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the holder of the treatment;
d) is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or the fundamental rights and freedoms of the data subject who request the protection of personal data do not prevail.
e) the interested party has given his consent to the processing of his personal data for one or more specific purposes
DATA PROFILING AND DIFFUSION
Your personal data are not subject to disclosure or to any fully automated decision making process, including profiling.
The provision of data is mandatory to access the e-commerce services of the site https://www.nicolettagava.it/, a refusal will make it impossible to give way to contracts and legal obligations. For marketing purposes, conferment is optional.
The personal data, object of treatment for the above mentioned purposes, will be kept for the duration of the contract and, subsequently, for the time in which the Controller is subject to conservation obligations for fiscal purposes or for other purposes, foreseen, by law or regulation.
PLACE OF TREATMENT
The data collected by the site are processed at the headquarters of the Data Controller, and at the Web Hosting datacenter. Web hosting (Aruba), which is responsible for processing data, processing data on behalf of the holder, is located in the European Economic Area and acts in accordance with European standards.
DATA TRANSFER IN EXTRA EU COUNTRIES
This site may share some of the data collected with services located outside the European Union for some of the features described below.
- Contact management and sending of messages
This type of service allows you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services may also allow us to collect data relating to the date and time the messages are displayed by the User, as well as to the User's interaction with them, such as information on clicks on the links inserted in the messages.
MailChimp (The Rocket Science Group, LLC.)
MailChimp is an email address management and mailing service provided by The Rocket Science Group, LLC.
Personal Data collected: surname, email address and first name.
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.
This integration of Google Analytics makes your IP address anonymous. Anonymisation works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries participating in the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google's servers and shortened within the United States.
Personal Data collected: Cookies and Usage Data.
The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular Decision 1250/2016 (Privacy Shield - here the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
Your personal data will be communicated to third parties exclusively for purposes strictly related to the purposes indicated and in particular to the categories listed below:
- agents, accountants and lawyers who provide functional services for the purposes indicated above;
- judicial or administrative authorities, for the fulfillment of legal obligations.
Your data will not be transferred to third countries not belonging to the European Union.
RIGHTS OF THE INTERESTED PARTY
At any time, you may exercise, under Articles 15 to 22 of the GDPR, the right to:
a) request confirmation of the existence or otherwise of personal data;
b) obtain information on the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the retention period;
c) obtain the correction and deletion of data;
d) obtain the treatment limitation;
e) obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without hindrance;
f) oppose the processing at any time and also in the case of treatment for direct marketing purposes;
g) to oppose an automated decision-making process concerning individuals, including profiling.
h) ask the data controller to access personal data and to rectify or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability;
i) withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
j) to propose a complaint to a supervisory authority (Privacy Guarantor - link to the page of the Guarantor).