INFORMATION ON THE PROCESSING OF PERSONAL DATA UNDER ARTICLES. 13 – 14 OF EU REGULATION 2016/679
As per EU Regulation 2016/679 (hereinafter referred to as “the Regulation” or “GDPR”) and the national data protection laws in force, this information is provided to individuals who make purchases through the data controller’s website (e.g. individual or corporate customers)
or those operating in the name and on behalf of customers
, hereinafter referred to as data subjects
1.Data controller: Light Engineering + Design Srl,
with legal headquarters in Via San Marco 11 C int. 56, 35129 Padua (PD), tax code/VAT n° 04706910280, phone: +39 049 0980809, e-mail: firstname.lastname@example.org
2.Type of data processed
– The personal data processed is collected directly from the data subject, those operating on their behalf, or the company they work for in the pre-contractual stage, and during stipulation and conclusion of the contract. This includes personal data (first and last name etc.), contact details (phone number, e-mail address, etc.); in the event of a purchase, data pertaining to the means of payment, credit information etc. is also collected. The data controller does not handle any so-called “sensitive” data (see Article 9 of the GDPR). In accordance with the provisions in the GDPR and existing privacy laws, the processing of personal data takes place via manual, paper, computer and telematic means, included automated tools, according to the principles of fairness, law and transparency in order to ensure the security and confidentiality of the data itself. In particular, processing may be done through automated systems (such as e-mail or other types of electronic communication) and traditional systems.
The provision of personal data for such purposes is not mandatory, and processing it requires the consent of those concerned. Failure to provide consent will not affect the service provided but will make it impossible for the data controller to send you personalized marketing or promotional information for the purposes of profiling. The legal basis for this processing is identified in the consent given
- Purpose, legal basis of processing, and mandatory data provision – The data controller processes personal data for the following purposes:
- For purposes that are closely related and instrumental to the management and conclusion of contracts with customers (e.g., acquisition of information before the conclusion of a contract, provision of services, management of orders, customer assistance, etc.). The provision and processing of personal data for this purpose is necessary to the extent that the data subjects consider it necessary to provide it in order to ensure the effectiveness of the pre-contractual, sales and assistance activities carried out by the data controller. Such processing operations do not require the express consent of the data subject. The legal basis for the processing is identified as the need to conclude a contract and provide the purchased goods or services;
- In the case of an individual or corporate data subject, for the purposes of protecting the data controller’s assets and rights, such as the acquisition of information related to the solvency of the same or for credit recovery. This data is required for the conclusion of the contract. The legal basis of the processing is identified as the legitimate interest of the data controller, and no express consent is required;
- For direct/indirect marketing and profiling purposes, respectively (including but not limited to):
1. Sending business information and newsletters, communication of promotional initiatives and events organized by the data processor
2. Assessment and prediction of the customer’s interests and preferences on the basis of website visits or as revealed by data collected by third parties in order to offer targeted and personalized products and services.
- Categories of recipients of personal data: personal data, within the limits and with the specified purposes, may be disclosed or become aware of and therefore be processed by:
1. Employees and consultants of the data controller, agents, companies that provide IT services (website management, internet services, etc.), potentially in their capacity as external data processers
2. Intermediaries involved in the payment for the purchased goods
3. Electronic invoicing management companies and recipient entities, potentially in their capacity as external data processers
4. Shippers or couriers involved in delivering the purchased goods
5. Companies specialising in customer credit information systems, and persons or companies charged with credit recovery
6. Persons who can access the data under law or EU legislation, within the legal limits
The full list of recipients is available at the data controller’s headquarters.
Light Engineering + Design Srl
Foris l’Origine delle Idee
- The full list of recipients is available at the data controller’s headquarters: this personal data is processed for the duration of the business relationship and thereafter for a maximum period of 10 years; the data is retained for marketing/profiling purposes until consent is revoked.
- Transfer of data abroad: processing is normally carried out in Italy, but for specific business processes personal data could be transferred to non-EEA countries; in such cases data protection is ensured by special contractual clauses.
- Automated decision-making processes: any automated decision-making process is excluded. The data controller performs profiling for the above purposes and with your consent the processing is always overseen by the data controller with the intervention of specialized personnel.
- The data subject’s rights: the data processor hereby informs you that as a data subject you have the following rights in relation to the data provided:
A. Access to data and acquisition of a copy. You have the right to obtain confirmation from the data controller whether or not processing of your personal data is in progress and, in this event, to obtain access to personal data and the information provided for by Article 15 of the GDPR including, but not limited to: the purpose(s) of the processing, the categories of personal data processed, etc.;
B. Amendment. You have the right to obtain from the data controller the correction, amendment or completion of any inaccurate or incomplete personal data, providing adequate documentation;
C. Deletion of personal data. You may ask the data controller to delete your personal data, if one of the reasons provided for by Article 17 of the GDPR exists, including, but not limited to: if your personal data is no longer necessary for the purposes for which it has been collected or otherwise processed, or if you have revoked your consent to the processing of your personal data and there is no legitimate reason for processing. The data controller will not be able to proceed with the deletion of your personal data under the following circumstances: if its processing is necessary, for example, for the fulfilment of a legal obligation, or for the verification, exercise or defence of a right in court;
D. Limitation of processing. You have the right to obtain limitation of the processing of your personal data as provided for by Article 18 of the GDPR, including, for example: a dispute about the accuracy of your personal data, for the period necessary for the data controller to carry out the appropriate checks; and objecting to the processing, pending the appropriate checks by the data controller on the validity of the reasons that legitimize the processing itself.
E. Portability of electronic data that is subject to automated processing. You have the right to obtain from the data controller a copy of the personal data provided by you in a common and structured format, readable by automatic device (example: computer and/or tablet), and to transmit the personal data you provided to another data controller or processor without impediment by the data controller on the basis of your precise authorization and direction.
F. To object to processing. You have the right to block the processing of your personal data if it is carried out for the pursuit of a legitimate interest of the data controller (including profiling), unless there are legitimate reasons for the processing (reasons prevailing over the interests, rights and freedoms of the person concerned), or processing is necessary for the verification, exercise or defence of a right.
G. Revocation of consent. You have the right to revoke your consent to the processing of your personal data without prejudice to the legality of the processing based on the consent acquired before the withdrawal.
H. Complaint. You have the right to complain to the relevant regulator, i.e. the Data Protection Authority
- Contact details: for any clarification and to exercise your rights, please contact the data controller in writing to:
Via San Marco, 11 C int. 56
35129 – Padova
or by e-mail to email@example.com