The
personal data of the Users will be processed lawfully by the Data Controller
pursuant to Article 6 of the Regulation for the following processing purposes
executing the User’s request: the personal data of the Users are collected
and processed by the Data Controller with the only purpose to reply to their
query. The Data Controller will collect the following personal data in order to
be able to reply to the User’s request: name, surname, email address, and any
other information relating to the User possibly and voluntary given by the User
to the Data Controller. No other processing will be carried out by the Data
Controller in relation to the Users’ personal data. Without prejudice to what
is stipulated elsewhere in this privacy policy, under no circumstances the
Controller will make the personal data accessible to other Users and/or third
parties;
accounting-administrative purposes, or in order to carry out organisational,
administrative, financial and accounting activities, as internal organisational
activities and activities aimed at fulfilling contractual and precontractual
obligations;
legal obligations, or in order to fulfil obligations provided by the law or the European
laws and regulations.
The
provision of personal data for the processing purposes indicated above is
optional but necessary, since failure to provide such data will make it
impossible for the User to make a request to the Controller.
4. LEGAL BASIS
Execution
of the User’s request (as described in paragraph 3, letter a) above): the legal basis is
Article 6, paragraph 1, letter b) of the Regulation, since the processing is
necessary for the performance of a contract to which the User is party or in
order to take steps at the request of the User prior to entering into a
contract.
Accounting-administrative
purposes (as
described in paragraph 3, letter b) above): the legal basis is Article 6,
paragraph 1, letter b) of the Regulation, since the processing is necessary for
the performance of a contract to which the User is party or in order to take
steps at the request of the User prior to entering into a contract.
Legal
obligations (as
described in paragraph 3, letter c) above): the legal basis is Article 6,
paragraph 1, letter c) of the Regulation, since the processing is necessary for
compliance with a legal obligation to which the controller is subject.
5. PROCESSING METHODS AND DATA
RETENTION PERIOD
The Data
Controller will process the personal data of Users using manual and IT tools,
with logic strictly related to the purposes themselves and, in any case, in
order to guarantee the security and confidentiality of the data.
The
personal data of the Users will be retained for the time strictly necessary to
carry out the main purposes explained in paragraph 3 above or, in any case, as
necessary for the protection in civil law of the interests of both the Users
and the Data Controller.
6.TRANSMISSION AND
DISSEMINATION OF DATA
The User’s
personal data may be transferred outside the European Union and, in this case,
the Data Controller will ensure that the transfer is carried out in accordance
with the Applicable Law and, in particular, in accordance with Articles 45
(Transfer on the basis of an adequacy decision) and 46 (Transfer subject to
appropriate safeguards) of the Regulation.
The
employees and/or collaborators of the Data Controller who are in charge of
carrying out Website maintenance may become aware of the personal data of the
Users. These subjects, who have been instructed by the Data Controller
accordingly to article 29 of the Regulation, will process the User's data
exclusively for the purposes indicated in this policy and in compliance with
the provisions of the Applicable Law.
The
personal data of the Users may also be disclosed to third parties who may
process personal data on behalf of the Data Controller as “Data Processors”,
such as, for example, IT and logistic service providers functional to the
operation of the Website, outsourcing or cloud computing service
providers, professionals and consultants.
Users have
the right to obtain a list of any data processors appointed by the Data
Controller, making a request to the Data Controller in the manner indicated in
paragraph 7 below.
7.RIGHTS OF THE DATA SUBJECTS
Users may
exercise their rights granted by the Applicable Law by contacting the Data
Controller as follows:
Online:
Contacting customer service through the dedicated contact form;
By Mail:
Sending a registered letter with return receipt to the registered offices of the Data Controller (Via Comelico, 3, 20135 Milano);
For specific requests to be sent to our Data Protection Officer:
Users may also contact the Data Protection Officer (DPO) of the Data Controller, the contact data of which is reported below: Italian company Shibumi S.r.l.- e-mail: dpo@iumob.it. Pursuant to
Applicable Law, the Data Controller informs that Users have the right to obtain
indication (i) of the origin of personal data; (ii) the purposes and methods of
the processing; (iii) the logic applied in the event of processing carried out
with the aid of electronic instruments; (iv) of the identification details of
the data controller and processors; (v) the subjects or categories of subjects
to whom the personal data may be communicated or who may come to aware of them
as processors or agents.
Furthermore,
Users have the right to obtain:
a) access, updating, rectification, or,
when interested, integration of data;
b)
the cancellation, transformation into anonymous form or
the restriction of data processed in breach of the law,
including data that does not need to be stored in relation to the purposes for
which the data was collected or subsequently processed;
c)
certification to the effect that notification has been supplied of operations
as per letters a) and b), as also regards their content, to those to whom the
data was communicated or disseminated, except for the case where notification
proves impossible or requires the use of means clearly disproportionate to the
right being protected.
Moreover,
the Users have:
a) the
right to revoke consent at any time, if the processing is
based on their consent;
b) (where
applicable) the right to data portability (the right to
receive all personal data concerning them in a structured format, commonly used
and readable by automatic device);
c)
the right to oppose to: