In compliance with the obligations established by the European Privacy Regulation EU / 2016/679 (GDPR) we hereby intend to inform you about the processing of personal data freely given by you and / or by other subjects communicated to Bottega al Mare srl., In particular through:
• browsing web pages, using online services, filling out forms on our applications and within the bottegaalmare.com and bottegaalmare.it website
• the compilation of paper forms provided by us. Data processing will be carried out in compliance with the privacy regulations in force and based on principles of correctness, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and non-excess.
1. Identity and contact details of the owner
2. Contact details of the data protection officer (DPO)
3. Categories of personal data processed and purposes of the processing for which the personal data are intended and related legal basis
3a. Data collected without the need for your explicit consent (pursuant to Article 6, paragraph 1, letters b, c, f of the GDPR) and for what purposes:
• During the navigation and use of the Company Website, the following information may be collected and processed for exclusive purposes of security and improvement of the service offered: data relating to the tracking of the navigation path and the technology used by the user, data registration, statistics on pages viewed and advertising data (see 'Cookies Policy').
• personal data freely provided by you and / or by other subjects communicated to KILIS sas, in particular by filling in forms on our applications or on paper, such as: name and surname, address of residence or domicile, email address, telephone number, tax code, VAT number.
The purposes for which they can be used without your consent are the following:
- for the achievement of purposes related to obligations established by laws, regulations or community regulations;
- for activities related to the establishment, management and continuation of commercial and / or contractual relationships; - for activities necessary to respond to requests received by you and to provide technical and commercial assistance and support services;
- for the pursuit of legitimate business interests or of third parties.
3b. With your consent (pursuant to article 6, paragraph 1 letter a and article 7 of the GDPR), explicit, specific and free, through the dedicated web or paper forms, for the following purposes:
• sending newsletters and commercial and / or technical communications;
• profiling activities;
• market surveys - conducted internally or with external companies - via e-mail or with a telephone operator.
Any refusal, even if legitimate, to provide all or part of the above data, could make it difficult to access and use our web applications and online services and compromise the smooth running of the relationship with our structure. and in particular, for personal data defined as mandatory and indispensable, it could make it impossible to access and use our web applications and online services and make it impossible for us to carry out normal business operations and the regular supply of the requested products / services.
4. Processing methods
The processing of your personal data is carried out with or without the aid of computer systems, including automated ones - and may consist of the following operations: collection, registration, organization and storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection , transmission, communication, dissemination, cancellation, destruction, blocking and limitation. In carrying out the processing operations, all technical, IT, organizational and procedural security measures will always be adopted, so that the minimum level of data protection required by law is guaranteed. The aforementioned methodologies, applied for processing, will guarantee access to data only to the subjects specified in point 5.
5. Categories of recipients of personal data
The subjects or categories of subjects who may become aware of personal data or to whom they may be communicated are the following:
• Legal Representative of the Data Controller, dpo, system administrator and employees and persons in charge of processing the following areas: Management, Administration and Finance, Technical Area, Production, Logistics, Information Systems, Quality, Marketing and Sales.
• Data processors, for example: legal entities of Bottega al Mare srl, IT consultants, IT companies and software houses, consultants and consultancy companies, freelancers, self-employed workers, agents and representative agencies, auditors and auditing companies, companies transport and logistics.
• Judicial or supervisory authorities, administrations, public bodies and organizations (national and foreign), but exclusively for the purpose of fulfilling legal obligations, regulations or community legislation. Personal data may also be disclosed, but only in aggregate, anonymous form and for statistical purposes.
6. Storage and transfer of personal data abroad
The management and storage of personal data takes place in the cloud and on servers located within the European Union owned and / or available to the Data Controller and / or third-party companies, duly appointed as data processors.
7. Retention period of personal data
The data will be collected and recorded only for the purposes described below and will be kept for a period strictly necessary for these purposes, in any case not exceeding twenty-four months from their collection for marketing purposes, twelve months from their collection for profiling and for automated decisions and ten years from their collection for administrative or legal purposes.
8. Exercisable rights
In compliance with the provisions of the GDPR, you can exercise the rights indicated therein and in particular:
8a. You can always request at any time from the Legal Representative of the Data Controller or the Data Protection Officer, a copy of your personal data, information regarding the location where your personal data are processed and an updated list with the identification details of all the Data Processors and System Administrators authorized to process your data.
8b. At any time, you can freely revoke the consent given, without any burden and prejudice to the lawfulness of the treatments carried out up to that moment, and exercise the following rights of the interested party towards the Data Controller as provided for by the European Privacy Regulation EU / 2016/679 of Access, Rectification, Cancellation, Limitation, Opposition, Portability and Complaint to the Privacy Guarantor. The request can be made using the UNSUBSCRIBE functionality of the newsletters or by writing an email to email@example.com