Information on the processing of personal data of visitors to the www.savefumisteria.it website

Pursuant to the sense and effect of art. 13 of Regulation 679/2016 (EU) and the member nation legislation applicable

Latest update: 12/10/2018

1. Overview

Save S.r.l., hereinafter referred to as the Company, as the Data Controller, has developed this Web Policy Informative Letter in order to describe the management of the “www.savefumisteria.it” website as regards the processing of the personal Data of visitors to this site. This information is provided—as per art. 13 of Regulation 679/2016 (EU) governing the protection of personal data—to all those who visit the Company’s website and use the services it provides. This information is provided only for the above-mentioned website and not for other websites that may be consulted through links. This information, together with the Cookies Policy, is an integral part of the Company’s website and the services it offers. Access to and use of the website are based on the assumption that this Web Policy has been read and understood. If you do not agree with this Policy, please do not use our website. The Company may amend or simply update all or part of this Web Policy. Any changes or updates to it will be available to all users in the Privacy section of the website as soon as the updates are active and will be binding as soon as they are posted on the website in this section. If you do not agree to these changes, you may discontinue use of our website. Your continued use of our website and our products and services following the posting of such changes and/or updates will constitute your acceptance of the changes and acknowledgement of the binding nature of the new terms and conditions.
Save S.r.l. informs you that the processing of your personal data will be based on the principles of lawfulness, correctness, transparency, limitation of purpose and storage, data minimization, accuracy, integrity and confidentiality. Personal data will therefore be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations therein.

2. Identification of the Data Controller

The Data Controller (hereinafter “Data Controller”) of the personal data collected at this website is the Save S.r.l. Company with registered office in Chiuppano (VI), Via Enrico Fermi, 16/A (VAT no. 02111460248).

3. Type of personal data processed

3.1 Navigation data

During normal operation, the computer systems and software procedures used to operate this website acquire items of personal data that are transmitted implicitly through the use of Internet communication protocols. This information is not collected for association with specifically identified Data Subjects but by their very nature could, through processing and association with data held by third parties, allow such subjects to be identified. The following items of data may be collected: (1) the types of browsers and versions used, (2) the operating system used by the access system, (3) the website from which an access system reaches our website (so-called referrers), (4) the sections, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the access system, and (8) any other data and similar information that may be used in the event of attacks on our information technology systems.
These data items are used only to obtain anonymous statistical information on the use of the website and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

3.2 Cookies

Some personal information regarding the access of the Data Subject to the Website is collected through the use of cookies. For further information on the Company’s Cookies, please see the extended version of its Cookies Policy.

3.3 Data provided voluntarily by the Data Subject

This personal data is provided directly by the Data Subject when formalizing a request, and amounts to the personal information that allows the identification of the Data Subject (such as name and surname, address, e-mail address, telephone numbers, other numbers and/or personal identification codes, for example) or data that has been sent to the Company. The optional, explicit or voluntary sending of electronic mail to the addresses indicated on the Site or the filling in of forms for the collection of personal data or the sending of material entails the subsequent acquisition of the sender’s address required for reply to such requests and any other personal data sent/inserted as well.

4. Sources of personal data

Personal data is collected directly from the Data Subject whenever the latter uses the Website as specified by the laws in force.

5. Purposes and legal basis of data processing

Your personal data will be processed:

1. 1. without your express consent, for the following purposes:
      • A.1 Execution of the contract and/or pre-contractual commitments
        • operating and maintaining the site;
        • managing a request for contact from you;
        • fulfilling a specific request from you or providing the service you requested (“Service”).
      • A.2 Pursuit of a legitimate interest of the Data Controller
        • preventing or detecting fraudulent activity or abuse harmful to the Website;
        • exercising the rights of the Data Controller, such as the right to defense in court.
      • A.3 Fulfilment of legal obligations
        • Compliance with obligations under laws, regulations, EU regulations, orders and prescriptions of the competent authorities;
        • statistical analysis of data in an anonymous way.

The supply of Personal Data mentioned in Point A) is obligatory. Your failure to confer such data may render the fulfilment of any requests you make impossible.

1. 1. Only with your express consent, for the following purposes:
      • the transmission of commercial communications (marketing) and newsletters via e-mail, fax, telephone and any other remote communication technology, present or future developed, for the promotion of the Company’s own goods and services or those of third parties;

The supply of Personal Data mentioned in Point A) is obligatory. Your failure to confer such data may render the fulfilment of any requests you make impossible.

6. Method of processing

Data will be processed and stored exclusively for the purposes indicated above through the use of both paper and computer media, included in relevant databases and processed with instruments that guarantee the integrity, security and confidentiality of the data, in accordance with the provisions of EU Regulation 679/2016. Access will be allowed only to persons authorized to the processing of personal data. The data may also be communicated to third parties, who will be, appropriately designated as Data Processors except in cases when they assume the role of autonomous Data Controllers. These subjects will be involved in fulfilling the obligations required by the existing legal relationship and specific legal obligations.

7. Conservation of data

Personal Data will be conserved for a period of time not exceeding the time required to achieve the purposes for which it has been processed with the exception of the periods of data conservation or other terms specified by law or other applicable regulatory sources. After said terms have expired, Personal Data will be deleted and/or made anonymous so that it is not possible to identify the Data Subjects even indirectly.
The Personal Data provided by the Data Subject for the purpose of sending commercial communications (marketing) and newsletters will be conserved until such Subject revokes his or her consent to such purposes.

8. Receivers or categories of receivers

At Save S.r.l., only the subjects assigned to data processing by the Data Controller and authorized to carry out the processing operations required can become aware of the personal data provided by the Data Subject.
Your personal data can be processed only by the third party companies to which Save S.r.l. has assigned specific activities and services associated with the management of the Company website.
Such data may be disclosed to the competent public authorities in fulfilment of legal obligations. In any case, your personal data will not be disclosed.

9. Transfer of data

The data collected by Save S.r.l. will not be transferred to nations outside the European Union or to international organizations.

10. Existence of an automated decision-making process (i.e. profiling) and the consequences of such processing on the liberty and rights of the Data Subject

The data collected by Save S.r.l. is not subject to profiling, i.e., the automated processing of personal data for the purpose of evaluating personal aspects concerning your person.

11. Data processing for other purposes

Whenever Save S.r.l. must process your personal data for purposes other than those listed in this statement, you will receive adequate information before such processing begins and if necessary, you will be asked to give formal consent.

12. Security of data

The Company protects personal data by applying internationally recognized security levels and procedures that protect personal data from:

• unauthorized access;
• improper use or disclosure;
• unauthorized modification;
• accidental or unlawful loss or destruction.

13. Rights of the Data Subject

The Data Controller informs you that except for the restrictions prescribed by law, as Data Subject and as per the sense and effect of art. 15 et seq. of Regulation 679/2016 (EU) you have the right to:

• obtain confirmation of the existence or otherwise of your personal data, even if not yet recorded, and that such data be made available to you in an intelligible form;
• to obtain indication and, if necessary, a copy of: a) the origin and category of your personal data; b) the logic applied in case of processing performed with the aid of electronic instruments; c) the purposes and methods of processing; d) the identification details of the Data Controller and Data Processors; e) the receivers or categories of receivers to whom such personal data may be communicated or who may become aware of them, in particular if they are receivers in third countries or international organizations; e) whenever possible, the period of data conservation or the criteria used to determine this period; f) the existence of an automated decision-making process and, if so, the logic used, the importance of this process, and the consequences foreseen for the Data Subject; g) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organization;
• obtain, without undue delay, the updating and rectification of inaccurate data or, when desired, the integration of incomplete data;
• obtain the cancellation, the transformation into anonymous form or the blocking of data: a) processed unlawfully; b) no longer necessary to the purposes for which it was collected or subsequently processed; c) in case of revocation of the consent on which the processing was based whenever no other legal basis exists, d) whenever you have objected to processing and there is no compelling legitimate reason for processing to be continued; e) whenever necessary for the fulfilment of a legal obligation; f) whenever the data regards minors. The Data Controller may refuse to delete data only in the event of: a) the exercise of the right to freedom of expression and information; b) the fulfilment of a legal obligation, the performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health; d) archiving in public interest, scientific or historical research or for statistical purposes; e) the exercise of a right in a court of law.
• obtain the limitation of processing in the event of: a) contestation of the accuracy of such personal data; b) unlawful processing by the Data Controller to prevent its deletion; c) exercise of one of your rights in court of law; d) verification of whether the legitimate reasons of the Data Controller prevail over those of the Data Subject;
• whenever processing has been performed by automatic means, receive your personal data without hindrance and in a structured, commonly utilized and readable format in order to transmit it to another Data Controller or – if technically feasible – to obtain the direct transmission from one Data Controller to another;
• oppose the processing of your personal data in whole or in part: a) for legitimate reasons related to your particular situation; b) for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication through the use of automated calling systems without the intervention of an operator by email and/or through traditional marketing methods by phone and/or mail;
• in case of express consent by the Data Subject, the possibility for the Data Subject to revoke said consent at any time without prejudice to the lawfulness of the processing carried out up to that moment;
• to lodge a complaint with the Guarantor Authority for the Protection of Personal Data.

In the cases above, whenever necessary, the Data Controller will inform the third parties to whom your personal data have been communicated of the your possible exercise of rights, except in specific cases (such as when this proves impossible or involves a manifestly disproportionate to the protected right).

14. Method for the exercise of your right

You can exercise the rights above in any moment with the use of any of the methods below:

• sending an e-mail to the Data Controller;
• sending a certified e-mail (PEC) to the Data Controller;
• sending a registered letter with notice of receipt to the Data Controller;

The identification details of the Data Controller are provided below.

15. Data Controller

THE DATA CONTROLLER IS:
SAVE S.r.l.
Via Enrico Fermi, 16/A – 36010 Chiuppano (VI)
P. Iva 02111460248
e-mail privacy@savefumisteria.it
pec save.srl@legalmail.it
website www.savefumisteria.it