This information notice is provided in accordance with article 13 of Regulation (EU) 2016/679 (hereafter, Reg. EU) to those who have provided personal data by completing the registration form on our website.
This information notice is valid only for this website and has no value for other websites that may be consulted by the user from links on our website or on other websites.
1. DATA CONTROLLER
Pursuant to articles 4 and 24 of the Reg. EU, the Data Controller is:
MunarettoFlowers Srl , Via Doge D. Michiel 30/32, 30126 Lido Venezia (VE) – Italy. VAT reg. n°: IT04206340277
The list of possible Data Processors is available upon request to the Data Controller.
2. DATA COLLECTION
Among the Personal Data collected from this website, independently or through third parties, there are, by way of example: cookies, usage data, email, name, surname, address, and other information provided voluntarily by the user through the procedures of sending e-mail or by filling in the appropriate fields and forms.
Personal data may be entered voluntarily by the user or collected automatically through the use of this website.
User failure to provide some Personal Data may prevent this website from providing its services.
The User assumes full responsibility for third parties’ Personal Data he/she published or shared through this website and guarantees to have the right to communicate or disseminate them, freeing the Controller from any liability towards third parties.
3. PROCESSING METHOD, PURPOSE AND LEGAL BASIS
Personal data are going to be processed by adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal Data.
The processing of data is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated above.
The Data will be processed according to Reg. EU’s articles 6 and 9 – lawfulness of processing - therefore when at least one of the following conditions is satisfied:
• Consent given by the Data Subject,
• Performance of a contract or execution of pre-contractual measures requested by the Data Subject,
• Compliance with legal obligations,
• Safeguarding legitimate interests pursued by the Controller or by a third party.
Personal Data are collected and processed to allow the Controller to provide its services, as well as for the following purposes: statistical analysis of navigation, to contact the user.
The Data are processed exclusively to allow the execution of the contractual relationship and the provision of services requested to the Controller, or due to legal obligations.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
Any personal data You provide may be disclosed to recipients or to categories of recipients in order to meet the purposes referred to in point 3. These recipients or these categories of recipients will process the data as Data Processors or Data Controllers.
In particular, personal Data may be disclosed, within the limits strictly relevant to the obligations, tasks and purposes set out above, and in compliance with current applicable regulations, to:
1. subjects to whom such communication must be carried out in order to fulfill or to demand the fulfillment of specific obligations provided for by laws, regulations and/or Community legislation;
2. natural and/or legal persons, external to the Controller’s organization, who provide services that are instrumental for the purposes referred to in paragraph 1 (eg. suppliers, consultants, institutions, companies operating in the Information Technology sector).
Personal data will not be disclosed in any way.
5. DATA TRANSFER TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS
The personal data You provide and that are processed or destined to be processed after being collected, are not going to be transferred to any third country or international organization.
6. STORAGE PERIOD AND CRITERIA
In accordance with the provisions of art. 13 paragraph 2 letter a) of the EU Regulation 2016/679, the personal data You provide will be stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data were obtained and processed, and after that they will be destroyed. In particular, the personal data will be kept for the entire duration of the contract stipulated with the Data Controller, and after that only the data useful for the completion of the terms established by law for the conservation of administrative documents and accounting records (10 years) will be kept, after which they will be deleted. This means that the data necessary for the aforementioned accounting and fiscal purposes will be kept for 10 years, while the other data provided will be deleted once the contract has been fulfilled.
7. DATA SUBJECT’S RIGHTS
The Data Subject may, at any time, exercise the rights reserved to him/her according with article 15, and following, of the EU Reg. 2016/679. In particular, the data subject has the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning his/her data or to object to processing, as well as the right to data portability, to obtain confirmation of the existence or not existence of personal data concerning him/her, even if not yet registered, and their communication in intelligible form. Where the processing is based on article 6, point 1 letter a) or article 9, point 2, letter a), the Data Subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The Data Subject has also the right to obtain: the updating, rectification, or, when interested, the integration of data; the erasure, transformation into anonymous form or blocking of data unlawfully processed, including those data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed.
The Data Subject has also the right to object, at any time, for reasons connected with his/her particular situation, to the processing of personal data concerning him or her, even though the data are relevant to the purpose of the collection, and he/she has also the right to object the processing of personal data for advertising or direct marketing purposes or marketing research purposes as well as commercial communication practices.
The request of the data subject for exercising his or her rights can be promoted by writing an email or a letter to the following addresses:
- MunarettoFlowers Srl , Via Doge D. Michiel 30/32, 30126 Lido Venezia (VE) – Italy. VAT reg. n°: IT04206340277
In accordance with the provisions of art. 15 letter f) of the EU Regulation, the data subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
In accordance with the provisions of art. 20 of the same EU Regulation, in case You exercises the right to data portability, the Data Controller will provide You with the requested data in a structured, commonly used, machine-readable and interoperable
8. REGULATORY REFERENCES
The complete text of the EU Regulation and the additional relevant national regulations concerning data protection can be consulted on the website of the Italian Data Protection Authority (Garante per la protezione dei dati personali) at the following link www.garanteprivacy.it
9. CHANGES TO THE CURRENT DATA PROTECTION INFORMATION
Should there be any substantial change with regard to the way the Data are processed, we will inform You promptly of such changes.