This is an information that is also provided pursuant to art. 13 of EU Regulation 2016/679 to those who connect to the website https://www.andreisrl.it/ and use the related web services starting from this address. The information is provided only for the sites mentioned above and not for other websites that may be consulted by the user through specific links on the site itself.
This information also fully respects and complies with Recommendation no. 2/2001 that the European Authorities for the protection of personal data adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data online and, in particular, the methods, timing and nature of the information that the owners of the processing must provide to users when they connect to web pages, regardless of the purpose of the connection. It is specified that the consent mechanisms will be evident, brief and easily understandable; if the original conditions for which consent was requested should undergo changes, for example if the purpose of the data processing changes, further consent will be required pursuant to EU Regulation 2016/679.
According to the rules of the Regulation, the treatments carried out by Andrei S.r.l.will be based on the principles of lawfulness, correctness, transparency, purpose limitation and conservation, data minimization, accuracy, integrity and confidentiality.
Pursuant to art. 13 of EU Regulation 2016/679, Andrei S.r.l., Data Controller (hereinafter also “Owner”), informs you that all personal data collected will be processed in compliance with EU Regulation 2016/679.
In relation to these treatments, the Data Controller provides the following information:
- Identity and contact details of the Data Controller
The Data Controller is Andrei S.r.l., with registered office in Scandicci (FI) in Viuzzo del Piscetto n. 13
– CF: 0133636048, in the person of the legal representative Mr. Andrei Alberto.
The following contact information of the Data Controller is listed:
- Phone number: 055/751680
- Fax: 055/757043
- email address: firstname.lastname@example.org
- Website: https://www.andreisrl.it/
- PEC: email@example.com
- Personal data collected
- Navigation data
The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data which are then implicitly transmitted in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are stored directly by Google Analytics for 6 months. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
- Data provided voluntarily by the user
Personal data, such as data communicated by you through the appropriate contact form on the site, or in any case voluntarily provided by you, will be collected following specific information and, in the cases provided for by law, with free and express consent and are inherent to :
- Identification data (for example: name, surname, address, telephone, fax, email, bank details, payment details etc …);
- Tax data (if required by law, for example: tax code, VAT number, etc);
Cookies are not used to transmit information of a personal nature, nor are so-called c.d. persistent cookies for which the law requires specific consent, or systems for tracing users.
The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe browsing and efficient site. The so-called Session cookies used on this site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of users’ browsing and do not allow the acquisition of the user’s personal identification data.
- Purposes and methods of processing
The purposes of the processing of personal data are as follows:
- Allow navigation and consultation of the website www.andreisrl.it;
- Respond to requests for assistance or information that the Data Controller will receive via e-mail, telephone or chat through the application or through the appropriate form;
- To fulfill any legal, accounting and tax obligations;
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) EU Regulation 2016/679 and more precisely: collection, registration, organization, structuring, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data are not subject to disclosure, with the exception of the cases expressly provided for by law, or to any fully automated decision-making process, including profiling.
Personal data will be processed in paper, computerized and telematic form, with logic strictly related to the purposes themselves, including through the use of fax, telephone, mobile phone, e-mail or other remote communication techniques; the personal data will be entered in the relevant databases which can only be accessed by the Data Controller and his representatives. Personal data will be managed by implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk pursuant to art. 32 EU Regulation 2016/679.
- Legal basis and mandatory or optional nature of the processing
The legal basis for the processing of personal data for the purposes described above is art. 6 par. 1 letter b) of EU Regulation 2016/679 as the processing is necessary for the provision of the contracted services. The provision of personal data for these purposes is optional but failure to provide it would make it impossible to activate the requested Services.
The purposes related to legal obligations represent a legitimate processing of personal data pursuant to art. 6 par. 1 letter c) of the 2016/679 EU Regulation. Once the personal data has been provided, the processing may indeed be necessary to fulfill legal obligations to which the Data Controller is subject.
- Any recipients of the data
Without the need for express consent (art. 6 lett. b) e c) Reg. EU 2016/679, the owner may communicate his data for the purposes referred to in this statement to: Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the purposes expressed. These subjects will process the data in their capacity as independent data controllers.
Your data may be made accessible for the purposes referred to in this information notice to employees and collaborators of the Data Controller or of the Companies related to the Data Controller in Italy and abroad, in their capacity as authorized for processing and / or internal Data Processors and / o system administrators; to third-party companies or other subjects who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external Data Processors.
Furthermore, in relation to the purposes referred to in this information, the data may be communicated to the following subjects or to the categories of subjects indicated below:
– Studies of recognized accountants relating to the profession of assistance to companies when the communication is required by law, or is in the interest of the subject (natural or legal person);
– Studies of recognized lawyers relating to the profession of assistance to companies when the communication is required by law, regularly entrusted with this form of treatment in full compliance with the minimum measures in force, or when the communication is in the interest of the subject (natural or legal person ).
Only in the event that you have given specific consent, your data may be shared with commercial partners for their autonomous and distinct purposes.
The Data Controller also communicates that it does not intend to transfer the data to a third country outside the EU or to an international organization outside the EU.
The complete list of data processors and those authorized to process the processing is available, constantly updated, at the registered office of the Data Controller and can be viewed by sending a written request to the same at the address: firstname.lastname@example.org.
- Data transfer
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by European Commission.
- Data retention period
Your personal data will be processed by the Data Controller limited to what is necessary for the pursuit of the purpose referred to in this information. In particular, your personal data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of EU Regulation 2016/679, i.e. until the termination of the contractual relationships existing between you and the Data Controller, without prejudice to an additional retention period that may be imposed by law, as also provided for by Recital 65 of EU Regulation 2016/679. Beyond this period, personal data will be stored anonymously, or will be destroyed.
For navigation data, please refer to the contents of the appropriate section of this information.
- Rights of the interested party
With regard to the data themselves, the interested party, or a person delegated in writing, can exercise the following rights:
– the right of access, expressly provided for by art. 15 of EU Regulation 2016/679, i.e. the possibility of accessing all personal information concerning him;
– the right of rectification, expressly provided for by art. 16 of EU Regulation 2016/679, ie the possibility of obtaining the updating of inaccurate personal data concerning him without justified delay;
– the right to be forgotten, expressly provided for by art. 17 of EU Regulation 2016/679, consisting of the right to cancel personal data concerning the person concerned;
– the right to limitation of processing when one of the hypotheses provided for by art. 18 of the 2016/679 EU Regulation;
– the right to data portability, expressly provided for by art. 20 of EU Regulation 2016/679, i.e. the right to obtain their data in an interoperable format and / or the right to have their personal data transmitted to another data controller without impediments by this Company;
– the right to object to the processing of personal data, expressly provided for by art. 21 of the 2016/679 EU Regulation;
– the right to withdraw consent at any time, expressly provided for by art. 7 of EU Regulation 2016/679;
– the right to lodge a complaint with a supervisory authority;
– the right to bring a judicial appeal in the event of unlawful data processing, including against the acts undertaken by the Guarantor pursuant to Article 78 of EU Regulation 2016/679.
To exercise your rights, you can contact the Data Controller at one of the contact points indicated in this statement.
- Nature of the provision
The provision of personal data necessary for the purpose of providing the services requested by the user is optional, but failure to provide it will make it impossible to activate the requested services.
With respect to the data that the Data Controller is obliged to know in order to fulfill the obligations established by laws, regulations and community legislation, or by provisions issued by Authorities legitimated by the law and by supervisory and control bodies, their failure to provide on the part of the user it makes it impossible to establish or continue the relationship, to the extent that such data are necessary for the execution of the same.
Finally, we inform you that if you believe that your rights have been violated by the Data Controller and / or by a third party, you have the right to lodge a complaint with the Personal Data Protection Authority and / or other competent supervisory authority in force. of the EU Regulation n.i 2016/679.