Dear Data Subject, We are sharing this information, provided in accordance with “Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter referred to as “GDPR”) with all those who interact with the forms provided by Taffarello S.p.A. on its website: www.taffarello.com.
This information is provided for the above-mentioned forms on the Taffarello S.p.A. website only and not for other forms or websites which may be consulted by users through links. More specifically, pursuant to Article 13 of the GDPR, we would like to inform you of the following:
1. Data controller
The following macro-types of information are requested on the above-mentioned forms: Contact details;
Data entered into free text areas.
By entering your data in the fields described above and clicking Enter, Taffarello S.p.A. saves and stores them in its databases for the purpose of collecting, recording, organising, preserving, consulting, processing, modifying, selecting, extracting, comparing, using, interconnecting, blocking, erasing and destroying such data.
Taffarello S.p.A. uses your data in order to:
A- reply to business requests;
B- send, upon consent obtained separately, newsletters containing news, website updates, information on security patches, surveys, promotional campaigns in connection with Taffarello S.p.A.
4. Legal basis for processing, data retention period
Pursuant to Articles 6 and 7 of the GDPR, giving consent to personal data processing by ticking an appropriate box is optional, but required in order to submit the forms described above. Subscribing to the newsletter is not mandatory and may be refused by simply omitting to tick the appropriate box. Pursuant to Article 13, paragraph 2, letter a), the period for which personal data will be stored is 3 years from the time of the individual consent dates. At the end of this period, the data will be erased systematically from all our systems or further consent will be requested. Pursuant to Article 8, paragraph 1 of the GDPR, the processing of the personal data of a child is lawful where the child is at least 16 years of age. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. Taffarello S.p.A. requires all users of the above-mentioned forms to be at least 16 years old or for the holder of parental responsibility over the child to self-certify their consent.
6. Special categories of personal data
Pursuant to Article 5, paragraph 1, letter c), Taffarello S.p.A. shall only keep personal that is adequate, relevant and limited to what is necessary in relation to the purposes for which the data are processed («data minimisation»); users are therefore requested not to share personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor to process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation. Should the user willingly share such data with Taffarello S.p.A., Taffarello S.p.A.’s employees or independent contractors who have received specific privacy-related training, shall promptly eliminate the message sent by the user without responding.
7. Recipients of personal data
Under no circumstances shall Taffarello S.p.A. transfer your data to third parties. Within the limits permitted by the purposes of data processing indicated above, your data may be transferred to specific suppliers appointed as Data Processors pursuant to Article 28 of the GDPR. You can request an updated list of the suppliers concerned at the following email address: email@example.com
8. Localisation of personal data processing
All the data processing described in this notice and performed by Taffarello S.p.A. shall take placed within the European Union.
9. Methods of processing
Personal data will be processed in a manner that ensures appropriate security of the personal data, using appropriate technical and organisational methods, from unauthorised or unlawful processing and against accidental loss, destruction or damage («integrity and confidentiality»). Taffarello S.p.A. considers the security of information, including personal data, as an essential factor.
10. Data subject rights
Data subjects are always entitled to request from the Data Controller access to their data, rectification or erasure of the personal data, restriction of processing, the right to object to the processing of personal data, the right to data portability, the right to withdraw consent; data subjects can exercise these rights and the other rights provided for in the GDPR simply by notifying the Data Controller via email, using the following address: firstname.lastname@example.org
More specifically, Taffarello S.p.A. . shall act on the data subject’s request without undue delay and in any event within one month of receipt of the request That period may be extended by two further months in the case of the erasure of specific data. Moreover, the data subject is entitled to lodge a complaint with a supervisory authority. In Italy such supervisory authority is the Data Protection Authority.