Privacy and Protection of personal data

Privacy and protection of personal data Privacy Notice to Users This notice is provided by I SANTI DI DISO srl with registered office in Via Arenosa 49, 73030 DISO (LE) (hereinafter, “ Data Controller ”), in its capacity as Data Controller and of the owner of the website https://www.isantididiso.it to the Site (hereinafter, the " Users ") describes the methods of collection and use of the user's personal data, pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation”, the Regulation and the Privacy Code DL 196/2003 where applicable are together defined as “Applicable Regulations”). Any processing of personal data will be carried out according to the principles of necessity, correctness, lawfulness, proportionality and transparency. Where necessary, in relation to any specific use or processing of Personal Data, the user's prior consent will be requested.
  1. a) Purpose and methods of processing The user's personal data will be processed lawfully by the Data Controller pursuant to art. 6 of the regulation for purposes related to the provision of the requested services and the execution of the related contractual obligations (including the purchase of products, including online, participation in competitions, events, prize operations and loyalty programs, the management of customer care as well as verification and investigation of reports, complaints and disputes, execution of preliminary activities to the contract, execution of contractual obligations and fulfillment of administrative-accounting duties), in particular for the following processing purposes:
  • navigation of the site, in relation to the possibility of collecting user data necessary on a technical level, such as for example. the IP address, while browsing the site.
  • contractual obligations and provision of the service in the case of online purchases , to implement the General Conditions of Sale, which are accepted by the User during registration/purchase on the Site and fulfill specific User requests. The user data collected by the Owner for the purposes of any registration on the Site includes: Mandatory: Email, Password, Name, Surname, Shipping Address, Postcode, City, Province, Country, Optional: any personal information of the User if necessary and voluntarily published. Unless the User gives the Owner specific and optional consent to the processing of their data for the additional purposes set out in the following paragraphs, the User's personal data will be used by the Owner for the exclusive purpose of ascertaining the User's identity (also by validating the email address), thus avoiding possible scams or abuse, and contacting the User for service reasons only (e.g. sending notifications relating to the services offered on the Site). Without prejudice to what is provided elsewhere in this privacy policy, under no circumstances will the Owner make the Users' personal data accessible to other Users and/or third parties.
  • administrative-accounting purposes , or to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;
  • legal obligations , or to fulfill obligations established by law, by an authority, by a regulation or by European legislation.
Information and data that are mandatory in order to proceed with the requested services are marked with an asterisk. By not providing the above information and data, I SANTI DI DISO srl will not be able to carry out the user's requests. The customer care service will be carried out by the Data Controller.
  1. b) Further processing purposes: marketing and newsletters (sending advertising material, direct sales and commercial communication) With the free and optional consent of the User, some personal data of the User (i.e. name, surname, email address, the complete shipping address etc.) may also be processed by the Data Controller for marketing and newsletter purposes (sending advertising material, direct sales, commercial communication, sending newsletters containing information in relation to news relevant to the sector relating to the activities of the Site), or so that the Owner can contact the User by post, e-mail, telephone (landline and/or mobile, with automated call or call communication systems with and/or without the intervention of an operator) and /or SMS to propose to the User the purchase of products and/or services offered by the Owner and/or by third-party companies, to present offers, promotions and commercial opportunities. In case of lack of consent, the possibility of registering on the Site will not be affected in any way. In case of consent, the User may revoke it at any time by making a request to the Owner in the manner indicated in the following paragraph 7. The The User will also be able to easily object to further sending of promotional communications and newsletters via email by writing an email requesting the revocation of consent, which will be indicated in each promotional email and newsletter. Once consent has been revoked, the Owner will send the User an email to confirm that consent has been revoked. If the User intends to revoke his/her consent to the sending of promotional communications via telephone, while continuing to receive promotional communications via email, or vice versa, please send a request to the Owner in the manner indicated in paragraph 7 below. The Owner informs that, following the exercise of the right to object to the sending of promotional communications and newsletters via email, it is possible that, for technical and operational reasons (e.g. formation of contact lists already completed shortly before receipt by the Data Controller of the opposition request) the User continues to receive some further promotional messages and newsletters. If the User continues to receive promotional messages and newsletters after 24 hours have passed from exercising the right to object, please report the problem to the Owner, using the contacts indicated in paragraph 7 below.
  2. c) Further processing purposes: profiling With the free and optional consent of the User, the User's personal data (i.e. personal and contact data, as well as information relating to the services in which the User has expressed interest) may be processed by the Owner also for profiling purposes, i.e. to reconstruct the User's tastes and consumption habits, identifying the consumer profile, in order to be able to send the User commercial offers consistent with the identified profile. In case of lack of consent, the possibility of registering on the Site will not be affected in any way. In case of consent, the User may revoke it at any time by making a request to the Owner in the manner indicated in the following paragraph 7.
  3. d) Data processing methods and storage times The Data Controller will process the Users' personal data using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data themselves. The personal data of the Users of the Site will be kept for the time strictly necessary to carry out the primary purposes illustrated in paragraph 1 above, or in any case as necessary for the civil protection of the interests of both the Users and the Owner. In the cases referred to in the previous paragraph 3, the personal data of the Users will be kept for the times strictly necessary to carry out the purposes illustrated therein and, in any case within the limits set by the Applicable Regulations.
  4. e) Legal basis of the processing With reference to the purposes referred to in points (1/a and 1/c), the legal basis of the processing is in fact the execution of the services provided through the Site and requested by you (pursuant to article 6 , paragraph 1, letter b of Privacy Regulation 2016/679); with reference to the optional purposes referred to in points (1/e, 1/f) and paragraphs 3 and 4, the legal basis of the processing is your possible freely expressed consent (pursuant to article 6, paragraph 1, letter. a of the Privacy Regulation 2016/679); with reference to the purposes referred to in points (1/b, 1/d), the legal basis of the processing is to fulfill a legal obligation to which the data controller is subject (pursuant to article 6, paragraph 1, letter. c of the Privacy Regulation 2016/679).
  5. f) Scope of communication and dissemination of data The employees and/or collaborators of the Owner in charge of managing the Site may become aware of the Users' personal data. These subjects, who are formally appointed by the Owner as "data processors", will process the User data exclusively for the purposes indicated in this information and in compliance with the provisions of the Applicable Regulations. Third parties who may process personal data on behalf of the Data Controller as " External Data Processors" may also become aware of the Users' personal data. Processing ”, such as, by way of example, providers of IT and logistics services functional to the operation of the Site, providers of outsourcing or cloud computing services, professionals and consultants. Users have the right to obtain a list of any data controllers appointed by the Data Controller by making a request to the Data Controller in the manner indicated in paragraph 8 below.
  6. g) Rights of interested parties Users may exercise the rights guaranteed to them by the Applicable Regulations by contacting the Owner in the following ways:
  • By sending a registered letter with return receipt to the registered office of the Owner
  • By sending an email to amministrazione@isantididiso.it;
Pursuant to the Applicable Regulations, the Owner informs that Users have the right to obtain indication (i) of the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic instruments; (iv) the identification details of the owner and managers; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as managers or agents. The Personal Data Protection Officer (RPP) can be contacted via traditional post, at the registered office of the Data Controller or by sending an email to amministrazione@isantididiso.it; Furthermore, Users have the right to obtain: 1) access , updating , rectification or, when interested, integration of data; 2) the cancellation , transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; 3) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this requirement is proves impossible or involves a manifestly disproportionate use of means compared to the protected right. Furthermore, Users have: 4) the right to withdraw consent at any time, if the processing is based on their consent; 5) the right to data portability (right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to limit the processing of personal data and the right to cancellation (" right to be forgotten”); 6) the right to object :
  • the. in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
  • ii. in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising material or direct sales or for carrying out market research or commercial communication;
  • iii. where personal data is processed for direct marketing purposes, at any time, to the processing of their data carried out for this purpose, including profiling to the extent that it is connected to such direct marketing.
7) If they believe that the processing concerning them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they habitually reside, in the one in which they work or in the one in which the alleged violation occurred ). The Italian supervisory authority is the Guarantor for the protection of personal data , with headquarters in Piazza di Monte Citorio n. 121, 00186 – Rome ( http://www.garanteprivacy.it/ ).