Pursuant to art. 13 of Reg. (EU) No. 2016/679 of 27 April 2016 (“hereinafter “GDPR”), We inform you that your personal data, collected by ARREDI 3N DEI FRATELLI NESPOLI S.R.L. P. IVA 00702470964 C.F. 01019660156 Via Filzi n, 12, 20833 Giussano (MB) (hereinafter “Data Controller”) in its capacity as data controller pursuant to art. 24 GDPR, when browsing the website www.arredi3n.com (hereinafter “Site”), will be treated in compliance with the following provisions.
ARREDI 3N DEI FRATELLI NESPOLI S.R.L. even if not kept (art 37 GDPR) has appointed its own DPO (Data Protection Manager) to which you can contact by email firstname.lastname@example.org
The personal data (hereinafter “Data”) provided by the data subject will be processed for the following purposes:
1. in execution of the requested service (hereinafter “Service”): e.g. provision of services based on web interface, registration of users, provision of information relating to those who have voluntarily subscribed to the database of our site, provision of information related to training activities;
2. fulfilment of legal, accounting, tax, administrative and contractual obligations related to the provision of the Services;
3. with specific consent, to send commercial and/or promotional communications on the products and services of the interested party and to carry out market research (“Direct Marketing”);
4. with specific consent, to communicate the Data to companies of the group of which the Data Controller is part or to external companies for data collection and processing services, that may process them to send commercial and/or promotional communications on the products and services of the aforementioned companies, as well as carry out market research ( “Third Party Marketing”).
The data will be processed by employees and/ or collaborators of the Data Controller appointed authorized processors, operating in the marketing, sales and information systems, may be communicated to third-party companies and companies belonging to the group, for this purpose appointed data processors, who provide services ancillary and instrumental to the activity of the Data Controller.
1. Browsing data: this category of Data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to the operating system and the computer environment of the user.
2. Data provided voluntarily by the user: the optional, explicit and voluntary sending of e-mail to the addresses indicated on this site involves the subsequent acquisition of the sender’s address to respond to requests, as well as any other Data entered in the format.
The management and storage of the Data takes place on servers located within the European Union, owned and/or available to the Data Controller and/or third parties duly appointed as data processors. The Data may also be transferred for the purposes referred to in art. 1 to entities located in countries outside the European Union, provided they guarantee an adequate level of protection (for example, registration in the Privacy Shield List in compliance with the Enforcement Decision (EU) 2016/1250 of the European Commission of 12 July 2016 c.d. “Privacy Shield”).
The data of third parties will be communicated on request by the Data Controller.
Times of storage of data
The Data concerning you, collected through our forms, will be kept for the time necessary to respond to your requests and to carry out the activities referred to in the purposes of processing.
The provision of Data necessary for the performance of the processing listed under 1.(a) and sub (b) is optional, but is a necessary and indispensable condition for the use of the Services: any refusal to provide the Data determines, therefore, the impossibility of performing the Services requested. Consent to processing for further purposes is optional.
The processing of Data for each of the above purposes is carried out by paper, automated or electronic means and, in particular, by ordinary mail or email, telephone (e.g. automated calls, SMS, MMS), fax and any other computer channel (e.g. websites, mobile, apps) that can guarantee security and confidentiality according to the C.D. data protection by default, that is, the application of measures to minimize the risk of data dissemination.
The User, in the case of registration in the reserved area of the Portal, will receive access credentials ( a personal ID and a password). These credentials are strictly personal and any dissemination or transfer to third parties of the same is not allowed.
The User’s data may be communicated by the Data Controller to third parties which it uses for the purpose of providing instrumental or functional activities for the provision of the Services or the fulfilment of legal obligations, regularly designated as data controllers. These parties will only be provided with the information necessary for the performance of these activities and will be required to take all security measures for the purposes of data protection in accordance with current legislation. The data of the data processors will be communicated on request by the Data Controller. The User’s data may be known by the Data Controller. In any case, the data will not be disclosed or communicated to third parties, except as provided above and, in any case within the limits indicated above.
The following rights are granted to the data subject:
1. right of access: the right to obtain from the Data Controller the confirmation that the processing of the Data is ongoing or not and, in this case, to obtain access;
2. right to rectification and erasure: the right to obtain the rectification of inaccurate Data and/or the integration of incomplete Data or the cancellation of Data for legitimate reasons;
3. right to limitation of processing: the right to request the suspension of processing where there are legitimate reasons;
4. right to data portability: the right to receive the Data in a structured, commonly used and readable format, as well as the right to transmit the Data to another data controller;
5. right to object: the right to oppose the processing of Data if there are legitimate reasons, including the processing of Data for marketing and profiling purposes, if applicable;
6. right to contact the competent data protection authority in case of unlawful processing of the Data.
This information is updated by the company according to specific needs. Interested parties are therefore invited to view it periodically. To exercise the rights recognized by the above mentioned rules, you can send your request by email to the following address: email@example.com