Privacy
Information on the processing of personal data
Pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data (in short "GDPR")
Team Tartufi Srls (hereinafter "Team Tartufi"), in the person of its pro-tempore legal representative, as the owner of the personal data collected directly from the interested party, provides you with this information pursuant to article 13, GDPR ( in short, "Information").
In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be guaranteed, putting in place all the necessary technical and organizational measures adequate to guarantee their security.
A) Identity and contact details of the Data Controller
Tartufi Srls team
Operational headquarters: Piazza Geremia Bonomelli 8/1, 20139 Milan
VAT number: 10548790962
B) Purpose of the processing for which the personal data are intended and related legal basis
Your personal data will be processed:
(i) without obligation of consent for the following purposes:
online registration, sending of newsletters via e-mail following a request by entering the email address in the form on the site, order management, purchases, sales and deliveries of products and related monitoring, customer service management, payment management, maintenance management , management of customer contacts, management and provision of services provided by the Data Controller, customer service management, payment management, customer contact management;
administrative-accounting management and related obligations (issuing of receipts, invoices, preparation of payments);
internal statistics, business analysis and economic management, simplification of registration procedures in the event of subsequent services, as well as, in relation to the contact details provided in the contract, sending advertising of similar products with the right to immediate cancellation upon request.
The above treatments respond respectively to the following legal bases:
fulfillment of a contract or pre-contractual measures, satisfaction of a request from the interested party - condition of lawfulness article 6, letter b) GDPR;
legal obligation to which the Data Controller is subject - condition of lawfulness article 6, letter c) GDPR - or for the assessment, exercise or defense of a right in court;
pursuit of a legitimate interest of the Data Controller - condition of lawfulness article 6, letter f) GDPR - relating to the improvement of company functioning and market surveys, the improvement of services provided to its customers, direct marketing and customer loyalty.
The provision of data, marked in the form with (*), for the purposes referred to in the previous section (i) is mandatory and the lack of data and / or any express refusal to process will make it impossible for the Data Controller to give execution of the contract or pre-contractual measures, the fulfillment of the obligation with eventual non-fulfillment and responsibility of the interested party also to sanctions contemplated by the legal system.
(ii) with your consent (article 7, GDPR), for the following purposes:
various types of marketing activities, including the promotion of products and services, the distribution of posters and printed and / or digital information and promotional material, the sending of newsletters and commercial communications via e-mail, invitations;
profiling activities of various types, including the analysis of behavior for promotional purposes, the creation of lists for promotional purposes, commercial communication and sending newsletters, the development of profiles for the provision of targeted and customized services for the needs of the customer.
The provision of data for the purposes referred to in the previous section (ii) is optional, with the consequence that you may decide not to provide your consent, or to revoke it at any time.
Storage and transfer of personal data abroad
The management and storage of personal data takes place in the cloud and on servers located within the European Union owned and / or in the availability of the Data Controller and / or third-party companies in charge, duly appointed as Data Processors.
Your personal data will not be transferred abroad to non-EU countries or disseminated.
Categories of recipients of communication of personal data
For the purposes referred to in the previous paragraph, the personal data you provide may be communicated or made accessible:
1. To employees and collaborators of the Data Controller, in their capacity as authorized data processing personnel (or so-called “persons in charge of processing”);
2. To third parties who carry out outsourced activities on behalf of the Data Controller, in their capacity as Data Processors (including service providers for the management of the information system and telecommunications networks, service providers for the management of the paper and / or computerized documentation, service providers for the management of customer assistance activities, including through websites (e.g. call centers, help desks, etc.), service providers for the management of commercial communication activities, banks and credit institutions for carrying out economic activities (payments / collections);
Retention period of personal data
The personal data collected for the purposes indicated in the previous paragraph will be processed and stored for the entire duration of the contractual relationship established.
From the date of termination of this relationship, for any reason or cause, the data will be kept for the duration of the statutory limitation periods, or 10 years.
The personal data collected for the purposes indicated in the previous paragraph (B), section (ii) will be processed and stored for the time necessary to fulfill these purposes and in any case for a period not exceeding 24 months for marketing and 12 months. for profiling from the date we receive your consent.
After this retention period, the data will be destroyed or made anonymous.
Exercisable rights
In accordance with the provisions of Chapter III, Section I, GDPR, you can exercise the rights indicated therein and in particular:
Right of access - Obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, receive information relating, in particular, to: purposes of the processing, categories of personal data processed and retention period, recipients to which these can be communicated (article 15, GDPR)
Right of rectification - Obtain, without undue delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (Article 16, GDPR)
Right to cancellation - Obtain, without undue delay, the cancellation of personal data concerning you, in the cases provided for by the GDPR (Article 17, GDPR)
Right of limitation - Obtain the limitation of processing, in the cases provided for by the GDPR (article 18, GDPR)
Right to portability - Receive personal data concerning you in a structured format, commonly used and readable by an automatic device, as well as obtain that the same are transmitted to another holder without impediments, in the cases provided for by the GDPR (article 20, GDPR )
Right to object - To object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing (Article 21, GDPR)
Right to lodge a complaint with the supervisory authority - Propose a complaint to the Guarantor Authority for the protection of personal data.
You can exercise these rights by simply sending a request by e-mail to the address of the owner or by post at the headquarters.