(According to articles 13 and 14 of EU Regulation no. 2016/679
The current legislation requires us to provide information regarding processing the personal data of users who consult the company website and possibly use the related services accessible electronically and the services connected to them. This information is intended for the company website and is attributable to the organization. The information is provided, according to EU Regulation 2016/679 (hereinafter also the “Regulation” or “GDPR”), to all users who interact with the Web site.
The validity of the information contained on this page is limited to the site only and only to the pages on the social networks mentioned above and not extends to other external websites that may be consulted by the user via hyperlink.
1.1. The Data Controller processes the data acquired according to the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
1.2. The Data Controller guarantees the security, confidentiality and protection of the personal data in its possession, during the process of treatment of the same.
2. Data Controller
2.1. The Data Controller of the data relating to identified or identifiable natural persons who have consulted the website is DORODESIGN By Dario Olivero
3. Categories of data processed
3.1. Navigation data: the computer systems and computer programs used for the operation of the site collect some personal data whose transmission is implicit in the use of Internet communication protocols (eg IP addresses or domain names of the computers used by users who connect to the site, the URI addresses – Uniform Resource Identifier – of the requested resources, time of the request, the method used in submit the request to the server, size of the file obtained in response, numeric code about the status of the response made by the server – good end, error, etc. – and other parameters relating to the operating system and the user’s IT environment). Although it is information that is not collected to be associated with identified interested parties, by their nature they could, through processing and association with data held by third parties, allow users to be identified. These data are processed, for the time strictly necessary under the law in force, alone to obtain anonymous statistical information on the use of the site and to check its correct functioning. It should be noted that the aforementioned data could be used to ascertain responsibility in case of computer crimes against the Site or other sites connected to it or connected.
3.3. Data provided voluntarily by the user: it is possibly required for interactions through the website and pages on social networks provision of personal data by the user; this is about the compilation of the “Contacts” form and the registration form to newsletters on the site. Furthermore, any further contacts with the Data Controller, for example, to request information on a specific service by spontaneously sending messages to the contact details of the Data Controller indicated on the Site or by spontaneously sending messages on the pages social networks, entail the subsequent acquisition of such personal data of the sender, necessary to respond to requests, as well as any others personal data entered voluntarily by the user in related communications.
4. Purpose of the processing
4.1. Personal data voluntarily provided by the user will be processed for the following purposes:
- browsing on the websites and social pages mentioned and use of the related services;
- response to a request for information or a commercial request;
- fulfil any administrative, financial, and accounting obligations;
- fulfil any obligation required by law and/or an order of the Public Authority;
- sending commercial communications to subjects interested in receiving newsletters
5. Legal basis of the processing
5.1. The legal bases of the processing are as follows:
- for the purposes referred to in letters a), b), c), the processing is necessary to implement the pre-contractual measures required by the interested party / contractual;
- for the purposes referred to in letters d), e), the processing is necessary to fulfil legal obligations to which the Data Controller is subjected treatment;
- for the purposes referred to in letter a), the processing takes place with the consent of the interested party, who voluntarily accesses the service of newsletters
6. Processing methods
6.1. The Data will be:
- collected by the computer;
- recorded in digital format on computers and/or kept in archives;
- protected from risks of destruction, modification, cancellation and unauthorized access by efficient physical security measures, logical and organizational;
- further processed, possibly also in paper form, to the extent and within the time strictly necessary to implement the purposes indicated above.
6.2. As part of its activity and for the purposes indicated above, the Data Controller may use services rendered by third parties operating on behalf of the Data Controller and according to his instructions, as Data Processors, as indicated in the next point.
7. Communication and dissemination of data
7.1. The personal data acquired will not be disclosed, but may be communicated to subjects contractually linked to the Data Controller by e within the limits of the GDPR. The data is communicated only to the extent strictly necessary for the aforementioned purposes, or in any case for the only obligations necessary for the service, or those required by law or by order of the Authority.
7.2. The categories of recipients are as follows:
- subjects necessary for the execution of the activities related to and consequent to the execution of the Service, as external managers of the processing (e.g. subjects that provide services for the management of the information system used and telecommunications networks, including the email). The list of external managers is constantly updated and available at the headquarters of the Data Controller;
- persons in charge and persons authorized by the Data Controller who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. collaborators).
7.3. The Data Controller may also have to communicate the acquired data to fulfil legal obligations or to comply with orders from public authorities, including the judicial authority.
8. Data Retention Period
8.1. The Data Controller keeps the data for the time necessary to achieve the purposes mentioned above.
8.2. The retention period for the data collected with the contact request form is strictly limited to the time necessary to follow up to the need that the user is expressing with his request, and to how the business relationship will evolve as a result of the contacts.
8.3 These data will be deleted when they are no longer necessary for the purposes indicated above, without prejudice to further obligations of conservation required by law.
9. Nature of the provision of data
9.1. Apart from what is specified for navigation data, the provision of personal data by the interested party, for the purposes above described, is to be considered optional. The interested party, therefore, can refuse to communicate personal data to the Data Controller, since the provision is optional.
9.2. In case of refusal to communicate personal data, it will not be possible to use certain services provided by the site
10. Rights of the interested party
10.1. Under GDPR 679/2016, the interested party has the right of access (Article 15), the right of rectification (Article 16), the right to cancellation (Article 17), the right to limitation of processing (Article 18), right to portability (Article 20), right to object (Article 21), right to object to the process automated decision-making (Article 22), the right to complain with the supervisory authority of the state of residence. The interested party to assert their rights can contact the Data Controller at firstname.lastname@example.org
11. Automated decision-making processes
11.1. The Data Controller does not carry out treatments that consist of automated decision-making processes on the data; therefore, in particular, there is no profiling system.
12. Changes to this information
12.1. The Owner reserves the right to modify the content of this information, in whole or in part, also due to changes in the Privacy legislation. The Data Controller will publish on the Site the updated version of this deed, and from that moment it will be binding: the interested party is therefore invited to visit this section regularly.