the legislation in force in Italy, contained in Legislative Decree 30 June 2003 no. 196 and s.m.i. as well as the provisions applied at EU level with EU Regulation 2016/697, published in the EU Official Gazette on 4.5.2016, require companies (or “… the natural or legal person, regardless of the legal form covered, who exercises a economic activity, including partnerships or associations that regularly engage in economic activity … “) evaluate and concretely implement the principles of integrity and confidentiality of the personal data of the parties concerned (customers and suppliers), pursuant to effects of art. 5 c. 1 lett. f) of EU Reg. 2016/679, as a result of which the data must be “… treated in such a way as to guarantee adequate security of personal data, including protection, through appropriate technical and organizational measures, from unauthorized or illicit processing. and accidental loss, destruction or damage … “, as well as the consequent implementation of appropriate personal data protection policies with the adoption of adequate technical and organizational measures, taking into account the context, the purposes of the processing and the risks affecting rights and freedoms of the subjects involved in the treatment, as foreseen by the articles 24, 25 and 32 of EU Regulation 2016/679.
To this end, therefore, we wish to inform our customers that jane22 has adopted specific and appropriate technical and organizational measures, aimed at ensuring a level of data security adequate to risk: these measures are periodically reviewed and updated, in order to constantly improve the security level of the protection of personal data collected and processed.
Therefore, in scrupulous observance of the provisions of articles 13 and 23 of Legislative Decree 30.6.2003 nr. 196 and subsequent amendments, as well as the contents of Articles 6, 7, 9, 12 and 13 EU Reg. 2016/679, jane22 communicates below the information necessary so that the Customer can consciously evaluate and freely express their consent to the collection, treatment and possible retention of personal data for the specific purposes indicated, in order to allow treatment within the lawfulness principle.
Personal data are collected directly and exclusively from Messrs. Customers, subjects “interested” according to the definitions of the law, who provide them through the voluntary and free compilation of the fields proposed for the registration of utilities and for the submission of order forms.
If the Customer expresses his consent, the processing of data will be based on compliance with the principles of correctness, lawfulness, transparency and protection of the privacy and rights of those concerned. In case of refusal, the data will not be collected and, consequently, neither processed nor stored.
We also inform you that the subjects who will process the data of the Customers are instructed and trained directly by the company jane22 with the obligation to follow the written instructions that we have specifically given them.
The personal data that are collected and processed by the jane22 service are:
identification data (name and surname, reason or company name, address, registered office, telephone and / or fax number, cell phone number, email address, pec address, fiscal data, bank details for the management of receipts and payments, etc.), every case of a common and non-sensitive nature.
Below, we communicate the additional information pursuant to the law.
1. THE DATA PROCESSING HOLDER.
In accordance with the law, the Data Controller who collects, treats and possibly stores your personal data is the company Blue omnia, tax code 03584150985, identified by the VAT number nr. 03584150985, registered in the Register of Companies of the Chamber of Commerce of Brescia from 16/01/2014, with registered office in Italy in the city of Paratico in via Mazzini, while the headquarters is still in Paratico via Mazzini.
2. PURPOSE OF PROCESSING OF DATA COLLECTED.
The data are collected directly from the Customer Lords who communicate them to the Data Controller through the telematic functions of the jane service22 The above data, obtained and collected, will be processed in order to:
a) conclude and subsequently process purchase orders for products offered for sale through the jane22 service in order to process orders, ship and deliver goods, and manage any after-sales services and needs (guarantees, returns and withdrawals, etc.) ), in addition to the bureaucratic administrative, accounting and tax obligations inevitably connected;
b) to send customers information and advertising material on any commercial and / or promotional initiatives, regarding announcements of new services and / or discounts and / or new products.
3. NATURE OF DATA CONFERENCE AND CONSEQUENCES OF ANY REFUSAL
3. The conferment of consent to the processing of data is free and always revocable, as no current legislation obliges the customer to issue consent. However, the conferment of consent for the collection, processing and subsequent storage of data for the purposes referred to in paragraph 2) lett. A) it is absolutely necessary and indispensable to be able to effectively conclude the purchase contract with the jane22 service if the Customer refuses to process the data or any “refusal to reply” at the time the information is collected entails objective concrete impossibility for jane22 to accept the purchase proposal formulated by the customer by sending the order form pursuant to and for the purposes of art. 23 D. Lgs. 196/03 and s.m.i. and of the art. 6 c. 1 lett. a) and of the art. 9 c. 1 and 2 lett. a) of the EU Reg. 2016/697. Providing consent for data processing operations related to the purposes indicated in the previous point 2) lett. B) and C) instead regard to advertising transactions: any refusal will prevent the service jane22 to give course to these operations, but will still allow – if conferred the consent for the purposes referred to in lett. a) – to conclude and effectively implement the purchase contract for the products offered.
4. TYPOLOGY OF DATA PROCESSED
The treatment will have as its object personal data defined by the law as “common”. Personal data defined as “sensitive” or other specific categories of data will not be processed.
5. METHOD OF DATA PROCESSING AND DURATION OF DATA CONSERVATION.
The data are collected, processed, communicated and stored either in paper form or with electronic tools, adapted to the security standards imposed by law and protected through the technical and organizational measures adopted and constantly monitored and adapted, suitable to ensure security and protection some data. The duration of data retention coincides with the legal obligations regarding the conservation of documentation of an administrative, accounting and fiscal nature: for these reasons, the maximum data retention period will never exceed ten years and at the end of the imposed period from current legislation of mandatory conservation, the collected data are permanently destroyed.
6. SCOPE OF KNOWLEDGE OF VS. DATA, POSSIBILITY OF COMMUNICATION AND DIFFUSION OF THE SAME.
Your data may be communicated to: public and private subjects, who can access data according to the provisions of law, regulation or community legislation, within the limits set by these rules (in particular, they are cited as an example: Public Administrations, Tax Offices). Your data, exclusively of a common nature, may also be disclosed, always only and only for the execution of purchase contracts concluded through the service, to: credit institutions and / or similar persons to collect and collect payments; Internal secretarial offices; responsible for maintenance and repair. Only in the case in which the Customer expresses the explicit consent to the communication for advertising purposes, also from the commercial Partners, the data can be communicated to the partner companies.
7. INFORMATION ABOUT THE PERSONS RESPONSIBLE FOR THE TREATMENT THAT MAY BE NAMED
Recalling that the appointment of such subjects is optional, the Data Controller has not appointed specific Data Processing Managers, considering the company organization that allows the company owner to directly deal with data management. Considering the nature, the object, the context and the purposes of the processing of personal data carried out, at present the Data Controller has not provided for the designation of the Data Protection Officer (“DPO”) or the Data Protection Officer ex artt. 37 and ss. EU Reg. 2016/679.
At any time, Messrs. Clients may exercise their rights towards the data controller with particular reference to the rights to access their data, the right to rectification and cancellation (so-called “right to the right”) as well as the right to limitation of processing and the portability of their data, pursuant to and for the purposes of Article 7 of Legislative Decree no. 196/2003 and s.m.i. as well as the articles 13 c. 2 lett. b, c, d) and art. 15, 16, 17, 18, 19 and 20 of EU Regulation 2016/697 and s.m.i ..
The following are summarized below: the legislative provisions governing the aforementioned rights granted to the interested party.
RIGHTS OF THE INTERESTED PARTY
Legislative Decree 30 June 2003 n. 196 and s.m.i.
Art. 7 – Access rights to personal data and other rights
1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him / her, even if not yet registered, and their communication in intelligible form.
2. The interested party has the right to obtain the indication:
a) of the origin of personal data;
b) of the purposes and methods of the processing;
c) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identification details of the owner, the managers and the designated representative pursuant to art. 5, paragraph 2;
e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
3. The interested party has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right.
4. The interested party has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
EU Regulation 2016/697 and s.m.i.
Article 15 – Right of access of the interested party.
1. The data subject has the right to obtain from the data controller confirmation that the processing of personal data concerning him or her is in progress and, in this case, to obtain access to personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
(d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the data subject, all information available on their origin;
(h) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer.
3. The data controller provides a copy of the personal data being processed. In the event of further copies requested by the data subject, the data controller may charge a reasonable fee contribution based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated, the information is provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 shall not affect the rights and freedoms of others. Section 3
Article 16 – Right of rectification.
The data subject has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration.
Article 17 – Right to cancellation (“right to be forgotten”).
1. The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay if one of the following reasons exists:
a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
(b) the data subject revokes the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing ;
(c) the data subject opposes the processing pursuant to Article 21 (1) and there is no legitimate overriding reason to proceed with processing, or opposes processing pursuant to Article 21 (2);
d) personal data have been processed unlawfully;
e) personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the information society service offer referred to in Article 8 (1).
2. The controller shall, if he / she has made personal data public and is obliged, pursuant to paragraph 1, to delete it, taking into account the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform the data controllers who are processing personal data of the request of the person concerned to delete any link, copy or reproduction of his personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
A. for the exercise of the right to freedom of expression and information;
B. for the fulfillment of a legal obligation requiring treatment under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority of which the data controller is invested;
C. on grounds of public interest in the public health sector in accordance with Article 9 (2) (h) and (i) and Article 9 (3);
D. for the purposes of archiving in the public interest, for scientific or historical research, or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 risks making it impossible or seriously prejudices the achievement of the objectives of this treatment;
E. for the assessment, exercise or defense of a right in court.