Information pursuant to art. 13 of the European Regulation 679/2016
According to the art. 13 of European Regulation (EU) 2016/679 (hereinafter GDPR) and in relation to personal data referred to RE.LEG.ART. Soc. Coop. to M.P. Onlus in the person of the Chairman of the Board of Directors and legal representative pro tempore ROMANIELLO SILVIA will be available for online sales (B2C e-commerce contract) of leather craft items, we inform you as follows:
Who is the data controller of your personal data?
The data controller is RE.LEG.ART. Soc. Coop. to M.P. Onlus in the person of the Chairman of the Board of Directors and legal representative pro tempore ROMANIELLO SILVIA, based in Perugia, via Fiorenzo di Lorenzo n. 2 bis / 1;
The owner can be contacted by email at:email@example.com
The Data Controller has not appointed a person responsible for the protection of personal data (RPD, that is, data protection officer, DPO).
What are your personal data being processed?
The personal data you provide and the object of the processing are:
Tax identification data;
For what purposes will your data be processed?
Your data will be processed for:
fulfill the obligations set forth in the tax and accounting areas (legal obligation);
execute the contract of online sale of handicraft and leather products, book binding jobs (e-commerce contract).
comply with the obligations incumbent on the Data Controller and foreseen by current legislation (eg: anti-money laundering) (legal obligation);
preparation of estimates for sale of handicraft and leather products (fulfillment of pre-contractual obligations);
advertising and marketing purposes (express consent).
Personal data may be processed by means of both paper and computer archives (including portable devices) and processed with methods strictly necessary to meet the aforementioned purposes.
What are the legal bases of the treatment?
The legal basis for processing your personal data is:
fulfillment of pre-contractual measures.
What are the consequences of not communicating your personal data?
With regard to personal data relating to the execution of the contract of which you are part or relating to the fulfillment of a regulatory obligation (for example, the obligations related to the keeping of accounting and tax records), the failure to communicate personal data prevents the completion of the contractual relationship itself.
How long will your personal data be kept?
Your personal data, subject to processing for the purposes indicated above, will be kept for the period necessary for the execution of the contract and subsequently for the period of time necessary for the Data Controller to carry out legal obligations and not less than 10 years.
To whom will your data be communicated?
Your personal data may be disclosed to:
Consultants and accountants for the fulfillment of the tax and accounting obligations on the Data Holder, whose name is available from the Data Controller;
Third party liability and damage insurance, whose name is available from the data owner;
credit recovery companies; lawyers, whose name is available from the data owner;
subjects that process the data in compliance with specific legal obligations;
Public administrations in compliance with legal obligations.
Banking and insurance institutions that provide functional services for the purposes indicated above;
In no case will your personal data be transmitted to non-EU countries.
Will your personal data be subject to profiling?
Your personal data are not subject to dissemination or to any entirely automated decision-making process, including profiling.
What rights can you exercise?
The rights granted to you by the GDPR include those of:
ask the Data Controller to access your personal data and information relating to them.
the correction of inaccurate data or the integration of incomplete ones; the deletion of personal data concerning you (upon the occurrence of one of the conditions indicated in article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided in paragraph 3 of the same article); the limitation of the processing of your personal data (in the event of one of the hypotheses indicated in article 18, paragraph 1 of the GDPR);
request and obtain from the professional - in cases where the legal basis of the processing is the contract or consent, and the same is carried out by automated means - your personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller (cd to the portability of personal data);
oppose the processing of your personal data at any time in the event of particular situations that concern you;
withdraw consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and concerns common personal data (for example, date and place of birth or place of residence), or particular categories of data ( for example, data revealing your racial origin, your political opinions, your religious beliefs, your health or sexual life). The treatment based on the consent and carried out prior to the revocation of the same preserves, however, its lawfulness;
make a complaint to a supervisory authority (Authority for the protection of personal data– www.garanteprivacy.it).
Each of the aforementioned rights must be exercised in writing, by email at the address firstname.lastname@example.org or by registered letter with return receipt to be sent to RE.LEG.ART. Soc. Coop. ONLUS, Via Fiorenzo di Lorenzo n. 2 / BIS / 1, 06121 - Perugia.
What happens if third parties breach your personal data?
in case of violation of your personal data, if the violation is likely to present a high risk for your rights and your fundamental freedoms, the Data Controller in accordance with Article 34 GDPR will notify the data subject, without justified delay, the violation.