Privacy policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA RELATING TO THE
WEBSITE: https://www.cieffemilano.it/
1: INTRODUCTION
This information will try to explain who processes the data of the interested party (also called User) and how their data and rights can be exercised. For particular clarifications, where the User does not understand or does not consider what is included in the information sufficient, please write to the following address: info@cieffemilano.it
2: SOME IMPORTANT FACTS ABOUT PERSONAL DATA
What are personal data? Personal data are any information that relates to an identifiable natural person. The email address is personal data. The text of a message, if it reveals information about a person, is personal data. Personal data is also the size, personal taste, etc.
What does processing personal data mean? The legal definition of processing includes any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data. So, pretty much everything that can be done with user data is called processing. Therefore, collecting or reading data, for example, or consulting them, is processing.
Why are they important for the person concerned? The data tells us who the data subject is and what they do. They are personal, and precisely because they are “personal”, they are important; it is also clear that as “personal”, the interested party has the right to decide whether to let them be processed by third parties - including this website - and to know how this is done.
3: WHO PROCESSES THE DATA
The data controller is the subject who makes decisions on how to process the data, therefore – among other things – what precautions to take to protect them, where to place them (whether in servers or clouds, etc.), which data to ask the user, which to process and for what purpose, which and to whom to transfer them, how to manage relationships and user rights, who to choose as a collaborator, manager or simple person in charge of processing the data, which instructions to give to collaborators
Cieffe Confezioni e Facon S.r.L.
Headquarters: Via Mecenate 84/8, Milano (MI) P.IVA e C.F.: 13399560153
Email: info@cieffemilano.it
Also, regarding any ancillary functions, Cieffemilano can use internal subjects authorized to process (also called persons in charge) or external subjects mostly as data processors, independent data controllers or joint controllers, depending on the case.
3. TO WHOM THE DATA ARE COMMUNICATED (or TO WHOM ACCESS TO THE DATA IS PERMITTED)
The data are communicated to subjects within the Data Controller (employees) who collaborate in the executive and administrative management of the service.
They can be further communicated in compliance with reporting obligations in the event of a request by a public authority (for example, a request by the Court, tax assessments, etc ...).
In addition, the data are communicated to the hosting service, any sub-suppliers and collaborators.
It is important to know that Cieffemilano can manage and dominate only the data stored and processed within its system: data transferred or communicated to third parties will be, in the manner and to the extent, independently processed by the third parties to whom they are communicated according to their own privacy policies. In any case, where Cieffemilano ceases the processing of a user’s personal data, it will also notify the subjects to whom such data have been communicated but cannot guarantee the termination of the processing by them.
4: WHERE ARE THEY PROCESSED
Cieffemilano processes Users’ personal data at its headquarters and on servers located in the EU area.
5: WHICH DATA ARE PROCESSED
Based on the significant quality of the data, the following can be identified:
- Contact details: email;
- Identification details: name, surname.
- Content data: the content of the communication sent by the User to the email address on the site.
- Navigation details;
- (If any): size, tastes, images.
6: FOR WHAT PURPOSES THEY ARE PROCESSED, AND INDICATION OF THE LEGAL BASIS AND DURATION OF STORAGE.
Cieffemilano processes user data for the following purposes:
- Response to requests sent by the user (information, exercise of rights, etc.): consists of responding to contacts made by the user (via email or other form of contact) and any subsequent and related individual communications (including indications of topics of probable interest to the user).
Legal basis: execution of the service requested by the user in the communication (such as the exercise of rights);
Duration: ten years (obligation to keep business correspondence).
Data processed: contact, identification and others depending on the content of the request (for example, the information contained in the text of the request may refer to persons and, as such, are personal data).
- Create database contacts: Cieffemilano creates a database of contacts received from the site
Legal basis: legitimate interest of the owner in the storage of contact data (considered prevailing over contrary interests as it guarantees the availability of the data to Cieffemilano and, on the other hand – since it is data of little danger and meaning – does not prejudice the user);
Duration: until the request for cancellation (see clause relating to the exercise of rights) by sending emails to ainfo@cieffemilano.it;
Data processed: email, identification, contents.
7: HOW THE DATA ARE PROVIDED
The User provides the data directly in case of contact through the contact details made available to the Data Controller on the site.
8: HOW THE SERVICE WILL “CONTACT” THE USER
Cieffemilano will “disturb” the User in the following ways:
You may receive emails, phone calls, messages or other communications from Cieffemilano: these will be operational communications or, in any case, a response to the communication sent by the User (see point 6.1). These communications are essential for regularly managing the relationship with the User.
9: WHAT ARE YOUR RIGHTS
Users are beneficiaries of a series of rights.
Rights of information about:
- Categories of data processed (see points 2 and 5);
- Origin of the data, i.e. knowing where the service gets the data (see point n.
7);
- Purposes of data processing, i.e. for what purposes the data are processed (see point no. 6);
- Details of the owner and any data processors (see point no. 3)
- Subjects to whom the data are communicated (see point no. 3/a);
- Data storage and processing time (see point no. 6);
- Right to lodge a complaint with the privacy guarantor by accessing the following link: https://www.garanteprivacy.it/i-miei-diritti
- Existence or not of profiling process;
- Legal basis of the processing (see point no. 6);
Then there are rights not simply of information but operational. They are of various kinds. In summary:
The interested party has the right to have a copy of the data provided. If automated methods have processed the data and based on consent or a contract, the user can request – if technically possible – that the data be transmitted to the interested party or even to a possible new owner (portability), provided that this operation does not infringe the rights (and data) of other persons. This right, in the present case, cannot be exercised concerning communications containing third-party data, industrial secrets or otherwise protected content. In this case, the user can also request the cancellation of data (unless the law requires the storage by the Data Controller as in the case of commercial communications).
- If the personal data are inaccurate or incomplete, the interested party may request to rectify or complete them, providing indications to that effect. If the Data Controller has to verify the accuracy of data contested by the interested party, they may, in the meantime, obtain the limitation of the disputed data. (Limitation means that the data are only stored and no other processing is made except with specific consent of the interested party or if they are used to exercise or defend a right in court).
- If the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the interested party may request their cancellation. However, if the interested party uses the data to exercise their right in court, they can request the limitation (i.e. only storing).
- If the processing is unlawful because the data are processed in the absence of consent, of legitimate interest by the Data Controller, of a contract for the execution of which the processing is necessary, or of a legal obligation to process by the Data Controller, the interested party may request the cancellation or limitation.
10: HOW TO EXERCISE THEM
Procedure for exercising rights: The User’s rights can be exercised by sending an email toinfo@cieffemilano.it.
The Data Controller must respond within thirty days (which can be extended for another two months, but the Data Controller, in this case, must give reasoned notice of the delay to the user).
If there is a reason, the Data Controller may refuse to respond to the user’s request (refusal that must be communicated to the user within one month) only in the case of manifestly unfounded or repetitive requests. He must then give a reasoned reply. The user can contact the “Privacy Guarantor” (see link below) or the Judge.
The Data Controller must respond using the same channel (email, telephone, etc.) used for the request unless the user himself requests an answer in a different way. In case of a request from an email address other than the one
Indicated in the account, the applicant must prove that he is the interested party.
If the Data Controller has any doubts about the identity of the person making the request or exercising one of the rights listed below, he may request further
Information to confirm the identity of the person in question. In case of a request from an email address other than the one indicated in the account, the applicant must prove to be the interested party.
Requests and responses are free of charge unless they are repetitive. In the latter case, the Data Controller may charge the out-of-pocket costs faced for the response (therefore, personnel costs, material costs, etc.).
In any case, the interested party can contact the Guarantor authority(https://www.garanteprivacy.it/i-miei-diritti) or the competent Judicial Authority to exercise their rights.
11: WHAT ARE THE USERS’ DUTIES AND RESPONSIBILITIES
The User is obliged to communicate truthful data.
The User must communicate any changes to the personal data previously communicated to the Data Controller. Finally, it is the user’s responsibility, where the functions allow it, not to enter excessive data.
12: DATA BREACH HYPOTHESIS
Should one or more of the following events occur with respect to Users’ data: unauthorized access, subtraction, loss, destruction, disclosure, modification (Data breach) Cieffemilano, without prejudice to the urgent technical measures to be put in place to block (as far as possible) the event and to reduce its harmful effects, undertakes to:
- restore the service efficiently as soon as possible, recovering the available data from the last useful backup made;
- inform Users directly, if circumstances allow it or generically (by notice on the home page of the website or by communication sent to all users, including those for whom there may have been no events on the data) of the type of event, the time it occurred, the measures taken (without going into detail not to facilitate any new attacks) to reduce damage and avoid new similar events, as well as measures that the user should – on their part - put in place to reduce the probability of new events and limit the consequences of those already occurred.
Information valid from December 2022