The purpose of this document is to inform users of the personal data collected by the website www.miacarmen.it (hereinafter the “Application”).
The Data Controller, as subsequently identified, may modify or simply update, in whole or in part, this document simply by informing Users. Changes and updates will be binding as soon as they are published on the Application. The User is therefore invited to read the Privacy Notice upon each access to the Application.
In the event of non-acceptance of the changes made to this Privacy Notice, the User is requested to cease using this Application and may ask the Data Controller to remove their Personal Data.
1. PERSONAL DATA COLLECTED BY THE APPLICATION
The Data Controller collects the following types of Personal Data:
A. Content and information provided voluntarily by the User
Contact details, e-mail or postal address and other contact details.
Failure by the User to provide certain Data may prevent this Application from providing its services.
The User assumes responsibility for the Personal Data of third parties published or shared through this Application and guarantees that they have the right to communicate or share them, freeing the Owner from any liability to third parties.
The processing of Personal Data is based on the User’s consent, and the User may revoke this consent at any time.
B. Data and content acquired automatically during the use of the Application
Technical data: during their normal operation, the computer systems and software procedures used to operate this Application may acquire Personal Data the transmission of which is implicit in the use of internet communication protocols. This is information which is not collected in order to be associated with identified interested parties but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category includes IP addresses or domain names used by Users who connect to the Application, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained, etc.
Usage data: Data relating to the use of the Application by the User such as pages visited, actions performed and features and services used may also be collected.
C. Personal data collected through cookies or similar technologies
Collected data can be used for the following purposes:
- User registration and authentication
- support and contact with the User
- external management of payments by credit card, bank transfer or other methods. The data used for payment is acquired directly by the payment service provider requested without being processed in any way by this application. Payments are provided by communicating the Data to PayPal
- user database management
- monitoring, analysis and tracking of User behaviour commercial affiliation
The processing of Personal Data is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes described.
In addition to the Data Controller, other parties involved in the organization of this Application may have access to the Data in some cases, providing assistance in the management of the Application and activity or ensuring the provision of services to the User. These parties, appointed if necessary as data managers by the Data Controller, will be able to access the Personal Data of Users whenever this is necessary and will be contractually obliged to keep it confidential. An updated list of data managers may be requested by email at firstname.lastname@example.org
4. LEGAL BASIS OF THE PROCESSING
The Data Controller processes Personal Data relating to the User if one of the following conditions exists:
- the User has given consent for one or more specific purposes
- the processing is necessary for the execution of a contract with the User and or for the execution of pre-contractual measures;
- the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
- the processing is necessary for the performance of a task of public interest or for the exercise of public powers vested in the Data Controller;
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.
It is however possible to ask the Data Controller for clarification regarding the concrete legal basis of each processing at any time.
The Data is processed in the Data Controller’s offices and in any other place where the parties involved in its processing are located. For more information, contact the Data Controller at the following email address: email@example.com
6. SECURITY MEASURES
Processing is carried out in such a way and with such tools as to guarantee the security and confidentiality of the data, the Data Controller having adopted adequate technical and organizational measures that guarantee the processing is carried out in compliance with the relevant legislation and which allow this to be demonstrated.
7. DATA RETENTION PERIOD
The Data Controller will conserve the Personal Data for the time necessary to fulfil the purposes related to the execution of a contract between the Owner and the User and, in any case, for no more than 3 years from the termination of the relationship with the User.
When the processing of Personal Data is necessary for the pursuit of the Data Controller’s legitimate interest, the Personal Data will be kept until such interest is satisfied.
When the processing of Personal Data is based on the User’s consent, the Data Controller may keep the Personal Data until revocation.
Personal Data may be kept for a longer period if necessary to fulfil a legal obligation or by order of an authority.
All Personal Data will be deleted upon expiry of the retention period. At the end of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
8. AUTOMATED DECISION-MAKING PROCESSES
Collected data will not be subject to any automated decision-making process, including profiling, which may produce legal effects for the person or which may significantly affect them.
9. USER RIGHTS
Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, the User has the right to:
- withdraw consent at any time;
- oppose the processing of their data;
- access their data;
- verify and request rectification;
- obtain the limitation of processing;
- obtain the cancellation or removal of their Personal Data;
- receive their data or have them transferred to another owner;
- lodge a complaint with the supervisory authority for the protection of personal data and/or take legal action.
To exercise these rights, Users should send a request to the Data Controller at the contact details indicated in this document. Requests are made free of charge and processed by the Data Controller as soon as possible and in any case within 30 days.
10. DATA CONTROLLER
Mia Carmen srl
Via Panisperna, 62, 00184 Rome RM
Ultimo aggiornamento: 30/11/2020