TESSUTI ARTISTICI FORTUNY S.R.L. informs the subjects (“users” or “data subject”) who access to the website www.ethicsbusinesslaw.it and/or who use the services available on the aforementioned site, on the purposes of the collection and on the methods of processing of personal data, in accordance with the provisions of art 13, co. 1, of EU Regulation 679/2016 (hereinafter GDPR).
The User who is not yet 18 years old can freely browse our website; however, the services that require registration or provision of data and information are intended for adults. Only subjects exercising parental responsibility may transmit the data relating to minors to the Data Controller through the access to the website and the services.
a) Data Controller
TESSUTI ARTISTICI FORTUNY S.R.L., C.F./P.I. 00163790272, with registered office in 30133 Venezia (VE), Isola della Giudecca 805, is the Data controller of the processing of user’s personal data.
b) Purposes of the processing
Personal data of users will be processed for the following purposes:
- Navigation of the site, in relation to the possibility of detecting necessary user data on a technical level, such as for example the IP address, while browsing the site.
- managing and maintaining the site;
- allowing the use of the services and satisfaction of user requests;
- fulfilling the obligations established by law, by a regulation, by European legislation or by an order of the Authority or in any case connected with institutional activities and functions;
- sending newsletters, upon specific request by the user;
- answering to any requests for information from the user;
- statistical analysis.
c) Legal basis of the processing
Legal basis for the processing, pursuant to article 6, sub. 1, are
- letter B (“performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract “);
- letter C (“legal obligation“);
- letter A (“consent “) in relation to the transmission of communications related to the activities and initiatives of the Data Controller, as well as newsletters.
d) Recipients of personal data. Transfer of personal data to third countries.
The Data Controller may communicated all data collected and processed, only for the purposes specified above, to third parties who can process personal data on behalf of the Data Controller as “Data Processors”. The Data Processors are, for example, suppliers of IT and logistic services functional to the operation of the Site, outsourcing or cloud computing service providers, system administrators or subjects who provide hosting services, professionals and consultants, associations, companies and professional firms, also abroad, with whom is maintained a contractual relationship of collaboration or correspondence, external subjects who provide specific services, such as translation or electronic archiving services, entities or legal persons who collaborate with the Controller for administrative, accounting, fiscal, management reasons, as well as all other subjects to whom the communication is mandatory by law for the fulfillment of the aforementioned purposes.
These recipients will be named as “data processors”, with a specific contract or other legal act. The updated list of data processors is available at the registered office of the Data Controller. The user can freely contact the data controller for any clarification or problem concerning its privacy.
e) Personal data retention period
The data will be stored for a period of time not exceeding what is necessary to achieve the purposes indicated and/or in compliance with the terms provided by law or regulation, or in any case according to what is necessary for the civil protection of the interests of both Users and Data Controller.
After the retention period, the Controller will completely delete the data provided by the User.
In relation to the purpose of newsletter transmission, the data will be stored until the user will oppose the sending of newsletters, through the appropriate link contained therein or through the methods of exercising the rights indicated in the paragraph below.
f) Data Subject’s rights
In relation to all personal data processed, the Users may exercise the rights provided by the GDPR and specifically:
- Right of access to personal data collecting and processed (art. 15);
- Right to rectification of data (art. 16);
- Right to erasure and right to be forgotten (art. 17);
- Right to restriction of processing (art. 18);
- Right to data portability (art. 20);
- Right to object (art. 21);
- Right not to be subject to a decision based on automated processing (art. 22);
- Right to withdraw the consent (if the processing is based on consent). It shall not affect the lawfulness of processing based ton consent before its withdrawal (art. 7);
- Right to lodge a complaint with a supervisory authority (art. 77);
- Right to an effective judicial remedy against the supervisory authority (art. 78) and against the controller or the processor (art. 79).
g) Reasons of the provision of personal data. Consequences of denial.
The provision of personal data for the processing purposes indicated above is optional but necessary, because the denial of the provision of data will make impossible for the User to browse the Website, to register and to use the services offered by the Data Controller.
Anyway, the consent is optional in relation to the use of Users personal data for commercial purposes.
The user is free to provide personal data in the request formats. If the user does not provide the data, which are necessary to supply the service, it may be impossible to obtain what he required.
h) Processing method
The personal data concerning users will be processed according to the principles of lawfulness, fairness and transparency and protection of the privacy and the rights of the Users. The data will be processed in the following ways:
- Access to data and archives allowed only to subjects that are authorized to process the data;
- Data and area protection by technical and organizational security measures adequate and systematically monitored, as required by art. 32 GDPR;
- Registration and processing both through files and paper supports and through IT supports;
- Conservation by saving and archiving in paper files but mainly in hardware systems of the Data Controller or its Processors.