INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) 679/2016
General Data Protection Regulation - GDPR
This policy describes how personal data is processed for users who visit the website www.proteggendo.it (hereinafter referred to as the "Site") or use the services provided through Proteggendo.it (hereinafter referred to as the "Company"). In accordance with the principles recognized by European Regulation 679/2016 (hereinafter referred to as the "Regulation"), this policy provides the user, as a data subject, with all the necessary information to ensure maximum fairness and transparency regarding the processing of their personal data. This information does not apply to other websites, pages, or online services that may be accessed through links on this website, such as social media pages (Facebook, YouTube, etc.).
1. Data Controller
The data controller is HD casa s.r.l., located at Via Eduardo De Filippo 24, Olevano Sul Tusciano (SA). VAT number: 05688500650. The contact email for the Data Protection Officer is info@proteggendo.it.
2. Types of data processed, purpose, and legal basis for processing
As a result of visiting this website or using the services provided through it, the following types of personal data of users may be processed:
a) Browsing data
The computer systems and software procedures used to operate this site acquire, during their normal course of operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (successful, error, etc.), and other parameters related to the user's operating system and computer environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its proper functioning, identify anomalies and/or misuse, and are deleted immediately after processing. The data could be used to establish responsibility in case of hypothetical computer crimes against the site or third parties: except for this eventuality, the data on web contacts do not persist for more than seven days.
b) Personal data voluntarily provided by users:
1. Data necessary for the conclusion of e-commerce transactions as part of online purchases. Payment management services allow this site to process payments by credit card, bank transfer, PayPal, and cash on delivery. The payment data is acquired directly by the payment service provider requested without being processed in any way by the company (e.g., PayPal is a payment service provided by PayPal Inc., which allows users to make online payments using their PayPal credentials).
2. Data entered in forms found in some sections of the site (e.g., in the "Contact" section), or sent via email to the addresses listed on the site, or data entered for registration on the website or for the newsletter subscription, to the extent necessary to respond to the user's requests.
c) Personal data voluntarily provided by users is collected and processed for the following purposes:
• provision of the products requested by the user and management of related payments;
• registration on the site;
• subscription and sending of newsletters by email;
• responding to requests for information;
• statistical purposes.
The legal basis for processing for the above purposes, in addition to the need to execute the contract to which the user is a party or respond to their requests, is also the need to comply with legal obligations to which the Company is subject.
For processing carried out for the purpose of direct marketing or sending commercial communications related to products or services similar to those already requested by users, the Company may use email and postal addresses in accordance with and within the limits permitted by the decision of the Data Protection Authority of June 19, 2008, as the legal basis for such processing is the pursuit of its legitimate interest. In any case, under Article 21 of the Regulation, the user has the right to object to such processing at any time, initially or during subsequent communications, in an easy and free manner, by writing to the Data Controller or the Data Protection Officer at the addresses listed above, and will receive an immediate response confirming the cessation of such processing.
Regarding statistical purposes, the data will be processed anonymously and in aggregate form.
3. Mandatory or optional nature of providing personal data
The provision of personal data to the Data Controller, in particular, personal identification data, email address, postal address for product shipment, and telephone number, is necessary concerning the conclusion of the product purchase contract on the site or the registration phase.
Failure to provide personal data marked with an asterisk may result in the inability to complete the registration phase or to execute the product purchase contract on the site, or to use the services available on the site.
4. Recipients of users' personal data
The personal data of users who visit this site or use the services provided through it will be communicated to:
• authorized Proteggendo.it personnel under Article 29 of the Regulation, within the scope of their duties and to the extent necessary to allow the execution of activities strictly related to providing the requested services;
• Improntae S.r.l. as a processor, for the provision of site development and installation services;
• Serverplan S.r.l. as a processor for providing hosting services for the proteggendo.it site;
• Codice S.r.l. as a processor for providing maintenance and technical support services;
• 7Pixel S.r.l., represented by its pro-tempore legal representative, is appointed as a data processor for managing user requests for comments within the Trusted Program of the site www.trovaprezzi.it;
• couriers for the management of product delivery;
• subjects, authorities, or entities to which the communication of personal data is mandatory under legal provisions or orders of the competent authorities;
Personal data of users will not be transferred abroad, to countries or international organizations outside the European Union that do not guarantee an adequate level of protection recognized under Article 45 of the Regulation, based on a decision of adequacy by the EU Commission. If necessary for the provision of services, the transfer of personal data to countries or international organizations outside the EU will be carried out in compliance with Articles 45-49 of the Regulation.
5. Retention of users' personal data
The personal data voluntarily provided by users will be retained in a form that allows the identification of data subjects for the time strictly necessary to achieve the purposes for which the data was collected and subsequently processed, and, in any case, within legal limits.
Personal data related to online product purchases will be retained for 10 years.
6. Data subject's rights
Articles 15-22 of the Regulation grant the data subject the following rights:
• request confirmation of the existence or non-existence of their personal data (Article 15(1));
• obtain information on the purposes of the processing, categories of personal data, recipients or categories of recipients to whom the personal data have been or will be disclosed, and, where possible, the retention period (Article 15(1)(a), (c));
• obtain rectification and deletion of data (Articles 16 and 17);
• obtain the restriction of processing (Article 18);
• obtain from the Data Controller information on the recipients to whom personal data have been transmitted and on any rectifications, deletions, or restrictions of processing (Article 19);
• obtain data portability, i.e., receive it from a Data Controller in a structured, commonly used, and machine-readable format, and transmit it to another Data Controller without hindrance (Article 20);
• object to an automated decision-making process relating to individuals, including profiling (Articles 21 and 22);
• withdraw consent at any time, where the processing is based on consent (Article 7(3));
• When a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, the Data Controller shall communicate the breach to the data subject without undue delay (Article 34);
Data subjects may contact the Data Protection Officer for any matters related to the processing of their personal data and the exercise of their rights under this regulation by sending an email to info@proteggendo.it.
Users who believe that their personal data processing, carried out through this site, violates the provisions of the current data protection legislation have the right to lodge a complaint with the supervisory authority under Article 77 of the Regulation, or to seek judicial remedies.
7. Changes and updates to this Privacy Policy
Changes and updates to this Privacy Policy will be notified to users on the homepage of the website or via email (for registered users) as soon as they are adopted and will become binding as soon as they are published on the website in this section.