DATA PRIVACY DISCLAIMER
In compliance with the obligations deriving from the European General Data Protection Regulation n. 2016/679 (GDPR), in particular articles 13 and 14, and the national legislation, we respect and protect the Data Subjects (visitors and users), making every possible and proportionate effort not to infringe their rights.
1 - Subjects of the processing
The Data Controller, pursuant to art. 4, par. 7, of the GDPR, is Donato Martinelli & C. Snc, via Tonale 55, Leffe (BG) Italy (P.Iva 00630420164), tel +39035732432, mail info@donatomartinelli.com.
2 - Types of data collected
The company collects data in the following ways.
Data collected automatically
While the Users are browsing the website, the following information can be collected and stored in the server log files (hosting), in some cases also in the site database:
- Internet Protocol (IP) address;
- type of browser;
- parameters of the device used to connect to the site;
- name of the Internet Service Provider (ISP);
- date and time of visit;
- web page of origin of the visitor (referral) and exit;
- possibly the number of clicks.
These data are used for statistical and analytical purposes, in an exclusively aggregated form. None of this information is related to the natural person-user of the site, and does not allow identification in any way. The IP address could possibly be used exclusively for security purposes without crossing it with any other data.
Data provided voluntarily
This site may collect other data in case of voluntary use of services by Users, such as communication services (contact forms, email). The company can collect additional data when visiting the physical store. These data, used exclusively for the provision of the requested service, may be the following:
- name and surname;
- date and place of birth;
- email address;
- physical residence address;
- identity document;
- VAT number and / or tax code;
- company and headquarters;
- social profiles;
- residence or geographical location;
- payment methods and bank details.
The services provided by the site are generally not aimed at individuals under the age of 16, and therefore we do not knowingly record their data.
Methods of data processing
The processing of personal data is carried out mainly using IT and paper tools in compliance with the regulations in force and in particular with the principles of correctness, lawfulness, transparency, relevance, completeness and not excess, accuracy and with organizational and processing logics strictly related to the purposes. pursued and in any case in such a way as to guarantee a high level of security, integrity and confidentiality of the data processed, in compliance with organizational, physical and logical measures and in compliance with the provisions of art. 32 of the European Regulation 2016/679 (GDPR) as well as sector practices. Access to data is allowed only to specifically authorized and trained persons and only for purposes related to the specific role of the authorized person.
The company does not carry out profiling of the data of its clients.
​
3 - Purposes of the processing
The data are used for the purposes for which they were collected, unless it is reasonably possible to use them for compatible purposes pursuant to the laws in force.
Provision of the requested service
The data is used mainly for the execution of business relationships and the provision and organizational management of the services requested by customers and users, as well as for the fulfillment of related legal obligations and for the protection of contractual rights.
Statistics (analysis)
The data collected by the site are used in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site. None of this information is related to the natural person concerned (User or site visitor), and does not allow his identification in any way.
Security
The data are processed in order to protect the security of the site (spam filters, firewalls, virus detection), and of users and their information, and to prevent or unmask fraud or abuse (eg SPAM) to the detriment of the website. They are automatically recorded and may possibly also include personal data that could be used, in accordance with the laws in force on the subject, in order to block attempts to damage the site itself or to damage other users, or in any case harmful activities or constituting a crime. These data are never used for the identification or profiling of the User and are periodically deleted.
Marketing
The data are used, with prior consent, to keep Users informed about the activities, events, promotions and offers promoted by the Data Controller, through automated methods (mail, social media, etc...).
Shopping
The data is processed to manage orders, provide products and services, manage the guarantee on products and services, process payments, communicate with users regarding orders, products, services and promotional offers.
Accessory activities
The data may be disclosed to third parties who perform functions necessary or instrumental to the operation of the Data Controller (e.g. companies for the maintenance of the IT system), and to allow third parties to carry out technical, logistical and other activities on our behalf. (e.g. fulfill orders, send mail, analyze data, provide marketing assistance, make payments with credit cards). Suppliers have access only to personal data that are necessary to carry out their duties, undertake not to use the data for other purposes, and are required to process personal data in accordance with current laws.
4 – Legal basis of the processing
The data relating to the performance of economic activities and those functional or instrumental to the performance of economic activities (provision of services and shopping) are processed on the basis of the fulfillment of contractual and pre-contractual obligations. Refusal to provide such data precludes the execution of the contract.
The data for tax compliance and the keeping of accounting records, necessary in order to use the services provided for a fee, and for billing purposes, are processed on the basis of legal obligations. The refusal to provide such data prevents the fulfillment of the obligation.
Marketing data is processed on the basis of user consent, through the forms prepared. The provision of data and therefore consent to the collection and processing of data is optional, the User can deny consent, and can revoke a consent already provided at any time. However, denying consent may make it impossible to provide some services and the browsing experience on the site would be compromised.
The data for the safety of the site and company assets and for the prevention of abuse and SPAM, as well as the data for the analysis of site traffic (statistics) in aggregate form, are processed on the basis of the legitimate interest of the Data Controller in the security of the site and users, as well as company and third party assets. The processing of data for commercial communications relating to artwork and / or services similar to those already purchased and / or signed by the user is based on a legitimate interest of the Data Controller.
5 – Place of processing
The data collected by the site are processed at the headquarters of the Data Controller, and at the web Hosting datacenter, Wix ltd, which is the Data Processor by processing the data on behalf of the Data Controller, and acts in compliance with European laws:
- policy privacy: https://it.wix.com/about/privacy;
- DPA: https://www.wix.com/about/privacy-dpa-users.
6 - Data retention
The data are processed for the time necessary in relation to the purposes for which they were collected, and in any case no later than the time prescribed by law. In the absence of rules or practices that provide for different retention times, the data will be used, balancing the interests of the Data Controller and the rights of the Data Subjects, for a reasonable time with respect to the interest expressed by the Data Subjects and processed for the minimum period necessary in compliance with the indications contained in the sector regulations. The data may be processed for further periods in the event that the processing is necessary to defend or assert a right or by order of the authorities.
The collected data are processed for the following periods:
- purpose of supplying services: the data are kept until the expiry of the contract plus a further 10 years;
- purposes of judicial protection, up to the end of the useful period for judicial protection;
- shopping purposes: the data are kept until the warranty expiration period, some data are kept until the end of the period useful for judicial protection;
- data necessary for fiscal, accounting, tax and anti-money laundering purposes: they are kept until the assessments relating to the corresponding tax period are defined, therefore for at least 10 years (Article 2220 of the Civil Code) and more if the related annuity is not yet prescribed for tax purposes.
7 - Communication of data
The collected data are not sold, but may be disclosed to third parties who provide services or otherwise process data on behalf of the Data Controller, such as: IT and functional service providers of the site; outsourcing (email management, cloud computing); payment or credit service providers; professionals or consultants. For the list of third parties, see par. 8. Third parties process the User's data exclusively for the purposes indicated in this statement and in compliance with the provisions of the applicable legislation.
Other third parties acting as independent data controllers may become aware of the Users' data, also processing the data for purposes other than those of this company. For example:
- Google with reference to the fan page on Youtube;
- Facebook (eg. Fan page) and in general social networks that use the data conveyed through social plugins also for advertising and marketing purposes.
The indipendent data controllers are bound by European and national regulations on the protection of personal data, and are personally responsible for them in full autonomy.
By giving consent to the use of the services indicated, through the appropriate forms or boxes, the User expressly gives consent to the communication of data to the independent and joint data controllers for the purposes indicated in this information and in their respective information (see par. 8.1).
The data could be provided to the judicial and administrative authorities in the event of a legitimate request or to public bodies or agencies in the cases provided for by law (eg tax data).
Users at any time have the right to obtain information on third parties to whom the data may be transferred, by making an express request to the Data Controller (see par. 1) in the manner indicated in par. 10.
Transfers outside the EU / EEA
Some of the data processed may be shared with services located outside the European Union and the EEA (European Economic Area). In particular:
- Google (Analytics);
- Wix ltd (hosting: SCCs: https://www.wix.com/about/privacy-dpa-users).
The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data. In the absence of adequacy decisions by the European Commission, the Data Controller makes every effort to ensure the adoption of adequate guarantees, through the signing of standard contractual clauses (SCCs) with the foreign company receiving the data, which guarantee a level of data protection. corresponding to that established by European legislation.
8 – Third party Services and Cookies
This site uses cookies (unique identifiers) that allow to store information on visitor preferences, are used in order to verify the correct functioning of the site and to improve its functionality by customizing the content of the pages based on the type of browser used, or to simplify navigation by automating the procedures (eg site language), and finally for the analysis of the use of the site by visitors.
This site uses the following categories of cookies:
- technical cookies, used for the sole purpose of transmitting an electronic communication, to ensure the correct display of the site and navigation within it. In addition, they allow you to distinguish between the various connected users in order to provide a requested service to the appropriate user and for site security reasons;
- analysis cookies, used to collect information in aggregate form, on the number of users and how they visit the site. They are assimilated to technical cookies if the service is anonymized.
Refusal or withdrawal of consent to cookies
The User can refuse or revoke a consent already provided at any time, even by disabling cookies directly from the browser.
The instructions for disabling cookies, and for the eventual elimination of cookies already present on the User's device, can be found on the following web pages:
Google Chrome https://support.google.com/chrome/answer/95647?hl=it
Mozilla Firefox https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Microsoft Internet Explorer https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge https://support.microsoft.com/it-it/help/4027947/windows-delete-cookies
Opera https://www.opera.com/it/privacy/cookies
Apple Safari https://support.apple.com/it-it/HT201265
​
First party cookies Wix
The Wix platform uses technical cookies for security and anti-fraud purposes.
8.1 - Third party services and related cookies
This site also acts as an intermediary for third-party cookies used to provide additional functionality to visitors or to verify the functioning of the site itself. This site has no control over their cookies entirely managed by third parties and has access to the information collected through these cookies only in aggregate form. Information on the use of these cookies and their purposes, as well as on how to disable them, are provided directly by third parties on the pages indicated below. These cookies could be used by third parties to provide personalized advertising on third party sites.
Google Ireland Ltd
Data Controller is Google Ireland Ltd (headquarters Gordon House Barrow Street Dublin 4, Ireland), for information on processing, it is recommended to read the Google privacy policy https://policies.google.com/privacy and the page on how Google uses data when using partner sites or apps: https://policies.google.com/technologies/partner-sites
- Google Analytics: The data collected do not allow the personal identification of users, and are not crossed with other information relating to the same person. They are processed in aggregate form and anonymized (truncated to the last octet). On the basis of a specific agreement, Google Inc. is prohibited from crossing such data with those obtained from other services.
SCCs: https://privacy.google.com/businesses/processorterms/
Further information on Google Analytics cookies can be found on the Google Analytics Cookie Usage on Websites page: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
It is possible to selectively disable the action of Google Analytics by installing on your browser the appropriate component provided by Google (opt out): https://tools.google.com/dlpage/gaoptout
- Google reCAPTCHA: analyzes visitor behavior to check whether the data entered in the contact forms comes from a human or an automated program (bot), also evaluating information such as the IP address, browsing time and mouse movements. The data collected is provided to Google Inc. The data is processed by the Data Controller on the basis of the legitimate interest in protecting the website from SPAM and abuse.
Further information:
- https://www.google.com/intl/en/policies/privacy/
- https://www.google.com/recaptcha/intro/android.html
9 - Security measures
We process visitor and user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data. We are committed to protecting the security of your personal data when it is sent, for example by using Secure Sockets Layer (SSL) software, which encrypts information in transit. The processing is carried out using IT tools with organizational methods and with logic strictly related to the purposes indicated. The subjects authorized to process the data are bound by specific confidentiality clauses, are fully informed on the tasks assigned to them and on the security measures to be adopted in data management. In addition, an operational continuity plan is prepared to ensure data recovery, and therefore service availability, in a short time.
10 – Rights of Data Subject
You can exercise the following rights at any time:
- right to access your data and know its origin, purposes and retention period, the details of the Data Controllers and of the subjects to whom the data have been communicated, if the data are transferred to a third country and information on the guarantees for the transfer;
- right to obtain a copy of the data provided within the limits of reasonableness;
- revoke the consent given at any time without the need to give reasons, but without prejudice to the processing carried out up to that moment;
- right to update or correct your data;
- the right to object in whole or in part to the processing carried out on the basis of the legitimate interests of the owner, unless there is a legitimate reason to continue the processing, such as the exercise of rights in court;
- right to object to the processing of personal data for marketing or commercial communication purposes;
- right to request the cancellation of your data (even after the withdrawal of consent), if no longer necessary for the purposes of the owner, in the event of withdrawal of consent, opposition to processing, processing in violation of the law, or if there is a legal obligation cancellation;
- right of limitation, that is to obtain the block of the processing in case of violation of the conditions of lawfulness, but also if the Data Subject requests the rectification of the data (pending rectification) or opposes their processing (pending the decision of the Data Controller), in which case the data will not be processed except for the conservation of the same;
- right to data portability, only in cases of processing based on consent or contractual necessity, the right to receive or transmit to another indicated Data Controller, at the cost of any support, your data provided to the Data Controller, in a structured and readable by a data processor and in a format commonly used by an electronic device;
- right to lodge a complaint with the Supervisory Authority (link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524).
To exercise your rights it may be necessary to provide documentation to identify you (copy of an identity document), to certify the legitimacy of the request and prevent the data from ending up in the wrong hands. The deadlines for responding to requests are 30 days, which can be extended for another 30 days in special cases.
In some cases the aforementioned rights may not be concretely exercisable, such as in the case in which the communication of data would also expose data of other people, or in the case of video recordings for which it is not materially possible to exercise the right to update or data correction.
Requests should be sent to the Data Controller (see par. 1).
11 – Updates
This privacy disclaimer is updated as of July 28, 2021.