The company ALPHABET DESIGN SRLS pursuant to Article 13 of EU Regulation No. 679/2016 ("GDPR") informs all customers who purchase its products (identified as "Data Subjects") about the executive and organisational methods of processing and the rights of the data subject.
OBJECT OF THE PROCESSING
The condition that makes data processing lawful is subject to the establishment and/or management of ongoing commercial, administrative, accounting and management relations with both Customers and Suppliers . The data collected may refer to a natural person, referred to as the "data subject", and therefore may constitute an object of one of our processing operations, referring to Customers and Suppliers. The data collected are managed in such a way as to protect the fundamental rights and freedoms of natural persons. No data is disseminated or used for profiling activities. The data collected are used to fulfil pre-contractual, contractual and fiscal obligations arising from existing relations with customers or suppliers, to fulfil obligations provided for by law, regulation or EU legislation, to exercise the rights of the Owner, for example the right of defence in court. In addition to the Data Controller, certain categories of data may be transmitted to external parties appointed by the Data Controller as external Data Processors, such as suppliers of specific technical services, consultancy services, logistics services, IT and tax data management, and communications.
DATA CONTROLLER
The Data Controller is the Company ALPHABET DESIGN SRLS, with head office in Via Ivancich 45/B 30174 VENICE VAT No. 04749360 mail: info@alphabetdesign.it
The updated list of External Data Processors is made available to the data subject by sending a simple written request to the following email address: info@alphabetdesign.it
PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING
The User's data are collected to enable the Data Controller to supply its products, fulfil its fiscal and legal obligations, guaranteeing professional secrecy on direct and indirect information. Personal data are processed in compliance with the lawfulness of Art. 6 EU Regulation 679/2016, in relation to the conclusion of supply contracts of the Owner, to fulfil pre-contractual, contractual and fiscal obligations arising from existing relationships with customers or suppliers, to fulfil the obligations provided for by law, or by a regulation, or by EU legislation, to exercise the rights of the Owner, for example the right of defence in court. For these types of data, the consent of the data subject is not required.
There are other data, for which consent is required from the data subject, which concern the activities listed below that the Data Controller may carry out. The categories of data in question are:
- marketing activities;
- send you by mail, post and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products offered by the Data Controller and satisfaction surveys on the quality of services;
- send you by mail, post and/or sms and/or telephone contacts commercial and/or promotional communications from third parties (e.g. business partners, other commercial and consulting companies) strictly necessary to pursue the purposes described above.
In any case, personal data will be kept for a period of time no longer than is strictly necessary to achieve the purposes indicated. Personal data whose retention is not necessary in relation to the stated purposes will be deleted or transformed into anonymous form.
DURATION AND STORAGE OF DATA
In any case, personal data will be kept for a period of time not exceeding that which is strictly necessary to achieve the indicated purposes. The maximum duration is expected to be 10 years, linked more to tax obligations.
Personal data whose retention is not necessary in relation to the stated purposes will be deleted or transformed into anonymous form.
The data collected by the Controller shall not be subject to an automated decision-making process, including profiling as referred to in Art. 22 paragraphs 1 and 4
The Controller will process the data for the time strictly necessary according to the duration of the contractual relationship and for a period of time related to tax obligations.
All personal data conferred will be processed in compliance with the principles of lawfulness, correctness, relevance and proportionality, by means of hard copy filing, or computerised and telematic filing. It should be noted that the information systems used to manage the information collected are configured from the outset to minimise the use of personal data.
Specific security measures are observed by the company to prevent data loss, illicit or incorrect use and unauthorised access.
RIGHTS OF THE DATA SUBJECT
Article 15 of EU Regulation 679/2016 regulates the information that the data subject may request from the Data Controller as explained in more detail:
- the data subject may decide not to provide any data or subsequently deny the possibility of processing for such purposes data already provided. In this case he/she will not be able to receive newsletters, commercial communications and advertising material related to the services, events and products offered by the Data Controller, with the exception of data that must be processed in order to pursue a right of the Data Controller;
- the data subject has the right to request from the Data Controller, when he or she has an interest in doing so, access to or rectification or erasure of personal data or restriction of the processing of data concerning him or her or to object to the processing of data concerning him or her, in addition to the right to data portability
- the data subject has the right to withdraw consent at any time where he or she has already given it, without, however, affecting the lawfulness of the processing based on the consent given before the withdrawal (Ref. Art. 6(1)(a) and Art. 9(2)(a) of EU Regulation 679/2016)
- the data subject has the right to receive information from the Controller prior to any action by the Controller aimed at a type of processing different from that for which the data was collected;
- where applicable, the data subject also has the rights under Articles 16-21 GDPR (right to be forgotten, right to object);
- the data subject has the right to lodge a complaint with a supervisory authority;
- for all data subjects who have already provided their personal data in the past, the above rights can be exercised at any time.
PROCEDURES FOR EXERCISING RIGHTS
It should be noted that any interested party may at any time exercise his or her privacy rights by sending an e-mail to: info@alphabetdesign.it
METHODS OF PROCESSING
The processing of personal data is carried out by means of the operations indicated in Article 4 paragraph 2 of EU Regulation 679/2016, namely: any operation or set of operations, carried out with or without the aid of recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.
The personal data collected by the Controller are subject to both paper and electronic processing.
The processing is carried out by specially appointed officers and collaborators within the scope of their respective functions and in accordance with the instructions received, always and only for the achievement of the specific purposes, scrupulously observing the principles of confidentiality and security required by the applicable regulations, always respecting the fundamental rights and freedoms of the Data Subject.
ACCESS TO DATA
The data may be made accessible to the following categories of Data Processors
- employees and collaborators of the Data Controller in their capacity as persons in charge and/or internal data processors and/or system administrators;
- third-party companies or other entities (by way of example, credit institutions, professional firms, consultants, insurance companies, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors, the list of which is available at the Data Controller's offices.
COMMUNICATION OF DATA TO THIRD PARTIES
Without the need for express consent, the Data Controller may only communicate the data collected for the purposes set out in the preceding points to Supervisory Bodies, Judicial Authorities as well as to all other parties to whom communication is required by law for the fulfilment of the aforesaid purposes, taking care that such data are not unlawfully disclosed.
TRANSFER OF DATA
Data are not transferred outside the European Union. It is in any case understood that the Data Controller, should it become necessary, avails itself of the right to transfer the data in the European Union and/or in non-EU countries to other investee companies only with the prior consent of the data subject and in compliance with the applicable legal provisions by entering into, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
DEFINITIONS AND LEGAL REFERENCES
Personal Data (or Data)
Personal data is any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.
Usage Data
This is the information collected automatically through this Website (including by third party applications integrated into this Website), including: IP addresses or domain names of the computers used by the User who connects with this Website, URI (Uniform Resource Identifier) notation addresses, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various time connotations of the visit (e.g. time spent on each page) and details of the itinerary of the visit (e.g. time spent on each page) and the time spent on the website. ), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User's IT environment.
User
The individual who uses this Website which, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Controller (or Processor)
The natural person, legal entity, public administration and any other entity that processes Personal Data on behalf of the Controller, as set out in this privacy policy.
Data Controller (or Owner)
The natural or legal person, public authority, service or other body that, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including the security measures relating to the operation and use of this Web Site. The Data Controller, unless otherwise specified, is the owner of this Web Site.
Appointee
The natural person authorised to enter data in special electronic tools, in compliance with specific procedures adopted by the Data Controller or the Data Processor who appointed him/her
This Website (or this Application)
The hardware or software tool through which Users' Personal Data are collected and processed.
Service
The Service provided by this Website as defined in the relevant terms (if any) on this site/application.
European Union (or EU)
Unless otherwise specified, any reference in this document to the European Union shall be deemed to include all current member states of the European Union and the European Economic Area.
Cookie
Small piece of data stored within the User's electronic device.
Legal references
This Privacy Policy is drafted on the basis of multiple legislative orders, including Articles 13 and 14 of Regulation (EU) 2016/679.
For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).
We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected: