Data Protection Statement
in accordance with EU regulation n. 679/2016
Information about our Data Protection Policy
Dear Data subject,
Our company takes your personal data seriously and guarantees to protect data we collect from any risk of violation.
This policy statement, in accordance with guidelines published in EU regulation 679/2016, (hereinafter refered to as ‘the GDPR’) describes the type of data and scope for which it is collected and processed.
Who we are
Metti Pazzaglia Enrico uses and is responsible for certain personal information about you.
Any questions regarding protection of your data should be directed to the following email address: info@badiaccia.com
General data collection
We collect the following data:
Navigation data Personal data Information provided by the data subject
The company refrains from requesting sensitive personal data listed in GDPR article 9 concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a physical person, data concerning health or data concerning the data subject’s sexual orientation.
Transferring personal data outside of the EU
No personal data will be transferred outside of the EU by us.
SCOPE
Data provided by the data subject enables the company to offer content and services chosen and/or purchased, to manage and process requests for information, provide assistance and comply with laws the company is subject to. Under no circumstances will the company sell personal data to third parties or use it for any unnamed scope.
Personal data is processed for:
Online registration and requests for information and/or to be contacted Contract data management Security of personal data Profiling
Lawfulness of processing
Registration and contact and/or information request Performance of a contract Systems security Profiling
Data Storage
Personal data is processed in accordance with principles pertaining to privacy, fairness, necessity, pertinence, lawfulness, and transparency imposed upon in the GDPR for the amount of time necessary to exercise the scope for which data is collected and in any case, not longer than 10 years from initial collection for the Service or, in the case of a Service/product purchase, the amount of time necessary for completing the purchase.
Data subject rights
Right of access by the data subject are outlined in article 15 of the GDPR and at any time, the data subject may:
receive confirmation whether personal data is being processed and access information regarding the purposes of processing or disclosure recipients, and access that information;
update, modify, and/or correct personal data;
request erasure, pseudonymisation, blockage for unlawful violation or restriction;
oppose processing for legitimate reasons, including profiling;
oppose personal data processing for the scope of sales or advertising or market research or any commercial communications;
revoke consent, where given, without prejudice for lawful processing based on prior consent;
receive a copy of personal data and request they be transferred to another environment.
In the event there is a violation of data subject rights, in accordance with art. 77 of the GDPR the data subject may contact the supervisory controller or file for judicial remedy pursuant to article 78.
