AD Milano S.r.l., as Data Controller, intend to provide you the following specific information about the management of the website ANNDEMEULEMEESTER.COM with reference to the process of personal data of users who consult it. It is also an information notice, according to article 13 of European Regulation 2016/679 (“GDPR” or “Regulation”)
- Directive 2002/58/EC on “personal data processing and protection of private life in the field of electronic communications”.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Legislative Decree 30 June 2003 n. 196 “Code regarding the protection of personal data", as amended by Legislative Decree 10 August 2018 n. 101.
The Data Controller is AD Milano S.r.l., via Savona n. 97, 20144 Milano, email address: firstname.lastname@example.org
Data Processing Place
The processing related to the services of this website are realized at the seat of AD Milano S.r.l., as well as at the seat of third parties, appointed as Data Processor, who offer outsourced services.
Categories of Data Processed
The information systems and the software procedures needed for the running of this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
These information are not collected to be associated with identified data subjects, but due to its nature, it could allow to identify the users, through processing and association with data held by third parties.
To this category of data belong the IP addresses or the domain names of the PC used by the users who connect to the web site, the URI (Uniform Resource Identifier) notation addresses of the required resources, the time of the request, the method used while sending the request to the server, the size of the file obtained in the response, the numeric code specifying the status of the response given by the server (successful, error, etc.) and other parameters concerning the operation system and the user’s information environment.
Such data are used only in order to obtain anonymous statistical information on the use of the website and to control the correct operation and are delated immediately after the processing.
The data could be used to ascertain the liability in case of possible cybercrimes damaging the web site.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of personal data by the user by filling the registration forms on the website or by calling the telephone numbers published on the website, entails the subsequent acquisition of the data provided by the user, necessary to provide the service or the information requested. Specific information on the processing of personal data will be published on the pages of the website set up for particular services requested.
Anonymous or aggregated data
Anonymization is a process aimed at preventing the identification of the data subjects. The data made anonymous don’t belong to the application field of the data protection regulation. The aggregated data may derive from personal data supplied by the user but is not considered personal data since, as specified, it doesn’t allow to directly or indirectly identify the data subject.
Purpose And Legal Base Of The Process
Personal data will be processed for the following purposes:
- Purposes aimed at allowing navigation and consultation within the website.
The legal base of the process is the consent that is explicitly given by consulting the site (art. 6, paragraph 1, let. a), GDPR).
- Purposes related to the provision of the requested services (replies to requests for information and registration to the newsletter).
The legal base of the process is the consent that is explicitly given by filing the form (art. 6, paragraph 1, let. a), GDPR).
- Purposes related to the purchase of the products.
The legal base of the process is the performance of the contract (art. 6, first paragraph, let. b), GDPR).
- Purposes related to marketing communications.
The legal basis of the process is the consent (art. 6, first paragraph, let. a), GDPR).
- Purposes related to direct marketing (commercial communications to customers who have purchased a product, through the use of the email address provided in the context of the sale, in relation to products similar to those being sold).
The legal basis of the processing is the legitimate interest pursued by the controller (art. 6, first paragraph, let. f), GDPR and Article 130, fourth paragraph, D. Lgs. 196/2003).
- Defensive purposes in case of abuse in the use of the site or attempted fraud.
The legal basis of the processing is the legitimate interest (art. 6, first paragraph, let. f), GDPR).
Links To Other Websites
This website could contain links or references for the access to other websites. We inform you that the data controller does not control the cookies or other monitoring technologies of such websites to which this policy does not apply. We therefore recommend that you consult the individual privacy policies relating to these websites.
Discretionary Nature Of The Data Providing
Apart from what has been specified concerning the surfing data, users are free to provide their personal data or not by filling the form on the site. However, the non-providing can enable obtaining what was requested.
Optional Supply Of Data
Apart from what has been specified for the browsing data (needed for the running of this web site), users are free to supply their personal data or not. However, the non-supply of such data may entail the impossibility to obtain what has been requested.
Check On Your Personal Data
We inform you that at any time you can choose to limit the collection or use of your personal data. For example, at any time you can object to the processing of your personal data for direct marketing purposes by sending us an email to the email address indicated below. The company will not sell or distribute the personal data collected to third parties unless it has obtained explicit consent from the data subject or unless this is explicitly required by law.
Processing Methods And Storage Time
Personal data are processed, even with the aid of automated devices, for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are taken in order to prevent the loss of data, its unlawful or wrongful use and unauthorised access.
Sharing, Communication And Circulation Of Data
The collected data may be shared, transferred or communicated to other companies, appointed as data processor, for activities strictly connected to the purposes indicated and instrumental to the operativeness of the service, such as the management of the information system. Apart from these cases, personal data won’t be communicated unless there’s a contractual or legal provision, or upon specific consent by the Data Subject. In this sense, personal data may be transmitted to third parties, but only and exclusively if: a) there is explicit consent to share the data with third parties; b) there is a need to share information with third parties in order to provide the service required by the Data Subject; c) it is necessary in order to meet a request by the judicial or public security authorities. No data deriving from the web service is circulated.
Transfer Of Personal Data
Personal data will not be transferred to third countries, namely countries not belonging to the European Union or to the European Economic Area. If this happens, the Data Controller declares and guarantees to comply with the provisions of article 44 and following of the GDPR.
Rights Of Interested Parties
The regulation for the protection of personal data provides some rights for the subject to whom the data refer (data subject). In particular, according to art. 15 and subsequent of the EU Regulation 2016/679, each data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, to obtain rectification, erasure or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. To exercise the aforementioned rights, the user can contact the Data Controller by sending a registered letter with return receipt to the address indicated or an email to email@example.com.
Right To Lodge A Complaint With A Supervisory Authority
Every data subject who believes that the processing of personal data relating to him or her, through the web site, infringes the Regulation, shall have the right to lodge a complaint with a supervisory authority, as provided by the article 77 of GDPR.
The personal data will be stored only for the time necessary to fulfil the specific purposes indicated. Any further storage of data or part of data may be arranged if required by law or to assert or defend its rights in any given location and in particular before the Court.
Changes To This Data Protection Policy
The data controller periodically controls its data protection and security policy and – if needed – reviews it in connection with modifications deriving from regulations or organisations, or as dictated by technological evolution. Should the policy be modified, the new version will be published on this web page.
Questions, Complaints, Suggestions And Exercise Of Rights
Anyone interested in more information, in contributing with their suggestions or making complaints or disputes regarding the privacy policies, on the way in which the Data Controller processes personal data, as well as to assert their rights under the legislation on protection of personal data, you can contact the Data Controller by writing to AD Milano S.r.l., based in Milan, via Savona, 97, e-mail address: firstname.lastname@example.org.