This information is provided pursuant to Article 13 of EU Regulation 679/2016 by Claudio Fiumicelli, VAT No.: IT06438770965, in his capacity as Data Controller to those who access our website www.studioventotto.com (hereinafter only the “Site”) and fill out the “contact” form in order to illustrate the essential elements of the processing carried out.
Personal data processed
We process data provided voluntarily. Through the Site, you have the opportunity to voluntarily provide personal data, for example, your name and e-mail address to contact us through the “contact” form. We will use this data in accordance with applicable law, assuming it relates to You. If the data relates to a third party, you will be the autonomous data controller for the latter, assuming all legal obligations and responsibilities. In this sense, you grant us the widest possible indemnity with respect to any dispute, claim, request for compensation for damage caused by processing, etc. that may be received by our company from third parties whose personal data have been processed through your use of the Site in violation of the applicable legislation currently in force.
Purpose of processing and legal basis
Specifically, your personal data are processed for the following purposes and legal bases:
- Activities related to contact management (Examples of activities are: filling in the contact form on the website or, more generally, sending an e-mail that involves the processing of personal data such as, for example, name, surname, subject matter; the legal basis for this purpose is identified in the contract and pre-contractual measures (Art. 6.1, letter b, GDPR);
- activities related to the execution of the contract to which you belong, including the pre-contractual phase (examples of activities are: the provision of a service, the response to a request, the request for contact via the “contact” form (etc.); the legal basis for the aforementioned purpose is identified in the contract and pre-contractual measures (art. 6.1(b) GDPR), but also (where applicable) in the legitimate interest (Art. 6.1(f) GDPR) insofar as it relates to the need to defend a right and also in the fulfilment of a legal obligation or regulations in force or to fulfil an obligation imposed by the Authorities (Art. 6.1(c) GDPR);
- maintenance of computer systems and devices (persons in charge of maintenance and repairs on the Site may accidentally access your personal data. These events are entirely occasional and unforeseeable and in any case have no identification purpose and are limited in duration to the execution of the maintenance/repair work); the legal basis for the aforementioned purpose is identified as legitimate interest (art. 6.1, letter f, GDPR).
None of our processing is based on consent. The legal bases on which we operate are: contract, legitimate interest and legal obligation.
We do not carry out processing with automated decision-making or profiling.
Data retention periods
Your personal data will be kept for the time strictly necessary to fulfil the purposes described above and to comply with legal obligations.
In particular, for activities related to the management of the contact, your personal data will be deleted when the purpose of contact, response or correspondence has been definitively fulfilled; for activities related to the execution of the contract to which you are a party (including the pre-contractual phase), your personal data will be kept for the entire duration of the contractual relationship and, once the relationship has ended, they will be kept for any need to ascertain/exercise/defend a right or to fulfil an obligation imposed by law or regulations in force or to comply with an obligation imposed by the Authorities (art. 6.1, letter c, GDPR), for the activities of maintenance of computer systems and devices, referring to personal data that we have for the other purposes indicated in this Information Notice, the retention times coincide with those identified from time to time for the aforementioned purposes.
Consent and optional/obligatory nature of data provision
The processing of your Personal Data, for the purposes described above, may be carried out without your consent.
The provision of your personal data, which you undertake to provide us with by contract or by law, is compulsory and constitutes a necessary requirement for the conclusion of the contract and failure to provide such data will make it impossible for us to execute contracts and other related obligations. Any other provision of your personal data (e.g. for sending requests that have not yet been contracted or for navigating the site) is merely optional. The only consequence of failure to provide optional data will be the impossibility of providing or performing the requested services.
Categories of recipients
Your Personal Data may also be communicated to third parties, for technical and operational needs strictly related to the above purposes and in particular to the following categories of subjects:
- persons persons necessary for the provision of the services offered by the Site, including but not limited to the sending of e-mails and the analysis of the operation of the Site, who typically act as data processors for our company;
- persons authorised by us to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
- judicial authorities in the exercise of their functions when required by applicable law.
The Data Controller does not transfer personal data outside the European Economic Area. The Data Controller, however, reserves the right to use cloud services; in this case, the service providers will be selected from among those who provide adequate guarantees in compliance with the applicable legislation in force.
Manner of processing
Your personal data will be processed both electronically and on paper.
The processing will, however, be carried out mainly by means of computerised tools and in any case with observance of the minimum precautionary measures for the security and confidentiality of the data. In particular, technical, IT, organisational, logistical and procedural security measures have been implemented in order to prevent loss, illicit or irrelevant use of data and unauthorised access to them.
Rights of the data subject and complaint to the Data Protection Authority
We inform you that you may exercise the following rights with regard to the processing of your personal data:
- Right to obtain access to your personal data (art. 15 GDPR): you may contact us to find out whether your personal data is being processed and the legal information on the processing;
- Right to rectification (art. 16 GDPR): obtain the correction of your inaccurate personal data or the integration of incomplete ones;
- Right to erasure/oblivion (art. 17 GDPR): to obtain the cancellation of your personal data, in the cases provided for by law;
- Right to restriction of processing (art. 18 GDPR): to obtain the submission of your personal data only to storage, with the exclusion of other activities, in the cases provided for by law;
- Right to portability (art. 20 GDPR): to obtain your personal data in a structured, commonly used and machine-readable format and also to obtain the direct transmission of such data to another data controller, in the cases provided for by law;
- Right to object (art. 21 GDPR): right to stop further processing of personal data for reasons related to your particular situation, subject to the prevalence of our compelling legitimate reasons, in the cases provided for by law;
- Right to withdraw consent (art. 7.3 GDPR): right to withdraw consent at any time for cases in which processing is based on consent.
In order to exercise the aforementioned rights, you may use the Controller’s contacts provided in this Policy.
The exercise of rights is not subject to any formal constraint and is free of charge.
We also inform you of your right to lodge a complaint with the competent Data Protection Authority. We would like to remind you that a complaint, pursuant to Art. 77.1 GDPR, may be lodged by the data subject with the Authority of the place where the data subject usually resides, where he/she works or where the alleged breach occurred.
Holder of the processing
The Holder of the processing is Claudio Fiumicelli.
Contact details of the Holder:
- e-mail: email@example.com
This policy is effective as of May 25, 2018. We reserve the right to modify or simply update its content, in part or in full, including due to changes in applicable law. The updated Policy will be promptly posted on this Site. We therefore invite you to visit this page regularly to check for any updates.