Introduction

This privacy policy takes into account the provisions of the GDPR and the Italian Privacy Code (Legislative Decree no. 196 of 30 June 2003). The document has also been drawn up based on the Guidelines issued by the Italian Data Protection Authority (particularly the Anti-Spam Guidelines issued on 4 July 2013). You can also view this document in a new page, click here.

Data Controller

Carloforte Tonnare PIAM srl
Via Matteotti, 23
09014 Carloforte (CA), Italy
VAT No.: IT01929800926
Data Controller email: [email protected]
Phone: +39 0781 850126

Website to which this privacy policy applies: https://www.carlofortetonnare.com

The Data Controller has not appointed a Data Protection Officer (DPO). Therefore, any request for information can be sent directly to the Data Controller.

Personal Data Processed for the Following Purposes and Using the Following Services

This document describes how the Data Controller processes the personal data you provide on the Website. Below is a summary of the main types of data processing, including the legal basis, whether the provision of data is mandatory, and the consequences of not providing it. Where necessary, we have specified if and when a certain type of data processing is not performed.

vbnet Copia Modifica

Responding to Your Requests

Your data will be processed to respond to your information requests. Providing data is optional, but refusal will prevent the Data Controller from replying. The legal basis for this processing is the legitimate interest of the Data Controller in responding to users’ requests. This interest is considered equivalent to the user’s interest in receiving a reply.

Generic Marketing & Advertising

With your prior consent, the Data Controller may process your personal data to send you advertising materials and/or newsletters regarding its own or third-party products. The legal basis is your consent. Providing data is optional, and refusing consent will result in you not receiving promotional materials, market surveys, or newsletters. Communications will be sent to the email address you provided on the Website.

Website Registration

The data collected during registration will be used to allow you to access the restricted area of the Website and use services provided to registered users. The legal basis is the need to take pre-contractual steps at your request. Providing data is optional, but refusal will make registration impossible.

Purchases on the Website

Your personal data will be processed to allow purchases on the Website. In case of an online purchase, the data is needed to complete the contract and fulfill related legal obligations. The legal basis is the need to perform a contract or comply with legal obligations. Regardless of consent, the Data Controller may use your email for “soft-spam” (as per Art. 130 of the Privacy Code) related to similar products/services. You may opt-out at any time. The legal basis is the legitimate interest of the Data Controller, which is considered equivalent to the user’s interest in receiving such communications. The Data Controller does not use personal data to send reminder emails for purchases.

Data Sharing with Third Parties

The Data Controller does not sell your personal data to third parties.

Profiling

With your consent, your personal data may be processed for profiling purposes, meaning analysis of your purchase behavior in order to send you advertising or newsletters specifically tailored to your interests. The legal basis is your consent. Providing data is optional, and refusal will prevent the creation of a user profile and the sending of personalized marketing communications.

Geolocation

The Website does not implement geolocation tools based on IP address.

Disclosure of Personal Data

In the course of its ordinary business, the Data Controller may share your data with certain categories of recipients (see Article 2). “Disclosure” refers to allowing third parties to use data for specific purposes, unlike “transfer”, where the third party becomes an independent data controller. Consent is always required for transfers. Nonetheless, the Data Controller may use your data to comply with legal obligations.

SPECIFIC PRIVACY NOTICE

Art. 1 Processing Methods

• 1.1 Your data will mainly be processed using electronic or automated tools, ensuring security and confidentiality in accordance with the GDPR.
• 1.2 The data collected and processing methods will be relevant and not excessive in relation to the services provided. Data will be managed in secure IT environments.
• 1.3 The Website does not process “special categories of personal data”, such as those revealing racial or ethnic origin, political opinions, religion, trade union membership, health, or sexual orientation.
• 1.4 The Website does not process judicial data.

php-template Copia Modifica

Art. 2 Disclosure of Personal Data

The Data Controller may disclose your personal data to the following categories:

• Public authorities with lawful access based on regulatory or administrative measures.
• Public/private entities (e.g. legal, tax advisors, courts, chambers of commerce) where necessary for compliance with the law.
• IT service providers and consultants responsible for system installation, maintenance, and management.
• Employees and collaborators of the Data Controller involved in operating the Website.
• External companies managing email and CRM platforms used to send communications (your email may be shared with these providers).

This list may change based on operational needs. Please regularly consult this policy to check updated information.

Art. 3 Data Retention

3.1 Personal data will be retained:

• Only as long as necessary to provide services offered via the Website.
• For marketing purposes, until consent is withdrawn. For inactive users, data will be deleted one year after the last email viewed.
• For customer care, data will be deleted once support is completed.
• For sales contract execution, data will be stored for 10 years from order receipt for legal defense purposes.
• As per Civil Code Article 2220, invoices and accounting records are kept for at least 10 years.

3.2 Notwithstanding the above, personal data may be retained as required by specific legal provisions.

Art. 4 Transfer of Personal Data

4.1 The Data Controller is based within the EU. Therefore, processing is legally compliant with the GDPR. If data is transferred outside the EU to countries recognized by the European Commission as having adequate data protection, the transfer is considered safe.

• The UK: Following the European Commission’s adequacy decision dated 28 June 2021, data transfers to the UK are considered safe.

4.2 Data may also be transferred to countries outside the EU that do not have an adequacy decision. Please check this article regularly for updates on such countries.

Art. 5 Data Subject Rights

Pursuant to Art. 13 of the GDPR, you have the right to:

• Withdraw consent at any time previously given for processing your personal data.
• Request deletion or removal of your personal data under specific conditions.
• Access your personal data and receive a copy, including details about processing activities.
• Verify and request correction of inaccurate or outdated data.
• Restrict processing under certain circumstances. In that case, data will only be stored.
• Receive your data or request its transfer to another controller in a structured, machine-readable format.
• Lodge a complaint with the competent data protection authority or take legal action.

These rights can be exercised by contacting the Data Controller as indicated in the Introduction.

Art. 6 Changes to this Privacy Policy

The Data Controller reserves the right to amend this policy at any time, providing appropriate notice to users and ensuring adequate protection of personal data. Please consult this page frequently, referring to the last modification date indicated above. If changes affect processing activities based on consent, new consent will be requested, if necessary.