All personal data given directly by the subject to diotti.com s.r.l. through the different pages of the portal www.arredamentidiotti.it from the moment of registration on, including the use of services supplied by diotti.com s.r.l. will be treated following art 196/2003 law decree in the matter of personal data protection (namely Privacy Code) as well as according to the new EU Law no. 679/2016 ("GDPR") complying to what stated in art.13 from the European Authorities.
diotti.com s.r.l. informs the subject of the following:
Personal data processing means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as the collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We want to point out the following:
The controller of personal data according to art.26 are:
- diotti.com s.r.l. With legal head office in Lentate sul Seveso (MB), via Nazionale dei Giovi 274, Italy and registered at Milan Register of Company with VAT tax number 00685090961.
2. AIMS OF DATA PROCESSING.
Data can be freely given by the subject and/or acquired through diotti.com s.r.l. activity, will be treated lawfully, fairly and transparently on one of the following applies:
A - consent is not required (art. 24 - a, b, c Privacy Code and art. 6 - b, e GDPR): - data will be used exclusively for purposes directly related to the activation and operation of the services provided by diotti.com s.r.l. for example to allow the registration of an Account, Wishlist and also to comply with an obligation imposed by law, regulations and Community legislation as well as exercise his/her own rights in a court of law.
B - the data subject has freely given his/her consent which can be withdrawn at any time (art. 23 and 130 Privacy Code and art. 7 GDPR): - use of personal data such as e-mails and standard mail by the Controller.
The subject shall have the right to withdraw his of her consent to the treatment of these data at any time (art. 2 B) by sending an email to firstname.lastname@example.org.
C - Soft Spam: The email address given by the subject when purchasing a product or a service can be used by the Controllers for future email communications related to the direct selling of products or services similar to the one previously purchased or activated, except when the subject expresses its right to withdraw through the modalities mentioned in point B.
D – Email to a Friend: The subject that wishes to use the service "Email to a Friend", by clicking on the “Tell a Friend” button inside each product card, declares to have obtained the consent from the receiver to pass on his/her e-mail address with the sole purpose of receiving the invite to register on the Website. Data related to the receiver e-email address will not be kept after the transmission of the e-mail..
E – Book an Appointment: The subject that wishes to use the service “Book an Appointment” declares to have given the consent to forward his/her own data to the selected Partner Retailer in order to handle the request. The data such as name, surname, telephone number, e-mail address will not be kept after the transmission of the e-mail.
F – Request for Information: The subject that wishes to use the service “Ask info about this collection” declares to have given the consent to forward his/her own data in order to handle the request. All data such as name, surname, telephone number, e-mail address will not be kept after the transmission of the reply.
The subject can create his/her own account on the website www.arredamentidiotti.it by adding its personal data (including name, surname, telephone number, email, address). The user can update its personal details at any moment and cancel the data through the personal area of his/her account.
4. PROCESSING METHODS.
Data will be treated with confidentiality and lawfulness through the following methods: gathering of data, registered for explicit, legit purposes and used in additional operations compatible with those purposes, data are treated with the use of electronic and automatic instruments (telematic data collection).
5. LEGAL BASIS OF THE TREATMENT.
The legal basis of the treatment is composed of: the user consent, the fulfilment of a contractual obligation and law regulations.
6. LEGITIMATE INTEREST PURSUED BY THE CONTROLLER.
The legitimate interests pursued by the Controller of data treatment respects and honours the contract obligations undersigned by the parties. According to art.6 processing shall be lawful only if the data subject has given the consent to the processing of his or her personal data, documented in written form.
7. NATURE OF THE DATA SUPPLYING.
Data supplying is mandatory in order to activate services and to comply the aforementioned aims (section 2A) as they are strictly functional to the execution of those services. The refuse to supply data will bring to the impossibility for diotti.com s.r.l. to complete the user's registration process and thus provide the offered services. Data transmission is optional for the aims mentioned in section 2B.
8. SUBJECTS TO WHOM DATA CAN BE TRANSMITTED.
The subject's personal data can be transmitted to determined subjects, appointed by the Service supplier or necessary for the executions of the obligation directly connected with the registration on the website www.arredamentidiotti.it and the online purchase, in the limits and in conformity with the given instructions. More in specific data can be transmitted to:
1. people, companies or professional studios which provide assistance, advice or collaborate with the owner on accounting, administrative, legal, tax and financial matters;
2. subjects appointed by diotti.com s.r.l. to perform activities related to the provision of the services or part of them connected with the use of the portal.
3. Public Administrations for the conduct of their institutional functions, according to what is established by law or by regulations. The Controller entrusted some supervisory authorities for the treatment of the subjects' personal data according to their function. The updated list of all the Supervisors of the treatment is available at diotti.com s.r.l. headquarters and it can be asked at the following email address: email@example.com This list might be updated through time, if needed.
9. METHOD OF TREATMENT.
Data are collected through telematic instruments and treated with the operations of registration, consultation, communication, conservation, cancellation mainly made through electronic instruments by ensuring the correct measures for the treatment of data while guaranteeing their privacy.
The subjects' data, memorized on an electronic device, are kept on a server set in Italy. In particular, the Controller declares that all data registered on the server are protected against the risk of intrusion and non-authorized access, at the same time they have adopted adequate safety measures to guarantee the availability of the data and at the same time the protection and accessibility of the areas and places where they are held.
Personal data are treated by partners and / or employees of the Controller as person in charge of the aforementioned treatment, following their function and the instructions given by the Controller.
10. RIGHTS OF THE INTERESTED PARTY.
The subject (or interested party) has the following rights, according to art. 7 of Privacy Code and art. 15 GDPR:
- to obtain confirmation of the existence or not of his/ her personal data, even if not registered, and their communication in an intelligible form;
- to obtain information about: a) the source of personal data; b) the purposes and methods of the data processing; c) the logic applied to the processing, if the latter is carried out with the help of electronic means; d) the identification of the data controller, data processors and the representative designated as per art. 5(2) of the Privacy Code and art. 3(1), GDPR; e) the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know such data in their capacity as designated representative(s) in a State’s territory, or as data processor(s) or person(s) in charge of the processing;
- obtain: a) updating, rectification or where interested therein, integration of the data; b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- object in whole or in part: a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys through the use of automatic calling services without an operator, through email and/or through traditional marketing means such as telephone and/or standard mail. The subject can object partially, he/she can decide to receive only traditional communications or only automatic ones or again none of the above;
- ask to the controller to access personal data (art 15 GDPR), rectify them (art 16 GDPR) or erase them (art. 17 GDPR), restrict or oppose to the processing (art. 18 GDPR);
- transmit the data to another controller, where feasible, if the process is carried out by automated means;
- revoke the consent at any moment without prejudice according to the lawfulness of the treatment based on the consent before the revocation;
- submit a claim to the Competition Authority for the protection of personal data.
In order to exercise the mentioned rights and to receive information concerning the subjects currently holding your data or to whom the data have been transmitted or again those subjects in charge of the mentioned data, it is possible to address to the Controller by sending a request to the following email: firstname.lastname@example.org.
11. DURATION OF THE TREATMENT AND PERIOD OF DATA STORAGE.
The treatment of personal data related to the aims pointed out in section 2.A will last as long as the execution of the requested services, there will also be an additional time - provided for by law - to comply all civil, fiscal and taxes obligations.
12. TRANSFER OF PERSONAL DATA BY THE CONTROLLER
Personal data are handled and kept on servers set in the European Union. At the moment the servers are in Italy. Data will not be transferred outside the European Union.
13. PRIVACY NOTICE UPDATES.
This Privacy Notice can be updated and revised occasionally. diotti.com s.r.l. will promptly inform the subject of any changes that might occur to the treatment, directly on the pages of its website. When required by law, the subject will be able to give his / her consent to the new treatments. In case the subject opposes, his/her data will not be treated according to the changes contemplated in the privacy notice.