Notice under art. 13 of Italian Privacy Law no. 196 of 30th June 2003 ( „Privacy Act“) and art. 13-14 of the European General Data Protection Regulation 2016/679 (“GDPR”)
Zoli Antonio is aware of the importance of protecting natural persons with regard to the processing of personal data and privacy. We therefore handle all data collected with extreme care and guarantee safety and confidentiality while processing natural persons’ personal data.
This Notice explains how we process the personal data we acquire, either directly or through third parties, and applies only to data sent by anyone visiting our website (www.zoliantonio.com). This notice is not provided for any other website consulted by a user via a link.
The scope of this Notice is to provide as much information as possible on how personal data is collected, held and processed.
2. General information
We wish to inform all our website users (hereinafter “Data Subjects”in compliance with GDPR and Privacy Act) about the following general principles applicable to all aspects of data processing:
- All data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject in order to ensure appropriate security of the data in full compliance with GDPR and Privacy Act;
- Your personal data shall be collected and processed only for the purposes specified in this Notice and/or for specific reasons already shared with you and/or you have already consented to;
- We shall strive at minimizing the data we collect, hold and process;
- When a collection of your personal data is necessary, we shall make sure data is as accurate and as up to date as possible;
- Once the personal data collected is no longer needed and we are not required to keep it for compliance with a legal obligation, we shall do our best to erase it, destroy it or anonymize it;
- Specific safety measures shall be implemented to prevent data from being lost, misused, used unlawfully or accessed by unauthorized subjects;
- Your personal data shall not be shared, sold, made available or disclosed to any third party other than those specified in this Notice;
- Comprehensive information about the different types of personal data collected can be found in the dedicated sections in this Privacy
3. Data collection techniques
We wish to inform you that the protection of your personal data shall be technologically neutral and should not depend on the techniques used. The protection shall apply to the processing of personal data by automatic means (operating and accounting software, etc.), internet as well as to manual processing (registration forms, order forms, etc), provided that the data are organized in accordance with pre-defined criteria strictly dependant on the purpose of personal data processing and in a manner that ensures the integrity and confidentiality of all data collected in compliance with all applicable laws and regulations. When Data Subjects are below the age of 16 years, such processing shall be lawful only if and to the extent consent is given or authorized by the holder of parental responsibility over the child, who shall provide full name and address as well as copies of forms of identification.
3.1 Navigation data
During normal operations, computer systems and software procedures used to operate the website automatically acquire personal data the disclosure of which is implicit when using internet communication protocols. Although such data are not collected to be associated with identified subjects, they may allow identification of the users through processing and associations with data held by third parties. These personal data include IP addresses, domain names used by the users who navigate the site, URI addresses (Uniform Resource Identifier), browser type, operating system, date/time stamps for your visit, data volumes, referring/exit pages (notification of successful access or error code) and other system related data. These data are only used to analyze trends and administer the site. The data may also be used to investigate alleged crimes against the website (Controller’s Rights). Website personal data are processed at the registered office of the Data Controller by employees properly trained to do so. The data shall not be disclosed or made available to any third parties or transferred to non E.U. countries, if not to comply with legal obligations. Your data shall be kept for short periods of time unless they are needed longer to conduct specific investigations. These data are not provided to us, but they are automatically collected by our website.
A cookie is a short text string that is sent to your browser and is then saved on your computer or mobile device whenever you visit a website to provide you with a better experience of the site. Pursuant to European Regulation, the use of all cookies, even so-called “essential” cookies, is subject to your explicit, and unambiguous consent. We have therefore created a “GDPR Cookie” form where consent can be given and revoked pursuant to the new Regulation which improves safety levels of the services offered by the cloud. By using the form, the User is able to see the consents given and, if needed, revoke consent to one or more cookies.
3.3 Personal data supplied voluntarily by the users through consent and processing purposes
When the user freely, explicitly and voluntarily provides personal data through the relevant forms on the website indicated above, and unambiguously gives consent to the Privacy Notice, the user’s name and email address, as well as other personal data provided, will be acquired to meet the user’s requests. The processor in charge of maintaining the website shall have access to the personal data only for maintenance purposes.
The data gathered through the forms on the website shall be processed for the following purposes:
- to provide the Data Subject with the information requested about a product, a service or how to use the website;
- to send newsletter and marketing and promotional communications from the website;
- to allow interested dealers/sellers to download sales documentation from the website;
- to guarantee the correct performance of a contract to which the Data Subject (purchase of products or services) is part of;
- to perform administrative or accounting tasks related to the orders for products and services through the website;
- to carry out market researches, statistical and marketings analysis, investigate product and service preferences
- to perform tasks related to VAT obligations (VAT entry log etc).
4. Who to share personal data with
With the exception of personal data shared to comply with legal and contractual obligations, all personal data collected and processed shall be shared only for the purposes outlined above and with the following third-party processors: providers of accounting, tax, legal and/or marketing consulting services; public administrations to perform their institutional functions in compliance with the law; third-party suppliers whose services are needed to guarantee the correct performance of the contract the Data Subject is a party of.
5. Retention periods
All personal data directly necessary for the performance of the contract to which the Data Subject is a party of and/or for accounting reasons shall be retained as long as it takes to perform the contract, including all applicable legal obligations. The personal data of a Data Subject who is not party to a contract for the supply of products/services, even when he/she had been a party to a previous contract with any of the company representatives, shall be immediately erased or anonymized unless their storage is justified by any other reason, and provided that the Data Subject has expressed free and unambiguous consent to a future promotional activity or market research.
6. Legal basis
When collection and processing of personal data are necessary for compliance with any legal and contractual obligations to which the Controller is subject, any refusal by the Data Subject to provide necessary personal data, totally or partially, may result in the impossibility for the Controller to provide the products/services requested. The Controller handles the personal information that is not necessary based on consent i.e. based on receiving explicit consent of this Privacy Notice in the manners and for the scope described above.
7. Rights of the Data Subject
In compliance with European Regulation 679/2016 (GDPR) and Italian applicable legislation, the Data Subject can exercise the following rights:
- obtain confirmation as to weather or not personal data concerning him or her are being processed (Right of Access);
- obtain available information as to their source;
- obtain copy of the personal data undergoing process in a legible form;
- obtain information about the purpose and the manner of the processing for which the personal data are intended;
- obtain from the Controller updating, rectification, supplementation, cancellation, anonymization or erasure of personal data concerning him or her where the personal data have been unlawfully processed and/or where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- where personal data relating to a Data Subject are collected from the data subject through consent, obtain his or her personal data from the controller by electronic means, in a commonly used electronic form ;
- lodge a complaint with a supervisory
The Data Subject shall be able to exercise his or her rights by sending an email to the Controller’s address.
8. Transfer of personal data to countries outside the EU
Personal data shall be processed and stored through the server located at the registered offices of the Data Controller or at the premises of the duly authorized provider hosting the website, inside the EU. Data shall not be transferred outside the EU. Should it become necessary, the Controller reserves the right to move the server to a country outside of the EU. The Controller proactively guarantees that, if that ever happened, the transfer of personal data would occur in compliance with all applicable laws and that the Controller would enter into agreements, if necessary, to ensure an adequate level of protection.
9. Controller and contacts
The Data Controller is Zoli Antonio srl, in the person of its legal representative who can be reached by phone at 030/8912161 and email at [email protected]. Data subjects can address the Controller to exercise the rights set forth in the GDPR and the Privacy Act (right of access, rectification, cancellation, limitation, portability, and objection) and/or to revoke consent previously granted; should the data subject requests not be met, the data subject shall have the right to lodge a complaint with the supervisory authority.
10. Policy update
This Notice was last updated on 25th June 2017; it can be periodically reviewed to remain in compliance with all applicable laws. Should any major change be made to this Notice, the change shall be duly posted on the website homepage for an adequate period of time. However data subjects should check the privacy notice periodically.