Privacy Policy
Privacy Notice by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). Effective from 03/04/2022
PREAMBLE
This notice takes into account the provisions of the GDPR and the Privacy Code (Legislative Decree 30 June 2003, no. 196). The document has also been drafted based on the Guidelines of the Privacy Guarantor (especially the Guidelines on combating spam issued by the Privacy Guarantor on 4 July 2013).
Data Controller:
Sabina D'Anna
VAT Number: 07015090488 Data Controller's Email Address: info@sabidanna.com
Website to which this privacy policy refers: http://www.sabidanna.com/ (Website).
The Data Controller has not appointed a DPO. Therefore, you can send any requests for information directly to the Data Controller.
GENERAL INFORMATION
This document describes how the Data Controller processes your personal data provided on the Website.
Below are the main treatments of your personal data. In particular, the legal basis for the processing is explained, whether the provision is mandatory, and the consequences of not providing personal data. To best describe your rights, if necessary, we have specified if and when certain processing of personal data is not carried out.
Registration on the Website
The Website does not offer registration. Therefore, the Data Controller does not process your personal data for this purpose.
Purchases on the Website
Purchases cannot be made on the Website. Therefore, your personal data will not be processed for this purpose. The Data Controller does not process user data to send purchase "reminder" emails for the Data Controller's own products and/or services.
Responding to Your Requests
Your data will be processed to respond to your information requests. The provision is optional, but your refusal will result in the Data Controller's inability to respond to your inquiries. The legal basis for the processing is the Data Controller's legitimate interest in responding to user requests. This legitimate interest is equivalent to the user's interest in receiving a response to communications sent to the Data Controller.
Generic Marketing
Subject to your consent, the Data Controller may process the personal data you provide to send you advertising material and/or newsletters related to its own or third-party products. The legal basis for this processing is your consent. The provision of personal data for this purpose is purely optional. Failure to consent to data processing for marketing purposes will result in your inability to receive advertising material related to products/services of the Data Controller and/or third parties, as well as the Data Controller's inability to conduct market research, including evaluating user satisfaction and sending you newsletters. These communications will be sent to the email and/or telephone number provided by you on the Website.
Profiling
Subject to your consent, the Data Controller may process your personal data for profiling purposes, i.e., for the analysis of your consumption choices through the disclosure of the type and frequency of purchases made by you, to send you advertising material and/or newsletters related to its own or third-party products of your specific interest. The legal basis for this processing is your consent. The provision of data for this purpose is purely optional. Failure to consent to the processing of your personal data for profiling purposes will result in the Data Controller's inability to develop your commercial profile by detecting your choices and purchasing habits, as well as to send you advertising material related to products of the Data Controller and/or third parties of your specific interest. These communications will be sent to the email and/or your phone number.
Data Transfer
The Data Controller does not transfer your personal data to third parties.
Geolocation
The Website does not implement IP address geolocation tools.
Communication of Personal Data
In the course of its ordinary activities, the Data Controller may communicate your personal data to certain categories of subjects. In Article 2, you can find the list of subjects to whom the Data Controller communicates your personal data. To facilitate the protection of your rights, Article 2 may specify in some cases when your data is not communicated to third parties.
The "communication" to third parties of personal data is different from "transfer" (governed by the preceding paragraph). In fact, in communication, the third party to whom the data is transmitted can only use it for specific purposes described in the relationship with the Data Controller. In transfer, on the other hand, the third party becomes an autonomous Data Controller of the personal data. Furthermore, your consent is always required to transfer your personal data to third parties.
Notwithstanding the above, it is understood that the Data Controller may still use your personal data to fulfil the obligations provided for by the applicable laws.
SPECIFIC PRIVACY INFORMATION
Art. 1 Processing Methods
1.1 The processing of your personal data will mainly be carried out using electronic or automated means, in accordance with the methods and with the suitable tools to ensure its security and confidentiality in compliance with the GDPR. If the automatic chatbot service is operational, your personal data will also be processed to enable the activation of this service, through which the user can contact and be contacted by the Data Controller, subject to consent. The legal basis is the Data Controller's legitimate interest in responding to user requests via the chatbot service. This legitimate interest can be considered equivalent to the user's interest in using the automatic chatbot service.
1.2 The acquired information and processing methods will be relevant and not excessive with respect to the type of services provided. Your data will also be managed and protected in secure computer environments appropriate to the circumstances.
1.3 "Special data" is not processed through the Website. Special data are those that may reveal racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political, or trade union nature, as well as data concerning health or sex life.
1.4 Judicial data is not processed through the Website.
Art. 2 Communication of Personal Data
The Data Controller may communicate your personal data to certain categories of subjects. Below are the subjects to whom the Data Controller reserves the right to communicate your data:
The Data Controller may communicate your personal data to all those subjects (including Public Authorities) who have access to personal data by regulatory or administrative provisions. Your personal data may also be communicated to all those public and/or private subjects, natural and/or legal persons (legal, administrative, and tax consulting firms, Judicial Offices, Chambers of Commerce, Labor Offices, etc.), where communication is necessary or functional for the correct fulfilment of legal obligations. The Data Controller employs employees and/or collaborators in any capacity. For the proper functioning of the Website, the Data Controller may communicate your personal data to these employees and/or collaborators. The Data Controller does not use companies, consultants, or professionals appointed for the installation, maintenance, updating, and, in general, management of the hardware and software of the Data Controller. Therefore, your data will not be communicated to these categories of subjects. For the sending of its communications, the Data Controller uses external companies entrusted with sending this type of communications (CRM platforms). Therefore, your personal data (especially email) may be communicated to these companies. The Data Controller does not use external companies to provide customer care services.
The Controller reserves the right to modify the above list based on its ordinary operations. Therefore, you are invited to regularly access this notice to check which subjects the Data Controller communicates your personal data to.
Art. 3 Retention of Personal Data
3.1 This article describes how long the Data Controller reserves the right to retain your personal data.
Your personal data will be retained for the sole time necessary to ensure the correct provision of services offered through the Website. For marketing purposes, personal data will be retained until consent is revoked. For inactive users, personal data will be deleted one year after the last email sent, if any, has been viewed.
3.2 Notwithstanding the provisions of Article 3.1, the Data Controller may retain your personal data for the time required by specific regulations, as amended from time to time.
Art. 4 Transfer of Personal Data
4.1 The Data Controller is based within the European Union. Therefore, the processing of your data is safe from a regulatory perspective as governed by the GDPR. If the transfer of your personal data takes place to a non-EU country for which the European Commission has expressed an adequacy judgment, the transfer is considered safe from a regulatory perspective in any case. This article 4.1 indicates from time to time the countries where your personal data may be transferred and where the European Commission has expressed an adequacy judgment.
You are therefore invited to regularly access this article to verify whether the transfer of your personal data takes place in a country with these characteristics.
4.2 Notwithstanding the provisions of Article 4.1, your data may also be transferred to non-EU countries for which the European Commission has not expressed an adequacy judgment. You are therefore invited to regularly review this Article 4.2 to ascertain in which of these countries your data is possibly transferred. To allow the correct functioning of the Website, your personal data may be transferred to the USA. In these cases, the Data Controller will adopt every suitable contractual measure to ensure an adequate level of data protection, including, among others, the Standard Contractual Clauses approved by the European Commission on 4 June 2021.
4.3 In this article, the Data Controller indicates the countries to which it specifically directs its activity. This circumstance may involve the application of the legislation of the country of reference, together with that of the GDPR.
Upon request by the user, the Data Controller will apply to the processing of personal data the most favorable regulation provided for by the user's national legislation. The California Consumer Privacy Act (CCPA) is a law of California that was approved in June 2018. The Data Controller processes the personal data of California users in accordance with this law. The user is informed that the personal data processed are those communicated on the Website to allow the execution of the contract. The user can exercise the rights provided by the CCPA by contacting the Data Controller at the contact details published at the beginning.
Art. 5 Rights of the Data Subject
Under art. 13 of the Privacy Regulation, the Data Controller informs you that you have the right to:
ask the Data Controller for access to your personal data and rectification or erasure of the same or restriction of processing concerning you or to object to their processing, as well as the right to data portability withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal lodge a complaint with a supervisory authority (e.g., the Guarantor for the protection of personal data).
The above rights can be exercised by requesting without formalities to the contacts indicated in the Preamble.
Art. 6 Changes and Miscellaneous
The Data Controller reserves the right to make changes to this notice at any time, giving suitable publicity to users of the Website and ensuring in any case adequate and analogous protection of personal data. To view any changes, you are invited to regularly consult this notice. In the case of substantial changes to this privacy notice, the Data Controller may also communicate them via email.