top of page

Luigi Montanaro

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL 

 

Last updated: July 2022

 

This information is formulated pursuant to Art. 13 of EU Regulation 2016/679 (hereinafter also "GDPR", as amended and updated) and contains information relating to the processing of your personal data . 

 

HOLDER OF THE TREATMENT

The Data Controller is: Atelier Monti Di Montanaro Luigi, via Monte Bianco 27, Rovello Porro (CO), postcode 22070 - e-mail: ateliermontilombardia@gmail.com, hereinafter also the "Data Controller" or "Owner".  

 

The Data Controller does not fall within the hypotheses provided for by Art. 37 c. 1, for this reason no Data Protection Officer (DPO) has been designated.

 

CATEGORIES OF PERSONAL DATA PROCESSED 

Atelier Monti Di Montanaro Luigi can process the following categories of data belonging to users:  

​

Personal data: any identified or identifiable information, even indirectly, relating to an individual, including a personal identification number, general identification data or personal data that allow direct identification (for example, name, VAT number, address, address and -mail, telephone number, etc.) - see art. 4, par. 1, no. 1 GDPR.

Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category includes the IP addresses or domain names of the computers used  that connect to the site, the URI / URL (Uniform Resource Identifier / Uniform Resource Locator) addresses of the requested resources, the time of request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user. These data are used by the owner for the sole purpose of obtaining anonymous statistical information on the use of the site (most visited pages, number of daily visitors, geographical areas of origin, etc.) and to check its correct functioning, and are deleted immediately after the 'processing.

System logs: for operation and maintenance needs, this platform and any third party service can collect system logs; the latter correspond to files that record interactions between IT systems - including navigation data - and which may also contain personal data, such as the IP address.

Navigation data aimed at profiling: these are data provided indirectly by the user through the use of the services, or obtained and analyzed following the user's consent, provided with the use of the website or services;

 

"processing" means any operation or series of operations performed on personal data or on sets of personal data, including by automated means, such as the collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise make available, alignment or combination, restriction, cancellation or destruction;

"data subject" means an identified or identifiable natural person (hereinafter also "you").

 

PURPOSE OF PROCESSING 

The data and cookies received by the user will be processed by the Data Controller exclusively with the methods and procedures necessary to provide the services requested or signed (contractual purposes), to fulfill a legal obligation or satisfy a legitimate interest of the owner and to the additional purposes for which consent was given. For example, the personal data of the interested party will be used by the owner to allow registration on the site and to take advantage of all the services offered through the platform . 

(Direct marketing purposes) The processing of personal data for direct marketing purposes is considered to be carried out for legitimate interest. The data can only be used via e-mail to send newsletters, promotional material or to inform the interested party of activities and services, to carry out statistical analyzes on an anonymous basis, market surveys on an anonymous basis and to send commercial information on products. and on the promotional initiatives of Atelier Monti Di Montanaro Luigi, similar to those chosen previously. We inform you that you can refuse or oppose this purpose at any time in the following ways.

We inform you that some activities could be carried out through suppliers, specifically designated as Data Processors, also residing outside the European Union.

 

METHOD OF TREATMENT

The processing of your personal data is carried out pursuant to art. 4, co. 2 and in compliance with art. 32 of the GDPR 2016/679 through automatic or manual methods.

 

LEGAL BASES FOR THE PROCESSING

The personal data indicated below are processed by the Data Controller, pursuant to art. 6 letters a), b), c) and f) GDPR 2016/679, when:  

  • the interested party has given consent to the processing of their personal data for one or more specific purposes;  

  • the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the latter;

  • the processing is necessary to fulfill a legal obligation to which the data controller is subject;

  • the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties.

During the registration process on this site, the communication of some data by the user will be mandatory, compatibly with what is established in this privacy policy. Mandatory data are marked with a *; failure to communicate them makes registration impossible.

 

RECIPIENTS OF THE DATA

Pursuant to art. 28 and 29 of EU Reg. 2016/679, your personal data will not be disclosed, but may be disclosed, where necessary for the provision of a service, to employees and collaborators of the Data Controller, as authorized persons and / or administrators system, in Italy and abroad - without this involving the transfer of data to non-EU countries -, or to subjects possibly appointed as Data Processors by the Data Controller for technical or organizational requirements. In particular, the data may be disclosed to third-party companies or to other subjects who provide assistance and advice as external data processors.

The updated list of Data Processors can always be requested from the Data Controller.

Furthermore, the personal data of the interested parties may be communicated to the competent authorities for the execution of laws and / or regulations of public bodies, upon request, or when the communication is mandatory by law.

 

DATA RETENTION PERIOD 

The Data Controller as defined above, in compliance with the principles of legality, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, keeps the data for the entire duration in which the consent expressed by the interested party persists, for the entire duration of the contract or for as long as it is required by law (eg for tax and / or accounting obligations).

 

TRANSFER OF PERSONAL DATA 

Personal data will be processed by the Data Controller within the territory of the European Union.

If it is necessary to communicate the data of the interested party outside the European Union, for the purposes indicated in this Privacy Policy, or if it is necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the area of the European Union, the processing will be regulated in accordance with the provisions of Chapter V of the Regulation (GDPR) and authorized on the basis of specific decisions of the European Union. Data processing will therefore be guaranteed by: a) the adequacy decision of this third country, as published by the European Commission; b) adequate guarantee provided by the third party recipient pursuant to art. 46 of the Regulation, in particular, through the application of binding corporate rules, the so-called Corporate Binding Rules (BCR) or standard data protection clauses approved by the Commission . 

 

RIGHTS OF THE INTERESTED PARTIES

Pursuant to the GDPR, the interested party may exercise certain rights towards the Data Controller, such as that of obtaining cancellation (right to be forgotten), limitation, updating, rectification, portability, opposition to the Treatment. of your personal data. More specifically, the interested party may exercise the following rights provided for in articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR:

  • ask the data controller to have access to their personal data (article 15), or to confirm the existence or otherwise of processing of personal data concerning them and, in this case, to have access to them;

  • request from the data controller, a correction (article 16) and / or the integration of their inaccurate personal data;

  • ask the data controller for immediate cancellation (Article 17) of the data concerning him;

  • ask the data controller to limit the processing of their personal data (Article 18), i.e. to obtain certification that the processing of your data is limited to what is necessary for storage;

  • to have data portability (article 20) that is to obtain, in a structured, common and legible form, the transfer to third parties or to himself of your personal data on a commonly used support;

  • to oppose the processing (article 21) or, at any time, to oppose the processing of their data for any reason connected to a particular situation;

  • with regard to automated decision-making processes (Article 22), the right not to be subjected to a decision based solely on automated data processing, without explicit consent.

  • obtain, in the cases provided for by the Regulation (Article 17), the cancellation of their personal data;  

  • right to lodge a complaint with the Guarantor Authority ( https://www.garanteprivacy.it ), pursuant to art. 77 of the GDPR, in the event that the interested party considers that certain treatments relating to their personal data are carried out in violation of current legislation.

Furthermore, at any time, the interested party may revoke the consent on which the processing is based. The withdrawal of consent does not affect the lawfulness of the processing that took place on the basis of the consent given prior to the withdrawal . 

 

REQUEST FOR FURTHER INFORMATION ON THE EXERCISE OF THE DATA SUBJECT'S RIGHTS

Any request for information or clarification in relation to the exercise of one's rights can be addressed to the Data Processor, by sending:

- a registered letter to: Atelier Monti Di Montanaro Luigi, via Monte Bianco 27, Rovello Porro (CO), postcode 22070

- an e-mail to: ateliermontilombardia@gmail.com

 

REQUEST FOR MODIFICATION OF INFORMATION 

The Owner reserves the right to modify, update, add or remove parts of this Privacy Policy at its discretion and at any time. The user is required to check it periodically. In order to facilitate the changes, the date of such changes will be indicated.

The use of the website by the user, after the publication of the changes, will constitute acceptance of the same.

bottom of page