1. Introduction – Who are we?
2. How to contact us?
The Controller takes the utmost account of its Users’ right to privacy and protection of personal data. Users may contact the Controller at any time, using the following methods:
· Sending a registered letter with return receipt to the registered offices of the Controller (Marcon (VE) – 30020, Via Pialoi n. 32).
· Sending an electronic mail message to the address [email protected]
The Controller has not identified a Data Protection Officer (RPD or DPO), as it is not subject to the obligation of designation provided for by Article 37 of the Regulation.
3. What we do? – Processing purposes
Lodes S.r.l. is a company that, balancing technical know–how and the best Made in Italy design, has been designing and producing lighting solutions for interiors and exteriors.
By browsing the Website, the User can always be updated on the activities and products developed by the Controller (hereinafter, the “Service”). In relation to the activities that might be carried out through the Website, the Controller collects personal data regarding the Users.
This Website and any services offered through the Website are reserved for individuals who are 18 years and over. Therefore, the Controller does not collect personal data relating to individuals under 18 years of age. Upon request of the Users, the Controller will promptly delete all personal data that has been involuntarily collected and related to subjects under the age of 18.
The personal data of the Users will be processed lawfully by the Controller pursuant to Article 6 of the Regulation for the following processing purposes:
b) Administrative and accounting purposes, or to perform organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
c) Legal obligations, or to fulfil obligations provided by the law, an authority, a regulation or European legislation.
The provision of personal data for the purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to access the Website.
4. Legal basis
Surfing the Website (as described in paragraph 3, letter a)): the legal basis of processing is art. 6, letter f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party). Processing is necessary in order to guarantee the legitimate interest of the Controller to make the Website available to the public, so the Users can access and browse it.
Administrative and accounting purposes (as described in paragraph 3, letter b)): the legal basis of processing is art. 6, letter b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
Legal obligations (as described in paragraph 3, letter c)): the legal basis of processing is art. 6, letter c) (processing is necessary for compliance with a legal obligation to which the controller is subject).
5. Processing methods and data retention times
The Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
The personal data of Website Users will be retained for the time strictly necessary to carry out the main purposes explained in paragraph 3 above or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Controller.
6. Transmission and dissemination of data
The employees and/or collaborators of the Controller who are in charge of carrying out Website maintenance may become aware of the personal data of the Users. These subjects, who have been instructed by the Controller accordingly to art. 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Controller as “Data Processors” pursuant to art. 28 of the Regulation, such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller, making a request to the Controller in the manner indicated in paragraph 7 below.
7. Rights of the data subjects
Users may exercise their rights granted by the Applicable Law by contacting the Controller as follows:
·Sending a registered letter with return receipt to the registered offices of the Controller in Marcon (VE) – 30020, Via Pialoi n. 32;
·Sending an electronic mail message to the address [email protected]
Pursuant to Applicable Regulations, the Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.
Furthermore, Users have the right to obtain:
- a) Access, updating, rectification, or, when interested, integration of data;
- b) The cancellation, transformation into anonymous form or the blockage of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
- c) Certification to the effect that notification has been supplied of operations as per letters a) and b), as regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.
Moreover, the Users have:
- a) The right to revoke consent at any time, if the processing is based on their consent;
- b) The right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit processing of personal data and right of deletion (“the right to be forgotten”);
- c) The right to oppose to:
- i) In whole or part, for legitimate reasons, the processing of personal data relating to you for legitimate reasons even pertinent to the purpose of collection;
- ii) In whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;
iii) If personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling in so far as it is related to such direct marketing.
- d) If it is deemed that the processing concerning their personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia, n. 11, 00186 – Rome (RM) (http://www.garanteprivacy.it/).