Legislative Decree 196 of 30 June 2003 and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 state that the data subject must be informed in advance regarding the use of his or her data. To that end, in its capacity as data controller, SOPHIE SPRINGER is required to provide you with information regarding the use of your personal data, with a view to protecting your basic rights and satisfying the principles recognized by the Charter of Fundamental Rights of the European Union. The second paragraph of Art. 40 of Decree Law 201/2011, published in Gazzetta Ufficiale no. 284 of 6 December 2011 and converted into Law 214 of 23 December 2011 (”Conversion, with amendments, of Decree Law 201 of 6 December 2011 containing urgent provisions for the growth, equity and consolidation of public finances”) see ordinary supplement no. 276 to Gazzetta Ufficiale no. 300 of 27 December 2011) cancelled all reference to legal entities, companies and associations from the definitions of ”personal data” and ”data subject” contained in the Privacy Act (Art. 4, paragraph 1, letters b and i of Legislative Decree 196/2003), which is therefore no longer applicable to the processing of the data of legal entities, companies and associations regardless of whether the data controller is a legal entity or a natural person.
SOURCE OF PERSONAL DATA
The personal data in our possession is provided directly by the individual to whom it refers (the ”Data Subject”), including through any remote communication techniques used by SOPHIE SPRINGER. Personal data may also be acquired in the course of business or from third parties. In the latter case, we shall provide Data Subjects with the relevant information upon recording the data that concerns them or, in any case, before any disclosure thereof.
PURPOSES OF PROCESSING
The personal data provided by you or acquired in the course of business will be processed according to the principles of fairness, legality, transparency, and protection of your rights and privacy, for the following purposes:
performance of contracts signed with the Processor and/or satisfaction of specific requests from the Subject prior to the existence of a contract in compliance with Italian law or European Union regulations.
MEANS OF PROCESSING
Personal data is processed manually or electronically using logics strictly related to the purposes stated above and, in any case, in a manner ensuring the security and confidentiality of the data (particularly as regards the use of remote communication techniques).
Personal data is processed manually or electronically using logics strictly related to the purposes stated above, and in any case in a manner ensuring the security and confidentiality of the data (particularly as regards the use of remote communication techniques). Personal data is transferred from Italy to the Isle of Man with effect from the term stated in Art. 6 of European Commission decision 2004/411/EC of 28 April 2004.
TYPES OF DATA PROCESSED
In relation to the purposes described in Section 3, the Data Controller processes personal data other than that defined as ”sensitive” (e.g. likely to reveal racial or ethnic origin, religious convictions, political opinions, state of health, sexual activity, etc.) or ”judicial.” More specifically, processing concerns common data on customers and potential customers such as name, address, personally identifiable information, tax identification number, banking details (IBAN/account number), etc. For these reasons we ask you not to provide any ”sensitive” or ”judicial” personal data. However, should the Data Controller find it necessary for the business to process ”sensitive” data (i.e. data likely to reveal racial or ethnic origin; religious or philosophical convictions or other beliefs in general; political opinions; membership in political parties, unions, associations or organizations of a religious, philosophical, political or union-related nature; state of health or sexual activity), you will receive a supplementary disclaimer and request for your consent, subject to authorization (where necessary) from the Data Protection Authority (Art. 26 of Legislative Decree 196/2003), according to the means and for the purposes stated above.
The data Controller may disclose your personal data to third parties and the collected data may be transferred to third parties for commercial purposes.
The data can be transferred to the following categories:
providers of banking, financial and insurance services;
parties who acquire and process data as necessary for the fulfillment of customer orders;
parties who transmit, package, transport and sort communications with the Data Subject;
parties who file documents and perform data entry;
parties who provide customer service (e.g. call center/help desk personnel);
parties involved in transport and shipping;
advisors and consultants (legal, fiscal, etc.);
parties involved in manufacturing and control, even outside the EU;
Persons in the above categories operate in full autonomy as separate data controllers, a list of whom is constantly updated by SOPHIE SPRINGER and kept available for consultation.
Your personal data may also be known by the Data Controller’s employees who have been appointed as Data Processors or processing personnel.
COMPULSORY PROVISION OF DATA
The provision of data is compulsory. A refusal to provide us with all or some of your personal data or to consent to its use in full or in part could prevent us from performing the contract and thus from fulfilling your order.
RIGHTS OF THE DATA SUBJECT
As required by law, specific rights may be exercised by the Data Subject. As such, you may:
learn whether we are in possession of your data, whether recorded or not, and have the data communicated to you in intelligible form;
learn the source of your personal data, how it is processed and for what purposes, and what logic is applied in the case of processing by electronic means;
learn the identifying details of the Data Controller and Data Processor, and of the other persons or categories of person to whom your data may be disclosed or who may come into possession thereof; have your data deleted, anonymized, or blocked where unlawfully treated, as well as updated, corrected, or supplemented.
On legitimate grounds, you may refuse to consent to the processing of your personal data even if relevant to the stated purposes. You may also deny use of your data for the purpose of sending advertising materials or direct selling or for the performance of market surveys.