according to art. 13 General Data Protection Rules of UE 2016/679 (GDPR)
Sacto S.r.l. (Tax Code / VAT number 02499790968) with registered office in 20900 - Monza (MB), Via Valcava n. 15, as Data Controller pursuant to and for the purposes of EU Regulation 2016/679 (hereinafter also "GDPR" or "legislation"), recognizes the importance of the fundamental right to the protection of individuals with regard to processing of personal data. Therefore, by virtue of the aforementioned legislation, the processing of the personal data of the interested parties will be carried out and protected according to the principles of lawfulness, correctness, transparency, purpose limitation, data minimization, accuracy, limitation of conservation, integrity, confidentiality, accountability and, in any case, in compliance with the provisions of the GDPR.
The Data Controller, i.e. the person who determines the purposes and means of the processing of personal data, is Sacto S.r.l. (Tax Code / VAT number 02499790968), in the person of the pro tempore legal representative, with registered office in 20900 - Monza (MB), Via Valcava n. 15.
The Data Controller can be contacted at the following e-mail address: firstname.lastname@example.org
PURPOSE AND LEGAL BASIS
The personal data acquired through the site (personal data; contact data; billing data) will be processed, in accordance with the GDPR, for the following purposes:
purchase the products through the website (including payment and delivery);
send commercial and promotional communications (by ordinary mail, e-mail or other electronic means) on products, services, offers, promotions and news related to Sacto S.r.l.
The data acquired through the site are processed to allow the purchase of the products on the site as well as for the fulfillment of legal obligations to which the data controller is subject (Article 6.1.b GDPR and Article 6.1.c. GDPR).
The acquired data, with prior consent, may be used for sending commercial and promotional communications, including through the use of automated systems by sending e-mails or other similar electronic communication technologies (Article 6.1.a GDPR). It is possible to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
RECIPIENTS OF THE PERSONAL DATA
The data will be accessed only by authorized subjects duly instructed pursuant to art. 29 GDPR and 2-quaterdecies of the Code for the protection of personal data (by way of example, personnel and collaborators). The data will be further accessed by third parties appropriately designated "Data Processors" pursuant to art. 28 GDPR and equipped with suitable legal guarantees.
It is understood that the personal data of the interested parties may be freely disclosed to third parties, such as law enforcement agencies, whenever this is permitted by law or required by an order or provision of a competent authority.
The personal data of the interested parties will be kept for the duration necessary to achieve the purposes referred to in point 2), as well as for the time in which the Data Controller is subject to conservation obligations for administrative, fiscal and / or accounting purposes in compliance with civil and fiscal obligations or for other purposes imposed by law and by mandatory regulations, both national and European.
It should be noted that specific security measures are observed to prevent the loss of personal data, illicit or incorrect use of the same and unauthorized access, in accordance with the provisions of the GDPR.
Furthermore, in order to ensure that personal data are always accurate, updated, complete and relevant, we invite you to report any changes to the e-mail address email@example.com .
RIGHTS OF THE DATA SUBJECT
Interested parties may exercise at any time, if the legal requirements are met, by contacting the Data Controller at the e-mail address firstname.lastname@example.org , the following rights recognized by the GDPR:
request and obtain the confirm that a process on owns personal data are not current;
if processing is in progress, request and obtain access to personal data;
request and obtain, without any delay, amendment of incorrect personal data as well as the integration of any incomplete data;
obtain the erasure, without any delay, according to and in occasion of the condition provided by the art. 17 paragraph 1 of GDPR, notwithstanding the provision of art. 17, paragraph 3 of GDPR;
obtain, under request, the limitation of collection and processing of personal data, according to the condition provided by the art. 18, paragraph 1, GDPR;
makes relevant and reasoned objection, at any time, to the processing of owns personal data when particular situations are met. Specifically, in case of objection, personal data will no longer under processing, notwithstanding the existence of legitimate motivation or obligation prevailing on recipient’s interests, rights and freedom, or in case of judicial exercise of controller’s right;
obtain the portability of personal data concerning them, i.e. the right to receive them from the Data Controller in a structured format, commonly used and readable by an automatic device and request their transmission to another Data Controller, without impediments;
in the event that consent is required for the processing of personal data, revoke the consent already given, limited to the cases in which the processing is based on the consent of the interested parties for one or more specific purposes or in the case of the processing of particular categories of data (e.g. data revealing racial origin, political opinions, religious beliefs, health or sex life, etc.). The treatment based on consent and carried out prior to the revocation of the same does not affect and, therefore, retains its lawfulness.
In any case, we ask you not to send or communicate c.d. “particular data” through the site or by any other means. By "particular data" we mean, pursuant to the GDPR, any data suitable for revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person.
Furthermore, interested parties can lodge a complaint with the Supervisory Authority (Authority for the protection of personal data), in the event that they believe that their rights under the GDPR have been violated, according to the methods indicated on the website of the Guarantor itself, accessible at www.garanteprivacy.it
CONSEQUENCES OF FAILURE TO PROVIDE PERSONAL DATA
The contribution of personal data is mandatory for the purpose indicated in paragraph 2, lett. a). Noncompliance with the contribution will cause the impossibility to provide the service indicated as well as the impossibility to conclude relating contract.
The provision of personal data is optional for the purposes referred to in point 2), lett. b) and failure to communicate such data makes it impossible to send commercial communications.