Information on the processing of personal data pursuant to art. 13 of the 2016/679 European Regulation
Below is some information on the processing of personal data of visitors who browse the site www.mistergrape.com (hereinafter the Site) and use the services it offers, provided pursuant to and for the purposes of art. 13 of EU Regulation 2016/679.
1. Data Controller
The data controller is DNG srl, based in Rovigo, Via Don Lorenzo Milani, 13 / d, CF / PIVA 01555820297, mail firstname.lastname@example.org, pec email@example.com, WhatsApp (only text messages) +39 351 606 6652
Interested in the processing are visitors to the Site, to be understood as: consumer pursuant to Legislative Decree no. 206/2005, or professional user (owner of a sole proprietorship, legal representatives of companies).
3. Personal data
To navigate the site and use the services offered by the same, the interested party must communicate the following personal data:
• Name and surname;
• Delivery address;
• Telephone number
• Payment / billing information
4. Purpose of data processing
The processing of personal data is aimed at the execution of pre-contractual and contractual obligations (completion of online product purchase and provision of installation, customer care and technical assistance services), regulatory, tax and accounting obligations.
By way of example, personal data will be processed for:
4.1 management of the pre-contractual phase and establishment / execution of the contractual relationship with customers (online purchase);
4.2 fiscal and accounting management of the contractual relationship;
4.3 promotion of company activities, customer satisfaction and customer loyalty.
4.4 profiling for sending personalized communications;
Personal data may be processed by means of paper and computer archives - and processed in a manner strictly necessary to meet the purposes indicated above.
5. Legal basis of the processing
5.1 The basis of the processing for the purposes referred to in point 4.1 is represented by the execution of the contract between the parties (Article 6, paragraph 1, letter b) EU Reg. 2016/679).
5.2 The basis of the processing for the purpose referred to in point 4.2 is represented by the fulfillment of a legal obligation to which the Data Controller is subject (Article 6, paragraph 1, letter c) EU Reg. 2016/679).
5.3 The basis of the processing for the purposes referred to in point and 4.3 is represented by the legitimate interest of the data controller or third parties (Article 6, paragraph 1, letter f) EU Reg. 2016/679).
5.4 The basis of the processing for the purposes referred to in point 4.4 is represented by the consent of the interested party (Article 6, paragraph 1, letter a) EU Reg. 2016/679).
6. Consequences of failure to communicate personal data
With regard to personal data relating to the execution of the contract of which the interested party is a party or relating to the fulfillment of a regulatory obligation, failure to communicate personal data prevents the contractual relationship from being perfected.
7. Data retention
The personal data processed for the purposes indicated in point 3 will be kept for the duration of the contract and, subsequently, for the time in which the Data Controller is subject to conservation obligations for tax purposes or for other purposes provided for by law. of law or regulation. In particular, the data will be kept for the ten-year term envisaged for the conservation of documents relevant for accounting, tax and anti-money laundering purposes, in compliance with the provisions of the reference standards.
8. Communication of data
The data of the interested party will be communicated and processed by employees authorized for this purpose by the Data Controller (contact persons and persons in charge / authorized for the processing).
Depending on what is necessary for the execution of the contract, personal data may be disclosed to:
- Accounting firm
- Law Firm
- Credit institutions
- Public security authority or insurance company as well as third parties authorized by specific provisions of law or regulations provided for by the law of the European Union or of the Member State to which the Data Controller is subject.
The data may also be known by other independent owners and by external managers appointed by the owner.
9. Transfer of data to third countries
The data may be transferred to a third country or to an international organization by the Data Controller
In this case, the Data Controller undertakes to carry out the aforementioned transfer in compliance with the guarantees provided for by chapter V of the GDPR (articles 46 and 47 GDPR).
10. Rights of the interested party
The interested party has the right to:
- request access to personal data and information relating to them; the correction of inaccurate data or the integration of incomplete ones; the cancellation of personal data (upon the occurrence of one of the conditions indicated in art.17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of personal data (in the event of one of the hypotheses indicated in art.18, paragraph 1 of the GDPR);
- request and obtain - in the hypothesis in which the legal basis of the processing is the contract or consent, and the same is carried out by automated means - personal data in a structured and readable format by automatic device, also in order to communicate such data to another data controller;
- oppose the processing of personal data at any time in the event of particular situations concerning the data subject;
- withdraw consent at any time, limited to cases in which the processing is based on consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data ( e.g. data revealing racial origin, political opinions, religious beliefs, health or sex life). The treatment based on consent and carried out prior to the revocation of the same retains, however, its lawfulness;
- propose a complaint to a supervisory authority.
The aforementioned rights may be exercised by writing to the e-mail address: firstname.lastname@example.org.