Information on the processing of personal data pursuant to the Privacy Code and the European Privacy Regulation (GDPR) for the website www.gioielleriaporromilano.it
We inform you that, pursuant to art. 13 of the legislative decree. n. 196/2003 (hereinafter Privacy Code) and art. 13 of EU Regulation no. 2016/679 (hereinafter GDPR), containing provisions for the protection of persons and other subjects with respect to the processing of personal data, the personal data provided will be processed in compliance with the aforementioned legislation and confidentiality obligations.
All contents of this Site are owned and/or controlled by MP sas di Francesca Porro e C and are protected by international copyright laws.
The Company may occasionally update this information and, therefore, recommends that you visit this page regularly to find out the latest changes.
1. Data controller
The data controller of personal data is MP sas di Francesca Porro e C., Via Fiori Chiari, 16 20121 Milan (IT), TEL +39 02 86460646, email email@example.com (hereinafter, the Data Controller). The updated list of data controllers and persons in charge of processing is kept at the registered office of the Data Controller.
2. Object of the processing
The Data Controller processes personal, identifying data (for example, name, surname, company name, address, telephone, e-mail, bank and payment details) – hereinafter, personal data or even data) communicated by you upon conclusion of contracts for the Owner’s services. The data you provide may be used for marketing and/or promotional purposes only with your specific consent. In any case, it is specified that any refusal to provide consent to the processing of data for promotional and marketing purposes does not affect the provision of services or the use of the Site.
3. Types of data processed
MP sas di Francesca Porro e C., in its capacity as owner of the website www.gioielleriaporromilano.it, in order to guarantee easy and correct use of the services offered by the same, informs you that personal data will be processed as specified below. In particular, the data processed are:
The computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with other data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
Data provided voluntarily by the user
Pursuant to the Privacy Code as well as the GDPR, we inform you that the personal data you voluntarily make available to MP sas di Francesca Porro e C. will be processed in compliance with the current legislation on the protection of personal data and, in any case, of principles of confidentiality which inspire the activity of MP sas di Francesca Porro e C. and for the sole purposes indicated in this statement.
4. Purpose of the processing
Your personal data is processed:
A. without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
-conclude contracts for the Owner’s services;
– fulfill pre-contractual, contractual and tax obligations deriving from existing relationships with you;
– fulfill the obligations established by law, by a regulation, by community legislation or by an order from the Authority (such as in the field of anti-money laundering);
-exercise the rights of the Owner, for example the right of defense in court;
-allow the user to use the Site.
B. Only subject to your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
send you via e-mail, post and/or text message and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and survey the degree of satisfaction with the quality of the services;
send you commercial and/or promotional communications from third parties (for example, business partners, insurance companies, etc.) via email, post and/or text message and/or telephone contacts.
For the purposes referred to in article 4B, the provision of consent is optional and does not affect the use of the Site or the services provided by MP sas di Francesca Porro e C. Furthermore, with reference to the purpose of direct marketing, the interested party has the right, at any time and free of charge, to object to such processing, both with regard to initial or further processing, including profiling to the extent that it is connected to such direct marketing pursuant to art. 21 GDPR.
If the interested party objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
5. Treatment methods
Personal data are processed with suitable paper, electronic and/or telematic tools, with logic strictly related to the above purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data themselves. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The personal data being processed are: (i) processed lawfully and fairly; (ii) collected and recorded for the purposes referred to in the previous paragraph; (iii) accurate and, if necessary, updated; (iv) stored in such a way as to allow identification of the interested party for a period not exceeding that necessary for the purposes for which they were collected or subsequently processed. The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship.
6. Access to Data
Your data may be made accessible for the above purposes:
– to employees and collaborators of the Data Controller in Italy and abroad, in their capacity as internal data processors and/or managers and/or system administrators;
– to third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external managers of the treatment. The list of external data controllers is kept at the company headquarters and can be consulted upon specific request. The list of those responsible and in charge of processing personal data is available at the company.
7. Right of access of the interested party
The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information:
a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations; d) when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all available information on their origin; h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
The data controller provides a copy of the personal data being processed. In the event of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs, set at 50.00 euros.
If the interested party submits the request by electronic means, and unless the interested party indicates otherwise, the information is provided in a commonly used electronic format. The right to obtain a copy, as established in this article, must not infringe the rights and freedoms of others.
8. Data communication
Without the need for express consent (pursuant to art. 24 letter. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in the art. 4.A) to supervisory bodies (such as IVASS), judicial authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers. Your information will not be disseminated.
9. Data Transfer
Personal data is stored on servers located in Italy. In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
10. Provision of data and consequences of any refusal
The provision of your data is optional. However, your refusal and/or provision of inaccurate and/or incomplete information could make it impossible to use the Site and the services offered. It is understood that consent to the processing of personal data for marketing and/or promotional purposes is always optional.
11. Links to other websites
12. Rights of the interested party
In your capacity as an interested party, you have the rights referred to in the art. 7 Privacy Code and art. 15 et seq. GDPR and precisely the rights of: i. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form; ii. obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and representative designated pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, managers or agents;
iii. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) the certification that the operations referred to in the letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right ;
iv. oppose, in whole or in part:
a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail. Please note that the interested party’s right to object, set out in the previous point b), for direct marketing purposes using automated methods extends to traditional ones and in any case the possibility for the interested party to exercise the right of opposition even only in part remains intact. Therefore, the interested party can decide to receive only communications via traditional methods or only automated communications or neither of the two types of communication.
Where applicable, you also have the rights referred to in the articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limit processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.
13. Communications, suggestions and complaints
14. Acquisition of cookie consent
To obtain further information about the purposes and methods of use of the cookies installed by the Site click here.