Notice on Personal Data Processing pursuant to Articles 13 and 14 of EU Regulation 679/2016 (GDPR)
1. DATA CONTROLLER AND PROCESSOR
The Data Controller is Euro Design S.r.l., located in Urbino (PU), via Monte Cucco no. 5, Località via Piana 61029, represented by the interim legal representative Piercarlo Costantini, Tax Code: CSTPCR45T09F497H, email: [email protected], phone: 072252922; website: www.eurodesignsrl.it (hereinafter referred to as the “website”).
The Data Controller reserves the right to appoint data processors in accordance with Article 28 of the GDPR.
2. PURPOSES OF PROCESSING
The data are collected and processed solely for the following purposes:
A. Managing orders related to the provided service;
B. Managing the contact form on the website;
C. Direct marketing.
3. TYPES OF PERSONAL DATA PROCESSED
The data collected and processed for the purposes listed in point 2 include the following types:
– Basic personal data (Article 4 of the GDPR), such as: email addresses, phone numbers, identification and demographic data, industry-related data, name, type of activity performed, and intended purposes.
4. LEGAL BASIS FOR PROCESSING (Article 6 GDPR)
The legal basis for data processing for purposes specified in points 2A and 2B is the contract between the Data Controller and the data subject at the time the service is requested.
For the purpose specified in point 2C, the legal basis is the legitimate interest of the Data Controller. In cases where processing does not fall within the legitimate interest, processing will proceed only with the data subject’s consent.
5. RECIPIENTS OF PROCESSING
Personal data collected and processed may be shared with third parties apart from the Data Controller and data processors only when strictly necessary to fulfill the purposes listed in point 2 or when required by law.
These recipients handle Client data as data controllers, processors, or authorized personnel, as applicable.
The Data Controller relies on collaborators who act as data processors and provide adequate assurances to implement appropriate technical and organizational measures to comply with GDPR obligations.
5.a) CATEGORIES OF RECIPIENTS
Recipients as per point 6 include, by way of example, cloud service providers, lawyers, labor consultants, accountants, and public administrations.
6. TRANSFER OF DATA ABROAD
Should it be necessary to transfer data outside Italy, the Data Controller will restrict the transfer to within the European Union.
6.a) Data transfers to countries outside the European Union will occur only when strictly necessary and solely with providers offering adequate personal data protection guarantees.
7. DURATION OF PROCESSING
Data collected will be retained until the purposes specified in point 2 are achieved, and in any case, no longer than 10 years thereafter, for accounting and legal defense purposes, in accordance with Articles 2220 and 2946 of the Italian Civil Code.
8. DATA SUBJECT’S RIGHTS
The data subject may exercise the following rights by contacting the Data Controller directly:
– Right of access (Article 15 GDPR);
– Right to rectification (Article 16 GDPR);
– Right to erasure (right to be forgotten) (Article 17 GDPR);
– Right to restriction of processing (Article 18 GDPR);
– Right to data portability (Article 20 GDPR);
– Right to object (Article 21 GDPR);
– Right to withdraw consent at any time (Article 7 GDPR), without affecting the lawfulness of processing based on consent prior to withdrawal.
These rights may be limited as expressly provided for by Article 2-undecies of Legislative Decree 196/2003.
9. RIGHT TO OBJECT (Article 21 GDPR)
The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data pursuant to Article 6(1)(e) or (f). The Data Controller will cease further processing unless compelling legitimate grounds are demonstrated, which outweigh the data subject’s interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
10. NOTIFICATION OBLIGATION IN CASE OF DATA RECTIFICATION, DELETION, OR RESTRICTION (Article 19 GDPR)
The Data Controller will notify each recipient to whom personal data have been disclosed of any rectifications, deletions, or restrictions of processing pursuant to Article 16, Article 17(1), and Article 18 GDPR, unless this proves impossible or involves disproportionate effort. Upon request, the Data Controller will inform the data subject of these recipients.
11. COMMUNICATIONS
The Data Controller will communicate any data breaches affecting the data subject to the Data Protection Authority and, if the breach is likely to result in a high risk to the rights and freedoms of individuals, to the data subject, pursuant to Articles 33 and 34 GDPR.
12. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (Article 77 GDPR)
Without prejudice to any other administrative or judicial remedy, a data subject who believes that the processing concerning them violates the GDPR has the right to lodge a complaint with the data protection authority, particularly in the EU Member State where they habitually reside, work, or where the alleged infringement occurred.
13. RIGHT TO EFFECTIVE JUDICIAL REMEDY (Article 79 GDPR)
Without prejudice to any other administrative or out-of-court remedy, including the right to lodge a complaint with a supervisory authority under Article 77 GDPR, each data subject has the right to an effective judicial remedy if they believe their rights under the GDPR have been infringed due to processing.
Actions against the Data Controller or processor are brought before the courts of the Member State where the Data Controller or processor is established. Alternatively, these actions may be brought before the courts of the Member State where the data subject habitually resides, unless the Data Controller or processor is a public authority of a Member State in the exercise of public powers.
14. TECHNICAL COOKIES
The website uses technical cookies, which are necessary for navigation as they enable essential functions. Technical cookies cannot be disabled as doing so would cause the website to malfunction.
