PURSUANT TO EU REGULATION 679/2016 (GDPR)
The owner of the user’s personal data processing on the ipadvisory.it website is IPA SpA
Via San Maurilio, 19 - 20123 Milano
This disclosure describes the concrete methods of managing the website in relation to the processing of personal data of users who connect to it. The data processing is always carried out following the principles of lawfulness, transparency and correctness and appropriate security measures are taken to guarantee their protection. Further and specific information on the processing of personal data may be obtained by sending a request to the Data Controller using the given contact form.
LEGAL BASIS OF THE PROCESSING
Contractual basis: The processing of data for the "Contractual Purposes" is mandatory as it is necessary for the purpose of supplying the products purchased or the services requested by you, including the creation of user accounts.
Legal basis: The provision of data for the "Purpose of the Law" is also mandatory as required by applicable regulations such as compliance with tax matters or to defend the rights of the Data Controller or third parties in court.
Consensual basis: The processing of data for specific purposes such as, for example, subscription to the newsletter, use of contact forms or for marketing purposes is optional and is allowed only with your consent (which can be revoked at any time) without which it will not be possible for IPA SpA to follow up on the services or requests made by the user.
Legitimate interest of the Data Controller: The Data Controller may process the data collected for his legitimate interest and within the limits set by the Regulation.
The user may make an objection at any time to the processing for purposes of legitimate interest of the Owner and subject to the limits imposed by the legislation.
TYPE OF DATA PROCESSED
To provide the services or products on the website, IPA SpA collects and processes only "personal
IPA SpA does not collect or process particular categories of personal data, i.e. sensitive data, health data (including genetic or biometric data) and criminal data.
METHODS AND PURPOSE OF THE TREATMENTS
The processing of personal data is necessary to manage relations with users of the website, including the purchase of products and / or services. The collected data are processed electronically and on paper and are protected by appropriate security measures to guarantee their confidentiality, integrity and recovery. In particular, organizational and procedural measures are adopted (e.g. distribution of roles among staff, persons in charge / managers of both internal and external processing) as well as technical measures (e.g. backup, antivirus, firewall).
The purposes for which we collect and process personal data are multiple, in any case we process the data provided exclusively for the purposes strictly pertinent to each individual service requested or used, in particular:
Contact Form / Information: the data you give us using this service are used exclusively to give precise feedback to what you have requested, and, for this purpose, we expressly collect your consent. The data you provide will be kept only for the time necessary to process your request, after which they will be deleted from our systems.
Customer Support: The Data Controller makes available to users of the website a support service (mainly provided via live-chat, telephone, email) aimed at supporting its customers before, during and after the purchase of a product / service or to provide information on the activities we carry out. In some cases, to use the Customer Support service, we may need to ask you for your personal data when this is necessary to respond to requests for clarifications, information on purchases, shipments, withdrawal, legal guarantee of conformity, payments, products and / or services , to manage complaints, management of loyalty programs, etc.
Purchase of Products / Services: the data you provide will be used for the fulfilment of your purchase rodersi and related activities (shipping and delivery of products, invoicing, management of payments and related activities, etc.). The completion of the electronic sales contract will therefore constitute the legal basis with which we will process your personal data, which will be kept for the time necessary to fulfil the obligations imposed by law in relation to the conduct of the sales activity.
Account Registration: only after collecting your consent, we will use your personal data to allow you to create your own reserved area on our website, that will allow you to make purchases, participate in the initiatives promoted by us for our customers (e.g. purchase history, etc.).
RECIPIENTS OF THE DATA
We communicate your personal data to third parties only when this is necessary and functional to the achievement of the processing purpose pursued, according to the product purchased or the service requested. In any case, we proceed with the communication only after informing you and having collected your consent. In general, the data collected through the individual services and for the purposes pursued in this information can be communicated to the following categories of subjects:
Any public authority to which the right to access them is attributed by law.
Data processing and IT services companies (e.g. web hosting, IT infrastructure and services management and maintenance, web agency, etc.).
Companies and firms providing consultancy services to comply with legal provisions or to protect the legitimate interests of the Data Controller.
In particular, some specific services provided through our site also provide communication to other
categories of subjects, such as:
purchase of products: banking institutions for the management of payment instruments, PayPal, shipping companies, companies that provide postal and correspondence services.
Some browsing data are collected by third parties such as social networks when the user decides to use the relative interaction button and, in some cases, even without using the interaction service. The processing of such data is referred to the privacy policies of each individual third party.
TRANSFER OF DATA TO OTHER COUNTRIES
The personal data collected through the website are stored within the national territory or in other countries of the European Union. The data are not transferred to non-EU countries or international organizations. If the user wants information on the place where the data is stored, he can obtain it by making an express request to the Data Controller.
DATA RETENTION PERIOD
By adopting the appropriate security measures, we retain the data provided for the period necessary to achieve the purposes for which they were collected, in particular: the data collected and processed to fulfil legal purposes are kept for the period provided for by the single legal provision.
the data collected to execute a contract are kept for the period necessary to cover the warranty period provided for by law and to fulfil all the obligations set out in further regulatory provisions.
the data collected when a user account is opened are kept until the user decides to delete it.
NATURE OF THE DATA PROVISION
Mandatory provision: The provision of the requested data is always mandatory when it is necessary to execute a contract or to fulfil legal purposes. In such cases, failure to provide will not allow the Data Controller to execute the requests received. To this end, the mandatory data entry fields in the forms on the website are marked with an asterisk.
Optional provision: Failure to provide the optional data present in the collection forms does not affect the obtainment of the requested service.
Voluntary sending: When you spontaneously send an e-mail to one of the e-mail addresses indicated on our sites, we acquire the sender address and any other personal data that you have entered in the message and in the attachments. The e-mail boxes corresponding to the addresses indicated on our sites and any other IPA SpA e-mail boxes do not have a personal nature even when they contain the name and / or surname of a natural person. They belong to the Data Controller and have the primary purpose of allowing the effective performance of work activities within the company. By sending an e-mail to the e-mail addresses indicated on the website, you declare that you have read and accepted the conditions of treatment contained in this information.
RIGHTS OF THE INTERESTED PARTY
At any time, you can exercise the rights that Regulation (EU) n. 679/2016 recognizes you. In particular, you can exercise, by contacting the Data Controller or the Data Processor (it is possible to have a list of the external Managers appointed by making a specific request to the Data Controller):
Right of Access (art.15). You will be able to obtain confirmation, from the data controller, that a processing of personal data concerning you is in progress and, in this case, obtain a copy of the data being processed.
Right of rectification (art.16). You can obtain the correction (i.e. modification, integration or updating) of inaccurate personal data concerning you, in the event of inaccuracy, incompleteness or obsolescence.
Right of cancellation (art. 17) (so-called right to be forgotten). You can obtain the cancellation of your personal data. The data controller will cancel them without undue delay provided that one of the reasons listed in said art exists. 17.
Right to limit the processing (art.18). As an interested party, you have the right to obtain the limitation of treatment when one of the hypotheses listed in art. 18.
Right of opposition (art.21). You have the right to object at any time to the processing of personal data concerning you for reasons related to your particular situation and if the conditions set out in art. 21.
Right to Data Portability (art.20). You have the right to receive the personal data concerning you provided to a Data Controller in a structured, commonly used and machine-readable format and you have the right to transmit such data to another Data Controller without impediments by the Data Controller of the treatment to which he provided them if the conditions listed in art. 20.
Right to lodge a complaint with the Guarantor. If necessary, you can lodge a complaint with the competent supervisory authority for the protection of the rights guaranteed to you by Legislative Decree 196/2003 and by European Regulation 679/2016 (www.garanteprivacy.it).