Policy Privacy | Andrea Pavan

PREMISE
Andrea Pavan, with registered office at Via A. Soster n.20 – 35042 Este (PD), and operational headquarters at Via A. Soster n.20 – 35042 Este (PD) (hereinafter, the “Data Controller”), hereby informs you, pursuant to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter “GDPR”) and in accordance with Legislative Decree 196/03 (the “Privacy Code,” as amended by Legislative Decree 101/18), that your personal data will be processed in the manner and for the purposes described below.

1) Subject of the processing
In light of the services and products offered by our organization, the Data Controller processes personal identification data, which are not of a special category (for example: name, surname, tax code/VAT number, email address, telephone number, hereinafter collectively “personal data”), that you have provided when requesting services/products from our organization and/or upon defining contractual agreements and/or promotional initiatives, for the purposes described herein.

This website uses log files, in which information collected automatically during users’ visits is stored.

The information collected may include the following:

Internet Protocol (IP) address;
Browser type and parameters of the device used to connect to the site;
Name of the internet service provider (ISP);
Date and time of visit;
Referring and exit web pages;
Possibly, the number of clicks.

This information is processed in an automated form and collected solely in aggregate form, to verify the proper functioning of the site and for security reasons. Such data is never used for the identification or profiling of the user, but only for the protection of the website and its users. The legal basis for this processing is the legitimate interest of the Data Controller.

2) Purpose of processing and legal basis
Your personal data is processed:

A – Without your express consent (as it derives from legal and/or contractual obligations or legitimate interests – Privacy Code and Article 6 GDPR), for the following purposes:

To manage and maintain the requested services/products and to contact you in relation to the requested services/products;
To fulfill pre-contractual, contractual, and tax obligations arising from the relationship with you;
To comply with legal obligations, regulations, EU legislation, or orders from authorities, including for accounting and tax purposes;
To prevent or detect fraudulent activities or harmful misuse and/or to pursue purposes mandated by current anti-money laundering regulations;
To comply with mandatory obligations arising from the requirements of organizational and management models based on recognized standards (e.g., ISO, UNI) required by law and/or specific contractual requirements requested by you and/or explicitly stated as a service requirement;
To exercise the Data Controller’s rights, for example, the right to defend itself in court;
To contact you for information related to the requested services and their management;
To allow you to register for services and to enable the sending of useful information to you in relation to the requested services;
To process special categories of data within the scope of services requested and covered by Article 9(2), letters “b” through “j” of the GDPR;
Based on a legitimate interest for commercial communications to update you on our organization’s initiatives.

For data collected through the website:

To allow registration on the website (only when provided);
To respond to any queries you submit through the contact forms;
To manage and maintain the website;
To prevent or detect fraudulent activities or harmful misuse against the website;
For legitimate interest related to communications (including commercial communications) providing updates on our organization’s initiatives and/or derived from applicable legislative/regulatory requirements.

B – Only with your specific and separate consent, granted by accepting the newsletter subscription through our website interface (Article 7 GDPR and as per D.Lgs 196/03), for the following purposes:

B.1 Marketing and/or commercial purposes: Commercial communications and/or promotional material concerning products or services that fall under legitimate interest. We inform you that if you are already our customer, we may send you commercial communications regarding services and products similar to those you have already used, unless you object (Privacy Code).

For other purposes, the Data Controller will provide specific notices and request related consents and/or integrations if needed.

This notice does not cover any processing carried out by other parties that can be reached through links on this website; in such cases, please refer to their specific privacy notices.

3) Methods and duration of processing
Your personal data will be processed by means of the operations indicated in D.Lgs 196/03 and Article 4(2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is processed both in paper and electronic/automated form.

The Data Controller will process your personal data for the time required to fulfill the purposes mentioned above and, in any case, for no longer than 10 years after the termination of the relationship for the purposes referred to in point 2.A (unless other legislative requirements apply). For the purposes referred to in point 2.B, data will be processed until consent is revoked or for up to 5 years following the cessation of relations/communications from the first collection.

Profiling: No data profiling is carried out.

4) Access to data
You may access your data at any time by making a simple request to the addresses indicated in this privacy notice.

5) Data disclosure
Your data may be made accessible and/or disclosed, for the purposes referred to in Articles 2.A) and 2.B):

Without prejudice to communications and disclosures made in compliance with legal obligations, the Data Controller may disclose your data in Italy and/or abroad (as indicated below) to:

Employees and collaborators of the Data Controller, in their capacity as persons in charge and/or data processors and/or system administrators;
Technicians and/or collaborators for administrative, fiscal, and accounting management and/or to fulfill specific legal obligations, or to externally identified suppliers;
Our network of agents; factoring companies; banks; credit recovery companies; credit insurance companies; commercial information companies for requested services; professionals and consultants; companies operating in the transport sector; technicians and collaborators engaged to provide the requested services/products; supervisory bodies; judicial authorities, as well as all other parties to whom disclosure is mandatory by law for the fulfillment of the aforementioned purposes. Entities entrusted with services described herein;
Companies or other legal entities, qualified and appointed under Article 28 of Regulation 679/16, for support activities including: management and development of communication, management and development of corporate processes and projects, communication and promotion systems, data storage. Access may be granted to third parties and affiliated companies that provide services deemed necessary and/or useful by the Data Controller for managing the company’s activities and related support processes or requested by you. Such suppliers include IT system maintenance companies; banks, professional firms, companies providing IT system/platform services that the Data Controller considers useful; companies that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
It may be necessary to communicate data to recipients for legal obligations and/or due to the organizational structure of the Data Controller, which involves independent parties who may receive data to comply with legal obligations arising from their role. Such recipients may include supervisory bodies, inspectors from third-party entities, individuals conducting audits on our organization, and entities or authorities performing checks at our company.

The Data Controller’s partners are not authorized to process data for purposes other than those stated in this notice. If necessary, the processing of personal data by these partners must refer to another specific notice and specific consents indicating a different controller and purposes.

6) Data transfer
The management and storage of personal data will take place on servers located within the European Union, either owned by the Data Controller and/or third-party companies duly appointed as Data Processors. Currently, our internal servers are located in Europe. Data will not be transferred outside the European Union. However, should it become necessary, the Data Controller reserves the right to relocate the servers to non-EU countries. In that case, the Data Controller guarantees from now on that any non-EU data transfer will be carried out in compliance with applicable legal provisions, entering into agreements ensuring an adequate level of protection and/or adopting the standard contractual clauses set forth by the European Commission. For certain mailing or “storage” services, we rely on cloud platforms that may have servers located in non-EU countries, but data is stored there only temporarily for the required service.

7) Mandatory or optional provision of data and consequences of refusal
Providing data for the purposes stated in Article 2.A) is mandatory. Without it, we cannot guarantee the services described in 2.A). Providing data for the purposes mentioned in 2.B) is optional.

You may therefore decide not to provide any data or to later deny the possibility of processing data already provided: in such a case, you will not be able to receive commercial communications and advertising material related to the services offered by the Data Controller. In any event, you will still be entitled to the services referred to in Article 2.A).

8) Data subject’s rights
As the data subject, you have the rights set forth in D.Lgs 196/03 and Articles 15-22 of the GDPR, specifically the right to:

Obtain confirmation of whether or not personal data concerning you exists, even if not yet recorded, and receive it in an intelligible form;
Obtain information on: the origin of the personal data; the purposes and methods of processing; the logic applied if processing is carried out with the help of electronic means; the identification details of the Data Controller, Data Processors, and the representative designated under the Privacy Code and Article 3(1) of the GDPR; and on the entities or categories of entities to whom the personal data may be disclosed or who may learn of it as designated representatives in the State’s territory, processors, or persons in charge;
Obtain: the updating, rectification, or, when interested, the integration of data; the erasure, anonymization, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it was collected or subsequently processed; the certification that the operations described above have been brought to the attention, including their content, of those to whom the data has been disclosed or disseminated, unless this proves impossible or involves a manifestly disproportionate effort compared to the protected right;
Object, in whole or in part: for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection; to the processing of your personal data for the purpose of sending advertising material or direct sales or for market research or commercial communications, using automated call systems without the intervention of an operator via email and/or through traditional marketing methods via telephone and/or paper mail. Please note that the data subject’s right to object for direct marketing purposes using automated methods extends to traditional methods and that the data subject may exercise the right to object even partially. Therefore, the data subject can decide to receive only communications via traditional methods or only automated communications or neither type of communication. Where applicable, you also have the rights provided in Articles 16-21 of the GDPR (right of rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Supervisory Authority.

9) How to exercise your rights
You may exercise your rights at any time by sending:

A registered letter with return receipt to: Andrea Pavan, registered office at Via A. Soster n.20 – 35042 Este (PD), operational headquarters at Via A. Soster n.20 – 35042 Este (PD)
An email to: info@andreapavan.eu

To exercise your rights, you may use the form available at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 and submit it to the addresses indicated above.

10) Minors
The services of the Data Controller are not intended for children under 14, and the Data Controller does not knowingly collect personal information about minors. If information about minors is unintentionally recorded, the Data Controller will promptly delete it upon users’ request.

11) Data Controller, Data Processor, and Appointees
The Data Controller is Andrea Pavan, represented by Andrea Pavan (pro-tempore legal representative). The Data Controller can be reached at the addresses indicated above. The updated list of data processors and persons in charge of processing is kept at the Data Controller’s headquarters.

12) Data Protection Officer (DPO)
The appointment of a Data Protection Officer (DPO) is not applicable to our organization.

13) Changes to this Notice
This Privacy Notice may be subject to changes. We therefore recommend that you regularly check this Notice and refer to the most recent version