Privacy Policy INFORMATION ON THE PROCESSING OF PERSONAL DATA / in accordance with art. 13 of EU Regulation 2016/679

The following information is provided by Opinion Ciatti s.r.l. (hereinafter also referred to as "Opinion Ciatti" or "Data Controller"), pursuant to art. 13 of EU Regulation 2016/679 (“Regulation” or “GDPR”) in relation to the processing of personal data of the Users of the website www.opinionciatti.com (“Website”), who can choose:

a) to ask for specific information about Opinion Ciatti’s products, events and activities via the contact form (https://www.opinionciatti.com/it/pages/16-contatti) or by sending an e-mail;

b) to register on the Website to create an account for placing orders and buying Opinion Ciatti’s products on-line,

c) to give their freely given and specific consent for Opinion Ciatti to send newsletters and marketing communications about Opinion Ciatti’s products, as such as advertising material, direct marketing proposals, market research, etc., at their email addresses;

d) to give their freely given and specific consent for processing their personal data provided during the registration and for placing orders (full name, birthdate, home address and location data, preferences, purchase choices, personal interests etc.) for profiling purpose, namely evaluating User’s profile as a consumer and/or to analyse his/her behaviours and consumer habits, in order to provide him/her targeted advertising based upon his/her profile.

For the purposes of the Regulation (art. 4.1), "personal data" means any information relating to an  identified or identifiable natural person (“Data subject” or, for purposes of this information, “User”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or  more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

This information relates solely to the processing of data collected by Opinion Ciatti website and is not otherwise applicable.

 

1. DATA CONTROLLER

The Data Controller is Opinion Ciatti s.r.l., with registered office in: via di Prato, 80 - 50041 Calenzano, Florence (Italy), VAT and C.F. 05372720481.

The Data Controller can be contacted:

  • by e-mail, at: info@opinionciatti.com;
  • by fax, to the number: +39 055 88709237;
  • by mail, at the address: Opinion Ciatti s.r.l., via di Prato, 80 - 50041 Calenzano, Florence (Italy).

 

2. PURPOSES AND LEGAL BASIS OF PROCESSING

Personal data voluntarily provided by Data subjects who interact with the services provided through the Website are processed for purposes related to the Users’ requests and/or to the given consent. Depending on the choice/option:

a) in case the Data subject asks for specific information about Opinion Ciatti, the latter will process the provided contact data to answer the request, by sending one or more e-mail communications;

b) in the case the Data subject register an account for placing orders and buying Opinion Ciatti’s products on-line, the latter will process the provided data:

1. for the performance of possible contracts for purchasing Opinion Ciatti’s products or services;

2. for customer administration, management of orders, deliveries, invoicing of material and immaterial services etc.;

3. for the fulfillment of legal obligations arising from national commercial or tax law;

4. to ensure Opinion Ciatti’s rights arising from the contract.

c) upon freely given and specific consent, Opinion Ciatti will process provided personal data for marketing purposes, namely sending, via email, newsletters, commercial and promotional communications, advertising materials and direct marketing proposals about Opinion Ciatti’s products and activities.

1. without the Data subject´s consent, Opinion Ciatti may also use the email contact information that was made available by the Data subject to directly sell own products or services (direct marketing), providing the product or service in question is similar to the one previously sold and the Data subject does not object to the use of his/her data. At any moment the Data subject has the right to object to such use of his/her data.

d) upon freely given and specific consent, Opinion Ciatti will process provided personal data for profiling purposes, namely to evaluate User’s profile as a consumer and/or to analyse his/her behaviours and consumer habits, in order to provide him/her targeted advertising based upon his/her profile.

The lawfulness of the processing referred to in par. 2, lett. a) and lett. b), point 1 and 2, is based on the fact that the processing is necessary for the performance of a contract to which the Data subject is party or in order to take steps at the request of the Data subject prior to entering into a contract [art. 6.1.b) of the Regulation].

The processing referred to in par. 2, lett. b), point 3 is necessary for compliance with a legal obligation to which Opinion Ciatti is subject [art. 6.1.c) of the Regulation].

The processing referred to in par. 2, lett. b), point 4 is necessary for the purposes of the legitimate interests pursued by Opinion Ciatti, in order to ensure its rights arising from the contract [art. 6.1.f) of the Regulation].

The legal basis for processing personal data for marketing purpose (par. 2, lett. c)) and/or profiling purpose (par. 2, lett. d)) is the consent of the Data subject [art. 6.1.a) and art. 7 of the Regulation], given by actively ticking the specific checkboxes. This consent is not necessary for the performance of the potential contract and the User has the right to withdraw his or her consent at any time by contacting Opinion Ciatti. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

The processing referred to in par. 2, lett. c) point 1 is carried out for a legitimate interest of Opinion Ciatti [art. 6.1.f) and Recital 47 of the Regulation; art. 130.4 legislative decree n. 196/2003].

At any time, the User may also unsubscribe from the mailing list by clicking the unsubscribe link at the bottom of every marketing email communication sent by Opinion Ciatti.

By contacting Opinion Ciatti, the Data subjects can exercise at any time the right to object to processing of personal data for direct marketing and/or profiling purposes. The personal data will no longer be processed for such purposes.

 

3. NATURE OF THE PROVIDING OF THE DATA AND CONSEQUENCES OF REFUSAL

Providing personal data is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract, as well as for the fulfillment of legal obligations. Any refusal to provide the personal data requested will render impossible the achievement of the processing (par. 2, lett. a) and lett. b), point 1, 2 and 3).

Providing personal data for which specific consent is requested (par. 2, lett. c) and lett. d)) is not necessary, as well as giving consent itself. Any refusal to provide such data, or choosing not to give the consent for marketing and/or profiling purposes, is not conditional for the performance of a contract between the User and Opinion Ciatti.


4. DURATION OF DATA STORAGE

With the exception of the navigation data, the data voluntarily provided by the User will be kept by Opinion Ciatti for the time strictly necessary to pursue the achievement of the objectives of the processing.

Personal data processed for marketing and/or profiling purposes (par. 2, lett. c) and lett. d)) will be kept until the User withdraws his/her consent, objects to the processing, or unsubscribes from the mailing list for marketing communications.

The criteria used to determine the periods stated above are valid unless a longer period is required by law or regulation.


5. CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA

The personal data provided by the User and collected by Opinion Ciatti for the purposes stated at par. 2,

par. 2, lett. a) and lett. b), point 1, 2 and 3 may be disclosed to and processed by the following categories of recipients: legal, financial and consultants, banks and insurance companies; law firms; web agencies (e.g. LipsiaGROUP s.r.l., creator of the Website) and companies who provide IT services (hosting, information security, web marketing etc.), external auditors for certification of financial statements; shippers, transporters, post offices and logistics companies; supervisory boards.

Personal data processed for marketing and/or profiling purposes (par. 2, lett. c) and lett. d)) may be disclosed also to companies who provide web-analysis and email marketing services.

These recipients will carry out the processing on the behalf of Opinion Ciatti, pursuant to art. 28 of the Regulation, with the exception of public authorities or recipients which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law.

Persons acting under the authority of Opinion Ciatti (art. 29 GDPR) or of the processor may also heve  access to personal data processed by the Data Controller (e.g. Opinion Ciatti’s employees).

Public authorities or recipients which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients. The processing of those data by those public authorities is in compliance with the applicable data protection rules according to the purposes of the processing.


6. DATA SUBJECTS' RIGHTS

By contacting Opinion Ciatti, the Data subject has the right to obtain from the Data Controller:

  • confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the information listed in art. 15 of the Regulation;
  • rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the Data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • erasure of personal data concerning him or her without undue delay;
  • restriction of processing where one of the provisions established by art. 18 of the Regulation applies;
  • objection at any time to processing of personal data concerning him or her, on grounds relating to his or her particular situation on points e) or f) of Article 6.1, including profiling based on those provisions, or to processing of personal data concerning him or her for marketing purposes, which includes profiling to the extent that it is related to such direct marketing;
  • where the processing of personal data (based on consent of the Data subjects or on a contract) is carried out by automated means, the Data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (so-called data portability).

If the Data subject considers that the processing of personal data relating to him or her infringes the Regulation, without prejudice to any other administrative or judicial remedy, he / she has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy.


7. ACTIONS OF DATA CONTROLLER FOLLOWING THE EXERCISE OF THE RIGHTS OF THE DATA SUBJECT

The data controller provides the Data subject with information about the actions taken in relation to a request to exercise the rights recognized by the articles from 15 to 22 of the Regulations and referred to in the specific paragraph above (“Data subjects’ rights”), without undue delay and at the latest within one month after receiving the request. This deadline may be extended by two further months if necessary, taking into account the complexity and the number of requests. The data controller informs the Data subject of this extension, and about the reasons for the delay, within one month after receiving the request. If the Data subject submits the request by electronic means, the information is provided, where possible, by electronic means, unless otherwise indicated by the Data subject.


8. COOKIE POLICY

For information regarding the use and management of cookies via this site, please read the cookie policy.


9. COLLECTION OF NAVIGATION DATA

This website collects a series of general data and information when a Data subject or automated system calls up the website. This data is not collected to be associated with identified Data subjects, but by its very nature could make possible the identification of Users through processing and association with data held by third parties. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any User, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the procedure used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the User's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information about the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of supposed computer crimes against the site; except for this case, at present the data on web contacts do not persist for more than seven days.


10. CHANGES TO THE INFORMATION ON THE PROCESSING OF PERSONAL DATA

This information may be subject to changes and updates, also to make it simplier and easier to read and understand. We invite you to visit this page regularly, to review any changes.




Date of last update: November 5, 2018