Notice on the processing of personal data (in accordance with Articles 13 and 14 GDPR 2016/679)
WHY THIS NOTICE IS DRAWN UP
This page describes how this website processes the personal data of its users.
This notice has been drawn up also pursuant to Articles 13 and 14 of EU Regulation 2016/679, as subsequently amended and supplemented, for users interacting with the web services accessible online from the web address: www.zecspa.com
This notice applies solely to the ZEC SPA website (www.zecspa.com), not to other websites viewed by the users after clicking links at the above web address
The notice also complies with Recommendation No. 2/2001, which the European data protection authorities, collectively in the Group set up by Article 29 of Directive No. 95/46/EC, adopted on 17 May 2001 to identify minimum requirements for collecting personal data online and, in particular, the methods, timing and nature of the information that data controllers must provide to users when they access websites, regardless of the reasons for accessing. The Recommendation and a brief description of its aims are available on the Personal Data Protection Guarantor's website http://www.garanteprivacy.it
Once this website is accessed by users (data subjects), data relating to identified or identifiable persons, and therefore personal data under Article 4 GDPR 2016/679, may be collected.
The Data Controller is ZEC SPA Via Lungolorno, 11, 43052 Colorno (PR).
DATA PROTECTION OFFICER:
The data protection officer (DPO) has not been identified as this Company is not obliged to comply with Article 37 of European Regulation 2016/679
DATA PROCESSING PURPOSES
Personal data are processed with automated tools for the time strictly necessary to fulfil the purposes for which they were collected and in accordance with the principles of necessity and proportionality.
Specific security measures are put in place to prevent any loss of data, unlawful or incorrect use and unauthorised access.
Personal data may be processed by company employees assigned to the fulfilment of the aforementioned purposes who have been expressly authorised to the processing and who have received adequate operating instructions and specific training.
OPTION TO PROVIDE DATA
Aside from what has been specified for browsing data, the user is free to provide his/her personal data in the request forms to the Data Controller in order to access the services offered.
However, failure to provide such data may make it impossible to obtain the services requested.
The provision of personal data for direct and indirect marketing purposes is based on your direct consent. You may, at any time, decide to stop receiving communications relating to marketing activities by unsubscribing at the bottom of any e-mail you receive. Alternatively, you may contact us, at any time, by writing to: firstname.lastname@example.org
The types of data processed are: personal identity data, contact data (including but not limited to: name, surname, email address, telephone number).
COMMUNICATION OF DATA
Personal data may be processed by external parties acting as data controllers such as, by way of example, supervisory and control authorities and, in general, other parties, including private parties, entitled to request data, such as public authorities that make an express request for administrative or institutional purposes, in accordance with the provisions of the national and European legislation in force, as well as persons, companies, associations or professional firms providing assistance and consultancy services.
Personal data may also be processed by external parties designated as data processors pursuant to Article 28 of GDPR 2016/679, who are given appropriate operating instructions. These parties are essentially included in the following categories:
The personal data processed will not be transferred abroad.
DATA RETENTION PERIOD:
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected.
For the purposes of direct and indirect marketing, personal data are retained until withdrawal of the data subject's consent.
RIGHTS OF DATA SUBJECTS
You have the right to:
- know what personal data are being processed, their source, the purpose and method of processing (Articles 13-14 GDPR 2016/679);
- obtain the erasure and/or destruction of unlawfully processed data, as well as the updating, rectification or completion of data (Article 13-14 GDPR 2016/679);
- submit a request for the rectification of inaccurate data to the Data Controller (Articles 13-14 GDPR 2016/679);
- lodge a complaint to a supervisory authority (Articles 13-14 GDPR 2016/679);
- submit a request for the erasure (right to be forgotten) of the data managed by the Data Controller (Article 17 GDPR 2016/679);
- request the restriction of processing (Article 18 GDPR 2016/679);
- submit a request for objection in cases where the processing falls under Article 21 GDPR 2016/679.
Any requests should be sent to the Data Controller.