Privacy Policy
(pursuant to art. 13 of European Regulation no. 2016/679)
AM SRL, with registered office in Calle Miotti 14/A – 30141 Venezia, Tax code and VAT number 04239170279, (hereinafter “AM”), as Data Controller, pursuant to and in accordance with art. 13 EU Regulation no. 2016/679 (hereinafter “GDPR”), informs you, in your capacity as the Data Subject (as defined in art. 4 of the GDPR), that your personal data (hereinafter “Personal Data” or “Data”) will be processed in full compliance with current legislation on the protection of Personal Data and with the implementation of all security, technical and organisational measures deemed appropriate for the protection of the aforementioned Data.
1. Data processed:
The Data processed are the following Data related to you: name, surname, email address, domicile/residence address, telephone number, profession, behaviour Data, purchase choices/preferences, company to which you belong. To better understand the above, please note that Personal Data are defined by current European legislation as “any information relating to an identified or identifiable natural person (‘Data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location Data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
2. Processing:
The processing of your Data is carried out by means of the operations specified in art. 4 no. 2) of the GDPR and specifically, by way of example: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Purposes and Legal Basis of the Processing:
Your Data will be processed for the following purposes:
a. With your express consent (art. 6 of the GDPR) – because the processing in question is necessary to be able to respond to your express request – for the following Purposes:
(i) to fulfil the requests for information you have made.
(ii) To allow and manage your Registration on the Website, as well as the performance of the activities provided to you by virtue of your Registration on the Website.
4. Data provided and consequences of refusal:
The provision of Data for the purposes referred to in letter a., point (i) of article 3) above, while optional is necessary to be able to correctly fulfil your requests, and therefore the lack of consent will preclude the possibility of providing you with an adequate response.
The provision of Data for the purposes referred to in letter a., point (ii) of article 3) above, while optional is necessary to be able to correctly fulfil your request for registration on the Website, and therefore the lack of consent will preclude the possibility for you to properly complete the procedure of Registering on the Website.
If you give your consent you have the right to withdraw it at any time. We remind you that the withdrawal of consent, pursuant to and by effect of art. 7 of the GDPR, does not prejudice the lawfulness of the processing based on the consent you gave before withdrawal.
5. Method of Processing
The processing of your Personal Data will be carried out by means of suitable electronic and/or online tools with logic strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the Data. Except as otherwise established in the Website’s Cookie Policy, AM informs the Data Subjects that no type of automated decision-making process will be used, “automated decision-making” being understood to mean as specified in art. 22 of the GDPR “a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her”.
6. Data storage:
The Data will be stored at/through Server/Cloud System located in UE territory.
Your Personal Data and contact details will be used and stored for the purposes referred to in art. 3) above for a period not exceeding 5 (five) years unless a different period provided by the applicable law in the relevant field as well as in case of litigation (e.g. lawsuit). Your purchasing Data will be used and stored for the purposes referred to in art. 3) above for a period not exceeding 2 (two) years.
At the expiration of the storage period the Data will be erased and eliminated from any paper and/or digital support in a secure manner and in full compliance with the Data Protection regulations in force from time to time, or will be made anonymous by AM for the sole purpose of carrying out statistical and/or historical analysis, therefore without any possibility for AM and/or third parties to identify the Data Subjects.
7. Security Measures:
We care about protecting your information. We therefore commit to taking all reasonable measures to protect any Personal Data that we have stored against misuse, loss or unauthorised access. To this purpose, we have implemented a series of specific technical and organisational measures. Measures are included to deal with any suspected Data breaches.
8. Parties authorised to process Data:
For the proper execution of the Processing referred to in this Privacy Information Notice, your Data will be accessible to:
a. Employees of AM SRL, expressly authorised by the Data Controller and adequately educated by the Data Controller to perform the processing in question.
9. Disclosure and Dissemination of the Data:
The Data Controller can disclose your Data to Supervisory Bodies and/or to Judicial Authorities as well as to all other parties to whom the disclosure is mandatory by law for the accomplishment of said purposes. Your Data will not be disseminated and/or disclosed in any other way.
10. Data transfer:
The management and storage of Personal Data will be carried out on/through Server/Cloud System located in UE territory, belonging to the Data Controller and/or appointed third-party companies and duly designated as External Data Processors. In any case, it is understood that a subsequent and possible transfer of Data outside the European Union will take place in accordance with the applicable legal provisions – including articles 44, 45 and 46 of the GDPR – as well as with the adequacy decisions adopted by the European Commission and also, if necessary and in the absence of adequacy decisions, stipulating agreements that guarantee an adequate level of protection and/or implementing the standard contractual clauses provided by the European Commission. In detail, in case of any subsequent transfer of Data in the United States, it will take place towards to those companies that have joined the so-called “Privacy Shield”, in compliance with the decision of the European Commission that recognised the Agreement entitled “EU-US Privacy Shield” as having an appropriate level of protection of Personal Data transferred from the European Union to organisations resident in the United States that self-certify in the system and the subsequent Authorisation to transfer Data abroad through the agreement called “EU-US Privacy Shield” adopted by the Italian Data Protection Authority on 27 October 2016.
11. Rights of the Data Subject:
In your quality as a Data Subject, you are entitled to the rights set forth in art. 13 et seq. of the GDPR. Precisely, your rights include:
a. Pursuant to and for the purposes of art. 15 and art. 77 of the GDPR, the right to lodge a complaint with a competent authority.
b. Pursuant to and for the purposes of art. 15 of the GDPR, the right of access to information related to the processing of the Data, including: the purposes for the processing; the categories of Personal Data processed; the envisaged period for wich the Personal Data will be stored or if not possible the criteria used to determine that period ; the recipients or categories to whom the Data were or will be disclosed; any transfer of Data to third countries; if the Data were not collected from the Data subject, the information available about the origin of the Data; the existence of an automated decision-making process, the logic applied to the segmentation of users for profiling activities and the significance and envisaged consequences of such processing for the Data subject.
c. Pursuant to and for the purposes of art. 16 of the GDPR, the right to obtain the rectification of inaccurate Data and the completion of incomplete Data.
d. Pursuant to and for the purposes of art. 17 of the GDPR, the right to request erasure and to obtain it in certain circumstances, including: the Data are no longer necessary in relation to the purposes for which they were collected; Personal Data have been unlawfully processed; Personal Data must be erased as a consequence of a legal obligation established by the law of the European Union or the Member States to the Data Controller is subject ; the Data subject has withdrawn consent. This right will not be possible if the Data are necessary for the management of complaints.
e. Pursuant to and for the purposes of art. 18 of the GDPR, the right to obtain the restriction of processing in certaincircumstances , including: the Personal Data available to AM are inaccurate; the Data subject does not agree with the use of his/her Data but opposes their erasure and therefore requires a restriction of their use; AM no longer needs to keep the Data but the Data subject needs them for future complaints. In the event of a request for restriction, the Data will be processed only for certain reasons other than storage, including: complaints by the interested party; consent expressed by the interested party; protection of the rights of other natural or legal persons or for reasons of public interest at the level of the European Union or of a certain Member State.
f. Pursuant to and for the purposes of art. 20 of the GDPR, the right to receive their Data in a structured format that is commonly used and legible and to transmit them to another Data controller in the cases provided for by the aforementioned law.
g. Pursuant to and for the purposes of art. 21 of the GDPR, the right to object – at any time and for reasons related to his/her particular situation – to the processing of Personal Data, including the processing of Data for profiling and direct marketing purposes. In this case AM shall no longer process the Personal Data unless for specific exceptions provided by the aforementioned law.
12. Data Controller:
The Data Controller is AM SRL. with registered office in Calle Miotti 14/A – 30141 Venice, Tax code and VAT number 04239170279.
13. How to exercise your rights:
To exercise the rights referred to in art. 11) above, you can write to the Data Controller at the following addresses: AM SRL – Calle Miotti 14/A – 30141 Murano (VE); email: info@andromedamurano.it
14. Changes to this Privacy Information Notice:
This Information Privacy Notice may be subject to change. We therefore suggest you regularly check this Privacy Information Notice and refer to the latest version.
In the event that you do not accept the changes that have been made, at any time you can cancel your registration on the Website or modify and/or withdraw your previously given consents by writing to the contacts as mentioned above.
Last update: 21th August 2019