Information regarding the processing policy of website users' personal data provided in accordance with Articles 13 of Legislative Decree no. 2016/679/EU (hereinafter also "GDPR") for the website https://www.leony.eu owned by Pietro Bazzani - Via Rivetta, 21 - 15033 Casale Monferrato,
AL - Italy
The company Leony by Pietro Bazzani - Via Rivetta, 21 - 15033 Casale Monferrato, AL - Italy
(hereinafter also “the Company” or “the Owner” values and protects their users’ privacy and wishes for the user to feel safe during website navigation and, potentially, in their decision to subscribe to Leony mailing list or registering to the website’s private user area. In this page the Company wishes to provide useful information about the privacy & data policy regarding users visiting or browsing the website, accessible via telematic means at the address www.leony.eu (hereafter also “the Website”).
The reproduction or use of pages, materials and information contained inside the Website, by any means and on any medium, is forbidden unless prior written consent of the Company is present. Copies and / or printouts are allowed solely for personal non-commercial use (for requests and clarifications, contact the Company at the addresses below). Other uses of the content, services and information on the Website are forbidden.
As stated in Articles 4, 37-39 of EU Regulation no. 2016/679 (hereinafter also “the Regulation”)
Personal data: any information related to an identified or identifiable natural person (the “concerned individual”); an identifiable natural person is a person that can be identified, directly or indirectly, specifically referring to an identifier such as a name, an ID number, location data, an online recognizer as well as one or more specific determinants of physical appearance, physiology, genetic, economic, cultural and social identity of said natural person.
Usage data: any information gathered automatically by this Website (or third party apps that the Website uses), including IP addresses or domain names of the computers used by the visitor connecting to said Website, URI (Uniform Resource Identifier) addresses, time of request, methods used to submit the requests to the server, sizes of files obtained in response, numeric code indicating the status of the response from the server (successful, error, etc.), country of origins, characteristics of the browser and the operating system used by the User, the various temporal connotations of the visit (such as the time spent on each page) and the detailed itinerary followed within the Website, specifically the sequence of pages visited, parameters related to the User’s operating systems and IT environment.
Profiling: any form of automatic processing of personal data regarding the usage of personal data to evaluate particular personal aspects related to a natural person, specifically in order to analyze or predict aspects concerning work performances, financial situation, health, personal preferences of said natural person, interests, reliability, behavior, location or movements.
User: the individual utilizing said Website, that must coincide with the Affected or be authorized by the Affected whose Personal Data are object of treatment.
Treatment: any operation or set of operations performed on Personal Data, also by automated means, such as collection, registration, organization, structuration, archiving, adapting or altering, restoration, consultation, usage, divulgation through transmission, diffusion or putting content at the disposal of the general public, alignment or combination, restriction, erasure or destruction.
Data Controller (or “Controller”): the natural or legal person, public authority, service or other organization which, alone or together with others, determines the purposes and means of the processing of Personal Data. Where purposes and means of said processing shall be determined by EU law or national, the Data Controller or the specific criteria for his appointment may be provided by EU law or national law.
Processor: the natural or legal person, public authority, service or other organization that processes Personal Data on behalf of the Controller.
Application or Platform: the hardware or software tool by means of which the User’s Personal Data are acquired.
Data Protection Officer (DPO): mandatory figure in the cases pursuant to Article 37 of the Regulation. They advise, monitor, coordinate and manage relationships with the Supervisory Authority concerning the processing of Personal Data.
1. THE DATA CONTROLLER
The “Controller” of the processing of the Personal Data processed following the navigation of the Website, in accordance with Article 26 of the EU Regulation no. 2016/679, Leony by Pietro Bazzani, located Via Rivetta, 21 - 15033 Casale Monferrato, AL - Italy, phone number +39 338 285 8619, email address firstname.lastname@example.org
2. PROCESSED DATA
Navigation Data: computer systems and software procedures used for the operation of said Website acquire, in the course of normal exercise, some personal data of which the transmission is implicit within Internet navigation. The data, although not collected for the purpose of being associated with anyone in particular, by its very nature could be associated and combined with data processed by third parties, and thereby be used to identify Users or visitors who navigate the Website. This category of data includes, for example, the IP addresses or domain names of the computers used by the visitors to connect to the Website, and URI (Uniform Resource Identifier) addresses. The Data could be used to ascertain responsibility in case of IT crimes committed to the detriment of the Website: without prejudice to this possibility, data on contacts to the Website is not kept for more than seven days.
Data regarding “Client Area” Registrations / Log In: said section is reserved to Users who are interested in using a section dedicated to products / services offered by the Controller. The personal data required to access this service are exclusively the following: Name, Surname, Address, City, Province, State, E-Mail, Phone Number.
Data regarding the “CONTACT US” section: said area is aimed at Users who are interested in receiving information regarding products / services offered by the Controller. The personal data required to access this service are exclusively the following: Name, Surname, Address, City, Province, State, E-Mail, Phone Number.
Data regarding newsletter subscription: when subscribing to the Company’s newsletter by filling out the relevant form, the only personal detail required is the email address.
3. PURPOSE OF THE TREATMENT OF DATA AND LEGAL BASIS
1. The processing of the aforementioned browsing data is necessary to ensure the proper functioning of the Website and its contents.
With reference to the purpose stated in point 1) above, the processing is based on the legitimate interest of the Controller pursuant to Article 6, paragraph 1, letter f) of EU Regulation no. 2016/679.
2. The processing of acquired data upon registration in the Client’s Area is intended to allow the User / client to consult and/or to purchase the products present on the Website and/or to receive information on the services rendered by the Controller.
3. The processing of the data acquired upon registration to the “CONTACT US” section is intended to allow the User / client to receive information regarding products / services rendered by the Controller.
The provision of data for the purposes stated in points 2) and 3) above, connected to a pre-contractual and/or contractual phase meaning functional to a User request or provided by a specific regulatory provision, is mandatory and, failing that, it will not be possible to receive the information and accessing to the requested services (Article 6, paragraph 1, letter b) of the UE Regulation no. 2016/679).
4. The processing of acquired data upon newsletter subscription is carried out in order to send a periodic informative update regarding the activity of the Company.
With reference to the purpose stated in point 4) above, consent to the processing of data by the User is free and optional and always revocable without it affecting the usability of the products and services except in the case where it is impossible for the Company to continue to keep the User updated regarding its activities. Therefore, the subscribers are able to cancel their subscriptions to the mailing list at any time by clicking on the appropriate link which can be found at the end of each newsletter.
5. The processing of data for marketing purposes is carried out for the purpose of sending the Client/User offers and content tailored to them.
With reference to the purpose stated in point 5) above, the processing is based on the legitimate interest of the Controller pursuant to Article 6, paragraph 1, letter f) of EU Regulation no. 2016/679.
6. The processing of data for profiling purposes is carried out for the purpose of creating tailored offers and content.
With reference to the purpose stated in point 6) above, consent to the processing of data by the User, pursuant to Article 6, paragraph 1, letter a) of the EU Regulation no. 2016/679, is free and optional and always revocable without consequences regarding the usability of the products and services rendered by the Controller except in the case where it is impossible for the Company to continue sending personalized offers and content to the User. Therefore, the Client/User can request the deletion of profiling data at any time by sending a request at the email address email@example.com
4. DURATION OF TREATMENT
Acquired personal data, including the data collected through the “CONTACT US” section, shall be kept for the time necessary to carry out the activities requested by the User and in any case for a period of time not exceeding 5 years from the date of insertion.
Storage time may be extended and may lead to a subsequent further acquisition of data. In the case where the User requests additional services; the duration of the processing, for administrative purposes, accounting, fiscal and contractual may be extended up to 10 years after the termination of the relationship, as provided for in current legislation (Article 2220 of the Italian Civil Code, Article 22 of the Decree of the President of the Italian Republic, September 29th, 1973, no. 600 and Article 2200 of the Italian Civil Code).
For the purposes stated in points 1), 2) and 3) the data will be processed for the period strictly necessary to ensure the correct delivery of the purchased products, except in the case where it is necessary to store the data for a longer period of time in compliance with applicable legislation, including accounting regulations, and, in any case, not for more than ten years from the end of the relationship.
For the purposes stated in point 4) the data will be processed until the moment the User unsubscribes from the mailing list using the specific link present in the footer of each newsletter.
For the purposes stated in point 5) the data will be processed for a period of time not exceeding 24 months from the registration, except in the case where it is transformed into anonymous form that will not allow, even indirectly or by connecting to other databases, to identify the data subjects (any intention to process data beyond these terms may be implemented only after evaluation by a guarantor following prior specific consultation pursuant to Article 17 of the Italian Civil Code).
5. DATA PROCESSING METHOD
The processing of data will be carried out using methods and procedures strictly necessary for the pursuit of the purposes for which it was collected, manually and/or with the help of electronic tools.
In order to avoid the risk of data loss, illicit use or incorrect use of said data, unauthorized access or alteration, appropriate technological and management security measures have been adopted. Personal data will be processed by the Data Controller or also by third parties appointed for the purposes referred to in this policy. At any time, the User can ask the Controller for the complete list of the appointed managers, by sending a request at the address firstname.lastname@example.org
6. DATA RETENTION
Data provided voluntarily by the User shall be kept for the time strictly necessary to meet the request.
Data acquired through the Client Area registration section
Data acquired through the “CONTACT US” section
Data acquired through the newsletter subscription section shall be kept until the User revokes consent.
Data acquired for profiling and Marketing purposes shall be kept until the User revokes consent.
The User shall be reminded that they can unsubscribe from the newsletter at any time, by clicking on the specific link, which is present at the end of every Company newsletter, or by writing an email to the address email@example.com
As expressly laid down in Article 5, Italian Code of Obligations 1, letter e) of the GDPR, Personal Data shall be kept only for the time necessary to carry out the processing of said data for the purposes for which it is being processed and then erased by safe means of destruction, for example shredder for data on paper and wiping for data collected through electronic means. If the data is being processed for more than one purpose, it shall be deleted automatically otherwise it will be saved in a format that does not allow to reach any direct conclusion in relation to the identity of the interested parties, as soon as the last specific purpose will be fulfilled.
7. SCOPE OF DATA COMMUNICATION
For the pursuit of the aforementioned purposes, the Company may communicate and process personal data of users, in Italy and abroad, to third parties with whom it has relations, where said third parties provide services at the Company’s request. In addition, personal data may be communicated to the competent public organizations to comply with legal obligations or for the assessment of responsibility in case of computer crimes against the Website as well as communicated to, or allocated by, third parties (as appointed managers or, in the case of providers of electronic communications services, as independent owners) that provide IT and data transmission services (for example hosting, management and development of websites) and of which the Company collaborates with for the performance of tasks and activities regarding the technical functioning of the Website. The subjects belonging to the categories above operate as separate Data Controllers or as Managers appointed for this purpose by the Company.
Personal data may also be disclosed to employees/consultants of the Company who are specially instructed and appointed as Authorized Data Processors.
The categories of recipients to whom the data may be communicated may be disclosed to anyone who contacts the Company at the addresses below.
8. TRANSFER OF DATA TO A THIRD COUNTRY
No transfer of data to a third country is envisaged.
9. RIGHTS OF DATA SUBJECTS
Users may exercise their rights which are recognized by law at any time, including that:
1. To access their personal data, obtaining evidence of the purposes pursued by the Controller, categories of data involved, recipients to whom said data may be disclosed to, applicable retention period, automated decision-making processes in place;
2. To obtain, without delay, rectification of their inaccurate personal data;
3. To obtain, in the cases foreseen, deletion of their personal data;
4. To obtain restriction of processing or to oppose processing, in the cases foreseen;
5. To request data portability of the personal data provided to the Company, namely to receive them in a structured format of common use and readable by automatic devices, also to transmit said data to another Data Controller, within the limitations and constraints provided for by Article 77 of the GDPR;