T’a Milano S.r.l., with registered office in Milan, Via Tortona n.37, Tax code / VAT number 05696960961 (hereinafter the “Controller”), in the capacity as the controller of the processing, informs you pursuant to Art. 13 of Regulation EU No. 2016/679 (hereinafter the “GDPR”) that your data, in relation to your navigation on our website, will be processed with the following methods and purposes:
B) DATA PROCESSING
1) Subject of the processing
The Controller processes the non-sensitive personal identification data (including, but not limited to, first name, last name and e-mail – hereinafter the “personal data” or the “data”) communicated by you at the time of the online request for clarification or support requests.
2) Purpose of the processing
Your personal data is processed:
Without your express consent (Art. 24, letters a), b) and c) of the Privacy Code and Art. 6, letters b) and e) of the GDPR), for the following Service Purposes:
• to allow you to make use of the Services you may request;
• to process a contact request;
• to fulfil the obligations set out by law, a regulation, European legislation or in an order from the Authority;
• to prevent or discover fraudulent activity or abuse harmful for the Site;
• to exercise the Controller’s rights, for example the right to exercise a right in legal proceedings.
In the cases indicated above, the legal basis of the processing of your personal data consists of executing a contract with you or supplying the service that you have specifically requested, or in performing a legal obligation or protecting a legitimate interest of ours.
3) Method of processing
The processing of your personal data takes place by way of the operations indicated in Art. 4 of the Privacy Code and Art. 4, No. 2) of the GDPR, and specifically: the collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, utilisation, interconnection, blockage, communication, deletion and destruction of the data. Your personal data is processed in both paper and electronic or automated form.
4) Time of storage of the processed data
The Controller will process the personal data for the time necessary to fulfil the purposes indicated above.
5) Processing of navigation data
During the course of their normal exercise, the computer systems and software procedures governing the functioning of this website acquire certain personal data whose transmission is implicit in the use of the Internet communication protocols.
This is information that is not collected to be associated with identified data subjects, but that by its very nature could allow for identifying the users, through processing and associations with data held by third parties.
This category of data includes the IP addresses or the domain names of the computers used by the users who connect to the site, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the dimensions of the file obtained in response, the numerical code indicating the state of the response given by the server (success, error, etc.) and other parameters relating to the user’s operating system and computer environment.
This data is used only in order to obtain anonymous statistical information on the use of the site and to verify proper functioning. The data could also be used to determine liability in the event of hypothetical computer crimes that are harmful to the site.
6) Security measures
The Controller has adopted a wide variety of security measures to protect your data against the risk of loss, abuse or alteration.
7) Access to data
Your data may be made accessible for the purposes indicated in Art. 2:
• to the Controller’s employees and associates, in their capacity as internal persons in charge of the processing;
• to independent companies or other entities that perform outsourced activities for the Controller, in their capacity as data processers.
8) Communication of data
Without your express consent (pursuant to Art. 24, letters a), b) and d) of the Privacy Code and Art. 6, letters b) and c) of the GDPR), the Controller may communicate your data to oversight bodies, judicial authorities and all other entities to which communication is mandatory under law for the completion of the cited purposes. Your data will not otherwise be circulated.
9) Transfer of data
The management and storage of the personal data will be carried out in Europe, on servers located in Italy belonging to the Controller and/or independent companies hired and duly appointed as Data Processors.
10) Nature of provision of the data and consequences of refusal to respond
The provision of the data for the purposes in Art. 2 is mandatory. If not provided, we will not be able to guarantee you the services in Art. 2.
11) Data subject’s rights
In accordance with what is established in Part III, Section I of the GDPR, you may exercise the rights indicated therein, and in particular:
Right of access – to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to receive information relating to the same, and in particular: the purposes of the processing, the categories of personal data concerned, and the recipients to whom the data can be disclosed (Article 15, GDPR);
Right to rectification – to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed (Article 16, GDPR);
Right to erasure – to obtain the erasure of personal data concerning you without undue delay, in the cases provided for by the GDPR (Article 17, GDPR);
Right to restriction – to obtain from the controller restriction of processing, in the cases indicated by the GDPR (Article 18, GDPR);
Right to data portability – to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance, in the cases provided for by the GDPR (Article 20, GDPR);
Right to object – to object to the processing of personal data concerning you, in the absence of legitimate grounds for the Co-controllers to continue the processing (Article 21, GDPR);
Right to file complaints with the oversight authority – to file complaints with the Personal Data Protection Authority for the protection of personal data: Piazza di Montecitorio n. 121, 00186, Rome (RM).
12) Procedure for exercising rights
you may exercise your rights at any time by sending:
– a registered letter with return receipt to T’a Milano S.r.l., with registered office in Milan, Via Tortona, No. 37.
– an e-mail to the address: firstname.lastname@example.org
13) Amendments to this policy statement
Last update: 25 October 2018.