Privacy Policy
Who we are and who to contact
Why this policy and to whom it is addressed
Definitions
The GDPR provides that, before processing Personal Data – by which term is meant, according to the definition contained in Article 4, point 2) of the GDPR, “any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (“Processing“) it is necessary that the person to whom such Personal Data belongs is informed of the reasons and purposes for which such data is required and how it will be used.
Personal Data may be disclosed to specific persons who are considered recipients of such Personal Data. Article 4(9) of the GDPR defines a recipient of Personal Data as “a natural or legal person, public authority, agency or other body that receives communication of personal data, whether or not it is a third party” (hereinafter the “Recipient“).
Personal Data may also be disclosed to specific entities considered under Article 4 at point 10) of the GDPR, “persons authorised to process Personal Data under the direct authority of the Controller or the Processor” (hereinafter the “Authorised Persons“).
Among other things pursuant to Article 4 at point 9), of the GDPR, “public authorities that may receive communication of Personal Data in the context of a specific investigation in accordance with Union or Member State law are not considered as Recipients”.
Data Categories and Processing
A. Navigation Data
B. Data provided voluntarily by the User
This data will be used solely for the purpose of responding to the User’s request and may be communicated to third parties only if necessary for this purpose.
For the processing of data for such purposes, your consent is not required as the processing is necessary for the execution of pre-contractual measures taken at your request (Art. 6, paragraph 1, letter b) of the GDPR), as well as, where applicable, to fulfil a legal obligation (Art. 6, paragraph 1, letter a) of the GDPR).
C. Information on the processing of personal data through social media platforms
D. Data Processing
Processed Data, purposes of processing, legal bases and Data retention periods
A. User Navigation Data
B. Contact Data
Automated Decisions
Disclosure of Personal Data
- third parties who carry out part of the Processing activities and/or activities connected and instrumental to the same on behalf of the Data Controller, having their registered office in the countries of the European Union, who have been entrusted with the performance of services, assistance and/or consultancy activities also for the operation of this Site on behalf of the Data Controller. The third parties mentioned above are essentially included in the following categories: (a) subjects with whom the Data Controller has entered into collaboration agreements; (b) subjects operating in the Sector; (c) suppliers involved in the provision of services (d) Consultants and the employees / or collaborators of the Data Controller performing the functions involved in the activity of the Data Controller who have received, in this regard, adequate instructions on security and proper use of personal data,
- finally, public authorities or public bodies for the fulfilment of legal obligations to which the Data Controller is subject, and any other public body entitled to request the data, in the cases provided for by law. Where required by law or to prevent or repress the commission of a crime, Personal Data may be disclosed to public authorities or judicial authorities.
Among other things according to Article 4 at point 9), of the GDPR, “public authorities that may receive communication of Personal Data in the context of a specific investigation in accordance with Union or Member State law are not considered Recipients”.
It is understood that the data processed will only be those necessary to achieve the specific purpose, it follows that data managed through third parties will be limited to the specific purpose.
Personal Data will not be diffused.
International transfers of personal data
User Rights and Practise
In particular, the rights that the User may exercise, at any time, vis-à-vis the Data Controller are as follows.
- receive confirmation of the existence of your personal data and access to their content;
- update, modify and/or correct your personal data;
- request cancellation (oblivion), transformation into anonymous form, blocking of data processed in breach of the law or restriction of processing;
- object processing for legitimate reasons;
- receive a copy of the data you have provided and request that such data be passed on to another data controller;
- lodging a complaint with the competent Data Protection Authority.
These rights may be exercised by contacting the Data Controller.
Any claims under Article 15 of the GDPR should be addressed or by email as indicated in the contact section.
Moreover, at any time you may consult the “Privacy” section of the Website, where you will find all the information concerning the Policy on the processing of Personal Data applied by the Data Controller, the use and processing of Personal Data, updated information on the contacts and communication channels made available to the Data Subject by the Data Controller.
Contacts
Il Titolare del Trattamento
Flat Bag S.r.l.
Versione della policy aggiornata a dicembre 2021