1- Object of processing
The Data Controller processes personal, identifying and non-sensitive data (by way of example but not limited to, name, surname, address, telephone, e-mail, etc. - hereinafter, "personal data" or even "data" ) communicated by you when registering on the website www.lesaminternational.it/ (hereinafter referred to as the "Site") or the request form for the Controller's newsletter, ordering and / or purchasing products online through the Site, of the compilation and sending of a contact form to the Data Controller or, in any case, of all your requests to the Data Controller.
2- Purpose and legal basis of the processing
Your Data are processed, without your prior consent, for the following:
a) the execution of the contract or the fulfillment of pre-contractual commitments:
· fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in be
· allow you to register on the Site · process and manage orders received and / or purchases made online
· process a contact request
· allow you to apply online and process it
· manage and maintain the Site
· fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority
· prevent or discover fraudulent activities or abuses harmful to the Site
· exercise the rights of the Owner, for example the right to defense in court; prevent or discover fraudulent activities or abuses harmful to the Site.
b) the pursuit of a legitimate interest of the Data Controller,
Fulfill the obligations established by law, regulation, community legislation or an order of the Authority;
exercise the rights of the Data Controller, for example the right to defense in court; send you commercial communications relating to similar services and products of the Data Controller to those you have already used, if you are already our customers.
You can object at any time.
Only with your consent, for Marketing Purposes:
Send you newsletters, commercial communications and / or advertising material on the Controller's products or services via e-mail.
3- Methods of processing
The processing of your data is carried out - with paper (archives) and electronic (website and management, office 365) methods - by means of collection, registration, updating, organization, storage, consultation, processing, modification, selection, extraction , comparison, use, interconnection, blocking, cancellation and destruction of Data.
4- Data retention
The Data Controller processes the Data for the time necessary to respond to your request and fulfill the aforementioned purposes.The data are kept for a period not exceeding 5 years from collection or last verification, for contract data, and for not over 12 months from collection for navigation data. Data for Marketing purposes will be processed for no more than 2 years from their collection; The data processed for the Newsletter service are kept until the user unsubscribes, which is possible through link present in each email sent; in any case, they will not be kept for a period exceeding 6 months from the last sending.
5- Access to data
Your Data may be accessed for the above purposes: employees and / or collaborators of the Data Controller, in their capacity as persons in charge of the processing and / or internal data processors and / or system administrators; third-party companies or other subjects (for example, website provider, e-payment service provider, suppliers, hardware and software assistance technicians, credit institutions, professional firms, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors, and as such, operate the processing of data limited to the purposes established by the owner and expressly accepted by the interested party.
6- Data communication
Your data may be communicated, even without your consent, within the limits of the aforementioned purposes to supervisory bodies, law enforcement agencies or the judiciary who will process them, upon their express request, as independent data controllers for institutional and / or by law in the course of investigations and checks. Your data may also be disclosed to third parties (for example, partners, freelancers, agents, etc.), as independent data controllers, for the performance of activities instrumental to the aforementioned purposes; Your data will not be communicated for purposes other than those expressly mentioned in the individual information.
7- Transfer of data
Data are not disclosed nor will they be transferred to non-EU countries. The management and storage of personal data will take place on servers located within the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers to Italy and / or the European Union and / or non-EU countries. In this case, to ensure an adequate level of protection of Personal Data, the transfer of data to non-EU countries will take place by virtue of the adequacy decisions approved by the European Commission or the adoption, by the Owner, of the Standard Contractual Clauses prepared. by the European Commission.
8- Provision of Data
The provision of Data is mandatory for the Service Purposes. If you decide not to provide the data, we will not be able to process your request, but the provision of data for marketing purposes is optional. You can therefore decide not to provide the Data or to subsequently deny the possibility of processing Data already provided: in this case, you will not be able to receive personalized commercial communications on the Controller's products, but you will continue to have the right to use the services of the Site.
9- Rights of the interested party
In your capacity as interested parties, the Data Controller informs you that you have the right to: obtain confirmation of the existence or not of your Personal Data, even if not yet registered, and that such Data be made available to you in intelligible form; obtain indication and, if necessary, copy: · the origin and category of the Personal Data; · The logic applied in case of processing carried out with the aid of electronic tools; The purposes and methods of the processing; Of the identification details of the Data Controller and of the managers; of the subjects or categories of subjects to whom the Personal Data may be communicated or who can learn about them, in particular if recipients of third countries or international organizations; When possible, the retention period of the Data or the criteria used to determine this period; · The existence of an automated decision-making process and in this case the logic used, the importance and consequences envisaged for the person concerned; The existence of adequate guarantees in case of transfer of data to a non-EU country or to an international organization to obtain, without undue delay, the updating and correction of inaccurate data or, when interested, integration of data incomplete;
Obtain the cancellation, transformation into anonymous form or blocking of Data: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of withdrawal of the consent on which the treatment is based and in case there is no other legal basis, d) if you have opposed the treatment and there is no legitimate overriding reason to continue the treatment; e) in case of fulfillment of a legal obligation; f) in the case of data referring to minors.
The Data Controller may refuse cancellation only in the case of: · exercise of the right to freedom of expression and information; Fulfillment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; · Reasons of public health interest; Archiving in the public interest, scientific or historical research or for statistical purposes; Exercise of a right in court;
Obtain the limitation of processing in the case of: · dispute of the accuracy of personal data; Unlawful processing by the Data Controller to prevent its cancellation; Exercise of your right in court; Verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party; to receive, if the processing is carried out by automatic means, without impediments and in a structured format, in common and legible use, the Personal Data concerning you to transmit to another owner or - if technically feasible - to obtain direct transmission from the owner to another owner; oppose, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of Personal Data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail; to lodge a complaint with the Guarantor Authority for the Protection of Personal Data.
In the cases mentioned above, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of rights by you, with the exception of specific cases (eg when this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right).
10- How to exercise rights
You can exercise your rights at any time: · by sending a registered letter with return receipt. to the address of the Data Controller; · by sending an email to email@example.com
11- Owner and manager of the treatment:
- The owner of the treatment is: Lesam International Group srl with registered office in Viale Charles Lenormant, 220 - 00119 Rome RM; - the internal manager for all data processing for which it is not disposed specific information, is Ms Maria Stella Sampieri - The updated list of internal and external data processors is kept at the headquarters of the Data Controller and can be consulted at the request of the interested party with reference to the relative treatment. data controller (hereinafter "Owner"), informs you, pursuant to EU Regulation 679/2016 ("GDPR") and the legislation, including national, on the protection of personal data for applicable time ("Privacy Law"), that your data will be processed in the manner and for the following purposes: