Personal data processing policy
Dear Visitor, following the consultation of this website data relevant to identified or identifiable natural persons can be processed.
With reference to this processing, and also pursuant to articles 13 and 14 of the European General Data Protection Regulation (Regulation EU 2016/679 – GDPR), to Legislative Decree no. 193/2003 and to Legislative Decree no. 101/2018, the following information are expressed, whose validity is not extended to possible other external websites consulted by the user through links present on this website.
By continuing to browse, and by adhering to the service features contained in the various sections of the website (subscription to our newsletter, filling out the shop registration form, filling out of the checkout form at the moment of purchase, filling out of the form to request information), it is accepted that these general information on processing are known, as well as potential specific information on processing with different and specific purposes, and the user expresses their own approval for the processing.
Please note that the consent is only valid if it origintes from an adult or a minor older than 14 years old (art. 8, clauses 1 and 2 of GDPR, and Legislative Decree no. 101/2018).Â
Data controller
The Data Controller is Cooperativa Sociale QUID (hereinafter QUID), based in Via della Consortia, 10/D – 37127 Verona represented by the Legal Representative, mail segreteria@progettoquid.it tel +39 045 83416860, fax +39 045 8532196, VAT number 04179470234.
Types of processed data
Pursuant to the purposes shown below, the following categories of data will be subject to processing:
Data provided through shop and purchase check out registration forms
Identification data: name, surname, address, gender and date of birth;
Contact data: telephone number, e-mail address;
Data concerning to the interest for a product or servide offered by QUID.
Browsing Data
IT systems and software procedures in charge of the functioning of this website obtain, during their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information that are not collected to be associated to identified interested users, but by their own nature may be, through elaborations and associations with data owned by third parties, allow the identification of users. This type of data includes, for example, IP addresses or domain names of computers or other devices used by users while connecting to the website, addresses in URI (Uniform Resource Identifier) marking of requested resources, the time of the request, the used method to submit the request to the server, the size of the obtained file, the numerical code showing the status of the server reply (successful, error, etc.) and other parameters concerning the operative system and the IT environment of the user.
CookiesÂ
Please see the relative informative section at the following link: INSERIRE LINK
Data directly provided by the user
The optional, explicit and voluntary act of sending an e-mail message to the e-mail addressed shown on this website implies the subsequent acquisition of the sender’s address, necessary to answer to their requests, as well as other possible personal data present in the mail. Specific summary reports are also contained or displayed in the website sections designated for particular services by demand and, if needed, can undergo the consent of the interested user (for example, for the newsletter subscription).
Processing purposes and facultative bestowing of data
Apart from what has been specified regarding browsing data and technical cookies, users are free to bestow their personal data through the use of specific forms or questionnaires present on the website to subscibe to the newsletter, to the shop and to checkout at the moment of purchase, to request informative material or other communications and, in general, for the purposes reported in the relative and specific reports.
The lack of bestowal can entail the impossibility to obtain what was requested.
The company is committed to treat data complying with the principle of “minimization”, that is obtaining and processing data limited to what is necessary for the following purposes
The bestowal of these data is optional and does not preclude in any way the possibility to purchase our products and the browsing inside the website;
The bestowal of these data is optional and does not preclude in any way the possibility to purchase our products and the browsing inside the website;
Please also note that:
relating to the purposes referred to in point a), the processing may be carried out even without your consent because it is necessary to execute the contractual measures you requested (art. 6.1 lett. b) of the Regulation);Â
relating to the purposes referred to in points b), c), d), e), f), and g), the processing will be carried out subject to the acquisition of your consent (art. 6.1 lett. a) of the Regulation).Â
The bestowing of data for the purposes referred to in point a) is optional but necessary.
The potential lack of bestowal in relation to this purpose can entail the impossibility to supply what was requested.
The bestowal and the consent to the processing for the purposes referred to in points b), c), d), e), f), e g) is optional and the potential refusal does not entail any negative consequence regarding purposes referred to in point a)
Data Management
Our Company, as data controller, and each one of the potential external Managers appointed in accordance with art. 28 of the Regulation, will manage and archive with automatized and/or hardcopy tools the personal data collected though the use of the website and of its various features activated by demand, for the time strictly necessary to obtain the purposes they were collected for or voluntarily bestowed by the user.
Specific safety measures, as provided for by art. 32 of the Regulation (EU) 2016/679, are observed in order to prevent data loss, illecit or incorrect uses and unauthorized accesses.
Data are managed only by personnel authorized by the data controller; if necessary, personal data connected to newsletter services can be managed by the personnel of the society/consultant that handle the technical maintenance of the website, MailChimp appointed as the external data processor in accordance with art. 28 of Regulation 679.
Hosting and data archiving is carried out on platforms located inside the European Union.
In no case whatsoever data will be subjected to diffusion.
Personal data transfer
Your data will not be transferred to third Countries outside the European Union.
Subject categories
Your personal data may be communicated, strictly connected with the aforementioned purposes, to the following subjects or subject categories:
Please note that subjects referred to in point a) will manage your data as Data Controllers. Relating to the subject categories referred to in points b), c), d), e), f), and g), on the other hand, the Data Controller commits to rely exclusively on subjects giving adequate guarantees regarding data protection and will provide for their designation as Data Processors ex art. 28 of the Regulation.
The list of Data Processor is available at the company’s hedquarters and can be examined upon prior request to the Data Controller. Moreover, your data will be processed, exclusively for the aforementioned purposes, by the employed personnel and/or collaborators of the company, specifically authorized and instructed by the Data Controller in accordance with art. 29 of the Regulation.
Your personal data will not be subjected to diffusion, save in case of a request due to a legal rule or legislation or EU regulation.
Time of conservation
Category: Identification data – Contact data – Data concerning purchase contract/services
Conservation: 10 years starting from the moment of data acquisition.
Regulation: art. 5.1 lett. e) Reg. EU 2016/679 – art. 2946 civil code on ordinary limitation – art. 43 of Italian Presidential Decree 600/73.
User rights
At any given moment, in accordance with articles from 15 to 22 of the GDPR you will be able to exercise your right to:
you can also object the processing of processed data for a legitimate interest of the owner ex art. 21 of the GDPR.
Exercise of rights
At any given moment you can exercise your rights by means of a written request sent to the e-mail address privacy@progettoquid.it or by accessing the form that can be found at the address www.progettoquid.it / (LINK CORRETTO?) or by writing to the ordinary post address of QUID based in Via della Consortia, 10/D – 37127 Verona; our privacy office will examine your complaint and will work together with you to solve the problem.
Should you think your personal data have not been managed in an appropriate way according to the law, you can contact the Italian Data Protection Authority following the instructions that can be found on the website www.garanteprivacy.it.