Policy notice concerning the processing of personal data drafted and provided by Terrachevive by Marco Alessandro Punzi as Data Controller, in compliance with Articles 13 and 14 of the EU Regulation 2016/679 on the protection of personal data of natural persons (hereinafter also referred to as the “Regulation” or “GDPR”), to the Users consulting the website https://www.terrachevive.com (hereinafter also referred to as the ” Website”).
The following policy is valid for the website https://www.terrachevive.com and for those hosted on third-level domains *.terrachevive.com. It is not effective for other websites that may be consulted by the User via links. The Data Controller will collect and process the types of data listed below in compliance with the provisions of the Code and the Regulations.
I. Data controller and contact information.
Terrachevive by Marco Alessandro Punzi, with registered office in Taranto (TA) in via De Cesare 37, PEC: [email protected] and e-mail: [email protected], VAT no.: 03248470738.
II. Processing Methods
The Data Controller processes the personal data provided and/or collected by users by means of analogue, computerised and/or telematic tools, taking appropriate security measures to prevent unauthorised access to the systems and, therefore, their unauthorised disclosure, modification or destruction.
Personal data are also processed in aggregate form, with organisational methods and logics which are strictly necessary for the purposes indicated in this policy. On some occasions, the data may be viewed by categories of subjects authorised by the Data Controller, also called data processors, and involved in the organisation of the services connected to the website (such as, for example, administrative or sales staff, the marketing department, the legal department or system administrators) or even by external subjects (third party technical service providers, couriers, hosting providers) who will be appointed as Data Processors. The updated list of Data Processors and persons in charge can always be requested by the data subject and is available at the registered office of the Data Controller.
III. Types of Data Collected and Purposes
a) Personal and contact data
These data are requested to the User when filling in the registration or information request forms available on the Website and on the websites hosted by the sub-domains and include: name, surname, city of origin, e-mail address and telephone number.
This data will and may be processed by the Controller:
1. To fulfil the User’s specific requests (name, surname, fiscal code, city of origin, home address, e-mail address and mobile phone number) – Legal basis: GDPR; condition of lawfulness: contract or pre-contractual measures;
2. To process the experiences and the conclusion of the service contract with the User (name, surname, city of origin, e-mail address and telephone number); – Legal basis: GDPR; condition of lawfulness: contract or pre-contractual measures;
3. To issue invoices or accounting documents, as required by current legislation (name, surname, fiscal code, residential address, e-mail address) – Legal basis: Italian Tax Code (TUIR); lawfulness condition: legal obligation;
4. Subject to the user’s explicit consent, to send newsletters and commercial information by email (first name, last name, email address) – Legal basis: provision of the Italian Data Protection Authority of 4 July 2013 et seq.; Condition of lawfulness: consent.
b) Navigation Data
The computer systems and software procedures used to operate the Website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified persons, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained as a response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct operation, and are deleted immediately after processing. Data may be used to determine liability in case of hypothetical computer-based violations damaging the website: except for this case, data are held only for the time periods defined in point IV of this policy.
c) Provision of data
The provision of personal contact data, as per section III a) for the purpose referred to in sub-section 1) of this policy, is compulsory and failure to provide such data, even partially, will make it impossible for the Data Controller to communicate the requested information to the user. In this case, processing is lawful since it is based on an explicit request by the user (pre-contractual measures or execution of contract);
The provision of personal contact data, as per section III a) for the purpose referred to in sub-section 2) of this policy, is compulsory and failure to provide them, even partially, will make it impossible for the Controller to process the experiences and conclude the service contract with the User. In this case, processing is lawful since it is necessary for the performance of the contract (pre-contractual measures or performance of the contract);
The provision of personal contact data, as per section III a) for the purpose referred to in sub-section 3) of this policy, is mandatory and failure to provide such data, even partially, will make it impossible for the Controller to issue the invoice or other accounting documents. In this case, processing is lawful for the fulfilment of a legal obligation;
The provision of personal contact data, as per section III a) for the purpose referred to in sub-section 4) of this policy, is optional and failure to provide such data, even partially, will make it impossible for the Data Controller to send the newsletter to the user and to contact him/her with the other tools listed therein in order to communicate commercial information. In this case, processing is lawful because it is based on the consent of the data subject.
The User takes responsibility for the Personal Data of third parties communicated or shared through the website https://www.terrachevive.com and guarantees that he/she has the right to communicate or share them, thus exempting the Data Controllers from any liability towards third parties.
Terrachevive by Marco Alessandro Punzi shall not transfer the collected data to third parties.
IV. Place and duration of data processing
a) Place
The Data are processed at the operational offices of the Data Controller and the Data Processors, as well as at any other place where the parties involved in the processing are located.
If personal data are transferred to a third country or an international organisation, the data subject will be informed of the existence of adequate safeguards within the meaning of Article 46 of the ‘Regulation’ relating to the transfer. Further information can be obtained by contacting the Controller.
b) Duration of processing and storage
The Data are processed for the following periods of time:
a) For the purpose referred to in article III, letter a) sub-section 1), for as long as it is necessary to fulfil the specific requests;
b) For the purpose referred to in article III, letter a) sub-section 2), for as long as it is necessary for the performance of the contract;
c) For the purpose referred to in article III, letter A) sub-section 3), for as long as it is necessary to fulfil legal accounting, tax and fiscal obligations;
d) For the purpose referred to in article III, letter A) sub-section 4), for the twenty-four months following the collection of the user’s explicit consent or since their last renewal.
The Data Controller will store the user’s personal data for 10 years after the conclusion of the processing in order to be able to exercise the right of defence.
V. Modifications to this privacy policy
The Data Controller reserves the right to amend this extended privacy policy in any way by giving notice on this page.
The date of last modification will be posted at the bottom of this notice in order to keep track of the changes. A copy of each version of this notice is available to the Data Subject at the registered office of the Data Controller.
In the event that the user does not accept the changes made, he/she may ask the Data Controller to remove his/her personal data. Unless otherwise specified, the previous privacy and cookie policy will continue to be applied to personal data collected up to that point.
