In accordance with the provisions of EU Regulation no. 679/2016 (hereinafter the “Regulation”), article 13 - Information to be provided if personal data are collected from the data subject Garni Evelyn, having its registered office in Vidalong, 13, 39040 Kastelruth / Ueberwasser Bz (hereinafter the “Company”), provides the following information on the processing of personal data of its customers (hereinafter the “Data”) performed by Garni Evelyn, as Data Controller.
1. Identity of the Data Controller and contact details
In accordance with article 4 of the Regulation, the Company is the Data Controller of its customers and website visitors personal data.
For communications or requests, the Company can be reached by e-mail at the address: firstname.lastname@example.org
2. Categories and types of Data collected and processed
The Data processed by the Company may include personal data, not belonging to particular categories (Article 9 of the Regulation) collected for the purpose of the conclusion of the contract and in the context of its execution and/or stipulation.
Furthermore, it is possible to process personal data belonging to third parties communicated to the Company by customers, suppliers, employees and outside staff. With respect to this hypothesis, the Customer stands as an independent Data Controller and assumes the consequent legal obligations and responsibilities, relieving the Company from any objection, claim and/or request for compensation for the damage caused by treatment that should reach the Company from third parties concerned.
3. Purpose and legal basis of the processing and nature of the provision of Data
In compliance with current regulations regarding the protection of personal data and without the need for a specific consent by the data subject, the Data will be stored, collected and processed by the Company for the following purposes:
a) fulfilment of contractual obligations, execution and/or conclusion of the contract and/or management of any pre-contractual measures for purchasing a product from the online shop or completing an online booking;
b) compliance with legal requirements, with tax and fiscal provisions deriving from the performance of the business activity and from obligations related to the administrative and accounting activities;
c) sending, directly or through third-party providers of marketing and communication services, newsletters and communications for the purpose of direct marketing through email, sms, mms, push notifications, fax, paper mail, telephone with operator, in relation to the products supplied;
d) communication of Data to third-party companies for the sending of newsletters and communications for marketing purposes through e-mail, sms, mms, push notifications, fax, paper mail, telephone with operator.
The legal bases of processing for the purposes a) and b) above mentioned are the articles. 6.1.b) and 6.1.c) of the Regulation. The provision of Data for the aforementioned purposes is optional, but any failure in providing them and the refusal to supply them would make it impossible for the Company to execute and/or stipulate the contract and grant the services requested by the same.
The legal basis for processing personal data for purposes c) and d) is art. 6.1.a) of the Regulation, since the treatments are based on consent; it is specified that the Data Controller can collect a single consent for the marketing purposes described herein, in accordance with the General Measures issued by the Italian Data Protection Authority for the protection of personal data “Guidelines on promotional activities and the fight against spam” dated July 4th 2013. The provision of consent to use ones’ Data for marketing purposes is optional and if the Data subject wishes to object to the processing of his Data for marketing purposes performed with the means indicated herein, as well as revoke the consent given, he may at any time do so without any consequences (except for the fact that he will no longer receive marketing communications) by following the instructions in the “Data Subject’s Rights” section of this Notice.
4. Methods of data processing
In relation to the aforementioned purposes, the Data are processed using manual, information technology and telematic tools with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the Data, in addition to the compliance with the specific obligations established by the legislation. The Data will be processed in compliance with the principle of lawfulness, correctness, relevance and non-excess, in accordance with the provisions on the protection of personal data. The treatment will be carried out by staff who are formally appointed and adequately trained.
5. Transmission and diffusion of Data, recipients, Data transfer and Data Processors
For the aforesaid purposes, the Data may be disclosed to other Group companies and to third parties appointed as data processors in accordance with Article 28 of the Rules and in particular to banking institutions, insurance companies, to providers of services strictly necessary to the carrying out of the business activity, or to consultants of the company, where this proves to be necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations.
Furthermore, the other Group companies will be able to access the Data for administrative and / or accounting purposes, in accordance to recitals 47 and 48 and to Article 6 of the Regulation.
Finally, the Data may be shared with authorities, entities and / or subjects to whom the Data must be communicated pursuant to legal provisions or orders of authority. These authorities, bodies and / or subjects will act as independent data controllers.
Data will not be disclosed.
A periodically updated and complete list of data processors appointed for data processing may be requested by sending an e-mail to the Data Controller at the addresses indicated above.
6. Transfer of Data to international organizations and / or countries outside the EEA (European Economic Area):
Any transfer of Data to international organizations and / or non-EEA countries will take place according to one of the methods permitted by current legislation, such as the consent of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data (i.e. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
On request, it is possible to have more information from the Company to the above-mentioned contacts.
7. Google AdWords Tracking, Remarketing and Facebook Pixels
Our website uses the functions of Google Analytics Remarketing in connection with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This function enables the target groups created with Google Analytics Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising messages that were adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).
You can permanently object to cross-device remarketing/targeting by disabling personalized advertising in your Google Account by following this link: www.google.com/settings/ads/onweb/.
In the context of Google AdWords and Facebook Advertising we use the so-called conversion tracking. When you click on an ad placed by Google or Facebook, a cookie is set for conversion tracking. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we can see that the user has clicked on the ad and has been redirected to this page.
8. Data Retention
The Data will be stored on paper and / or computer only for the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and minimization according to Article 5, paragraph 1, letters c) and e) of the Regulation.
The Data will be kept to comply with the Regulation and to pursue the above-mentioned purposes, in compliance with the principles of indispensability, non-excess and relevance.
The Company may retain the Data after the end of the contractual relationship to fulfil regulatory and / or post-contractual obligations; subsequently, when the aforementioned reasons for the processing no longer exist, the Data will be deleted, destroyed or simply stored anonymously.
On request, it is possible to have more information from the Company to the above-mentioned contacts.
9. Data subject’s rights
In relation to the aforementioned processing, each data subject can exercise the rights referred to in articles 15 to 22 of the Regulation.
In particular, the data subject has the right to ask the Company for access to its Data, correction or cancellation of the same, he has the right to oppose the processing or to require the limitation of processing in the cases contemplated by Article 18 of the Regulation and to obtain, in a structured format, in common use and readable by an automatic device, its own Data, in the cases contemplated by Article 20 of the Regulation.
The data subject may also revoke at any time the consent granted in accordance to Article 7 of the Regulation, as well as propose a claim by the Privacy Authority for the protection of personal data according to Article 77 of the Regulation, in case he considers the processing of his own Data to be contrary to the current regulation.
In case of opposition to the processing of Data according to Article 21 of the Regulation, the Company reserves the right to assess the request, which will not be accepted if there are legitimate reasons to proceed to the processing that prevail over the interests, rights and freedom of the Data Subject. Requests should be sent in writing to the Company at the above addresses.