NOTICE TO NATURAL PERSONS PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 (HEREINAFTER THE “NOTICE”)
1. DATA CONTROLLER
The Data Controller is LaGemma Venture S.r.l. with sole shareholder, with registered office in CUNEO (12100) (CN), Via Roma n.17, VAT number, tax code and registration number with the Register of Companies of the CCIAA of Cuneo 04106920046, share capital €.100.000,00, whose details can also be found on the website on the Home Page and/or other web pages.
The Data Protection Officer (DPO) is Luisa Di Giacomo, lawyer, who can be contacted at the e-mail address digiacomo@luisadigiacomo.it, with offices in Turin, Corso Vittorio Emanuele II no. 76.
2. PERSONAL DATA SUBJECT TO PROCESSING
The Personal Data collected by the Site are as follows:
a. Navigation Data
The Site’s computer systems collect certain Personal Data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with you, but by its very nature could, through processing and association with data held by third parties, allow you to be identified. Among these are the IP addresses or domain names of the devices used to connect you to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to your operating system and computer environment.
This data is used for the purpose of obtaining anonymous statistical information on the use of the Site and to check its correct operation; to allow – given the architecture of the systems used – the correct provision of the various functions requested by you, for security reasons and to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site or third parties, and is deleted after 7 days; in any case, this data is kept by the Site Owner for the period strictly necessary and in any case in accordance with the relevant regulations in force.
b. Data provided voluntarily
Through the Site you have the opportunity to voluntarily provide Personal Data, such as your first and last name, tax code, and e-mail address to participate in competitions and/or to subscribe to the newsletter service or to contact the Owner through the “Contact Us” form or similar. You are free to provide your Personal Data or not, but failure to provide them may in specific cases make it impossible to obtain the requested service.
c. Cookies and related technologies
The Controller collects Personal Data through cookies. More information on the use of cookies and related technologies can be found here.
3. PURPOSE, LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF THE PROCESSING
The Personal Data you provide through the Site will be processed by the Controller for the following purposes:
a) response to a request from the data subject, purposes relating to the performance of a contract to which you are party or the performance of pre-contractual measures taken at your request (e.g: request for contact by means of the contact form or e-mail, registration for the newsletter service, entry of your and your company’s data for participation in calls and competitions); in this case, the provision of such data is optional, but if it is not provided, it will not be possible to answer your question or provide you with the requested service; please note that the data relating to your company are not considered Personal Data under current legislation and therefore do not fall within the scope of this policy.
b) purposes of statistical research/analysis on aggregate or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the functioning of the Site, measuring traffic and assessing usability and interest;
c) purposes related to the fulfilment of a legal obligation to which the Data Controller is subject;
d) purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions;
e) subject to your specific and separate consent, to be expressed by ticking the appropriate box where requested on the site, your data may be processed to send you newsletters. Consent may be revoked at any time by sending an e-mail to privacy@lagemmaventure.it specifying in the subject CANCELL ME and indicating the e-mail address whose cancellation is requested. The provision of data for this purpose is optional and failure to provide consent only results in the non-receipt of newsletters and does not preclude the possibility of using the site to participate in calls.
The legal basis for the processing of Personal Data for the purposes set out in point a) is the provision of a service or response to a request from the data subject, and therefore consent is not required under Applicable Law.
The purpose referred to in point b) does not involve the processing of Personal Data, whereas the purposes referred to in points c) and d) are a lawful processing of Personal Data within the meaning of Applicable law because, once Personal Data has been provided, the processing is necessary to fulfil a legal obligation to which the Controller is subject.
The legal basis for the processing of Personal Data for the purposes referred to in point e) is your consent, to be given by ticking the appropriate flag in the boxes where required. Consent is revocable at any time, and from the moment of revocation the relevant processing will cease. Revocation of consent does not render unlawful the processing previously carried out on the basis of consent validly given. The revocation of consent may be exercised by writing an e-mail to privacy@lagemmaventure.it simply requesting the deletion of one’s data and indicating the revocation of the consent given, or by clicking on the appropriate link in the newsletter.
4. METHODS OF PROCESSING
In relation to the aforementioned purposes, the processing is carried out using manual, computerised and telematic instruments with logics strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data itself and with the commitment on your part to promptly notify us of any corrections, changes and updates. Said processing may be carried out on behalf of the Data Controller for the purposes and in the manner described above and in compliance with appropriate criteria to guarantee security and confidentiality, by companies, studies, entities and external collaborators appointed as Data Processors and only with regard to the processing carried out by them.
None of your personal data at the Data Controller falls under the definition of “Special Categories of Data” of Article 9 of EU Regulation 2016/679. Should any such data be transmitted to us, in the absence of your express written consent we will delete it immediately.
5. RECIPIENTS TO WHOM YOUR DATA MAY BE DISCLOSED
- Your Personal Data may be shared, for the purposes specified in point 3, with:
- a. persons necessary for the provision of the services offered by the Site, including by way of example the webmaster agency, the system for sending e-mails and analysing the operation of the Site, or the newsletter management system, who typically act as external data processors appointed by the Controller;
- b. persons authorised by the Data Controller to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality; (e.g. employees and contractors of the Data Controller); (a. and b. are collectively “Recipients”); judicial authorities in the exercise of their functions when required by Applicable law.
6. DATA TRANSFERS ABROAD
None of your personal data is transferred outside the European Union. The server on which this site is hosted is located within the European Union. The site communicates using secure protocol (https), so the data you enter is protected.
The Data Controller ensures that the electronic processing of your Personal Data by the Recipients takes place in compliance with Applicable Law.
Should transfers outside the European Economic Area occur, such transfers will be based either on an adequacy decision or on Standard Model Clauses approved by the European Commission.
7. DATA RETENTION
As a general rule, your Personal Data will be retained for as long as you request the services provided by you and, after that, for ten years. With regard to the purposes for which consent is required, the data will be processed until such consent is withdrawn; if consent is withdrawn, the relevant processing will cease, but the retention of the data, if processed for other purposes and with an adequate legal basis, may continue for a period not exceeding ten years. Personal Data may also be processed for a longer period if an act interrupting and/or suspending the statute of limitations justifies the extension of data retention.
8. YOUR RIGHTS
1. Right of access
You have the right to obtain confirmation from the Controller as to whether or not your Personal Data is being processed and, if so, to obtain access to your Personal Data and to the information referred to in Article 15 of the Regulation, including but not limited to the purposes of the processing and the categories of Personal Data processed.
Where Personal Data is transferred to a third country or international organisation, you have the right to be informed of the existence of adequate safeguards relating to the transfer.
If requested, the Controller may provide you with a copy of the Personal Data being processed. For any additional copies, the Controller may charge you a reasonable fee based on administrative costs. If the request in question is made by electronic means, and unless otherwise stated, the information will be provided to you by the Controller in a commonly used electronic format.
2. Right of rectification
You may obtain from the Controller the rectification of your Personal Data that are inaccurate as well as, taking into account the purposes of the processing, the integration of the same, if they are incomplete, by providing a supplementary declaration.
3. Right to erasure
You may obtain from the Controller the deletion of your Personal Data, if one of the reasons set forth in Article 17 of the Regulation applies, including, without limitation, if the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been withdrawn and there is no other legal basis for the processing.
Please note that the Controller may not erase your Personal Data if the processing of your Personal Data is necessary, for example, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing
You may obtain the restriction of the processing of your Personal Data in the event of one of the cases provided for in Article 18 of the Regulation, including, for example, if you object to the accuracy of your Personal Data being processed or if your Personal Data is necessary for the establishment, exercise or defence of legal claims, even though the Controller no longer needs it for processing purposes.
5. Right to data portability
Where the processing of your Personal Data is based on consent or is necessary for the performance of a contract or of pre-contractual measures and the processing is carried out by automated means, you may:
– request to receive your Personal Data in a structured, commonly used and machine-readable format (e.g. computer and/or tablet);
– transmit your Personal Data received to another Data Controller without hindrance from the Data Controller.
You may also request that your Personal Data be transmitted by the Controller directly to another data controller indicated by you, if this is technically feasible for the Controller. In this case, it will be your responsibility to provide us with the exact details of the new data controller to which you intend to transfer your Personal Data, and to provide us with written authorisation to do so.
6. Right to object
You may object at any time to the processing of your Personal Data if the processing is carried out for the performance of an activity in the public interest or in pursuit of a legitimate interest of the Controller (including profiling activity).
If you decide to exercise your right to object as described herein, the Controller will refrain from further processing your Personal Data, unless there are legitimate grounds for processing (grounds overriding the interests, rights and freedoms of the data subject), or the processing is necessary for the establishment, exercise or defence of legal claims.
7. Right to lodge a complaint with the Data Protection Authority
Without prejudice to your right of recourse in any other administrative or jurisdictional forum, if you consider that the processing of your Personal Data by the Controller is in breach of the Regulation and/or the applicable legislation, you may lodge a complaint with the competent Data Protection Authority (www.garanteprivacy.it).
9. CHANGES
This Privacy Policy is effective as of June 2024. The Owner reserves the right to modify or simply update its content, in part or completely, also due to changes in Applicable Legislation. The Owner will inform you of such changes as soon as they are introduced and will be binding as soon as they are published on the Site. The Data Controller therefore invites you to regularly visit this section to become aware of the most recent and updated version of the Privacy Policy so that you are always up to date on the data collected and the use made of it by the Data Controller.
