PRIVACY POLICY - velati s.r.l.
PURSUANT TO ARTICLES 13 AND 14 OF THE GENERAL DATA PROTECTION REGULATION (EU) 2016/679 AND LEGISLATIVE DECREE 196/2003 AND SUBSEQUENT AMENDMENTS.
While browsing this website, it is possible that personal information and data may be collected, as indicated in this privacy notice. This notice refers exclusively to this website.
Data Controller
The Data Controller is VELATI S.r.l., headquartered at via Trento, 2 – 20067 Tribiano (MI), VAT number 11964710153, represented by the Legal Representative.
Types of Data Processed and Purposes of Processing
Browsing Data
The IT systems and software procedures that operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category includes IP addresses or domain names of the computers and terminals used by users, URI/URL addresses (Uniform Resource Identifier/Locator) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.), and other parameters related to the operating system and the user’s IT environment.
These data, necessary for the use of web services, are also processed for the purpose of:
Obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or day, geographic areas of origin, etc.);
Checking the correct functioning of the offered services.
Browsing data are not kept for more than seven days except for any needs for the ascertainment of crimes by the judicial authority.
Data Provided by the User
The optional, explicit, and voluntary sending of messages to the contact addresses of the Data Controller, private messages sent by users to profiles/pages on social media (where this possibility is provided), as well as the filling out and sending of forms on the Data Controller’s website, involves the acquisition of the sender’s contact data necessary to respond, as well as all personal data included in the communications.
The provision of some personal data by the data subject is mandatory for the use of the requested services, and failure to provide such data may hinder access to the service. Mandatory personal data are marked with an asterisk.
Where some data are indicated as not mandatory, the data subject is free to refrain from communicating such data without it affecting the availability or functionality of the service.
Users who have doubts about which data are mandatory are encouraged to contact the Data Controller.
Data may be collected through:
CONTACT PAGE
Users may communicate personal data to the Data Controller via the “CONTACT” page.
Users are advised not to provide irrelevant personal data; irrelevant data will be deleted or not considered.
Data submitted via forms are processed exclusively to respond to user requests based on the pre-contractual relationship between the parties.
NEWSLETTER SUBSCRIPTION
Personal data may be communicated through the newsletter subscription form.
Data submitted via the form are processed only to enable receipt of newsletters referring to services chosen by the data subject, based on their expressed consent.
[Cookies and other tracking systems]
For details, view the cookie notice presented on this website.
Legal Basis of Processing
The legal bases for processing are as follows:
Processing is necessary to fulfill a legal obligation to which the Controller is subject, pursuant to Article 6(1)(c) of Regulation (EU) 2016/679;
Processing is necessary for the legitimate interests pursued by the Controller or a third party, pursuant to Article 6(1)(f) of Regulation (EU) 2016/679;
Processing is necessary to execute the pre-contractual relationship via the contact form, pursuant to Article 6(1)(b) of Regulation (EU) 2016/679;
Processing is based on the data subject’s consent, pursuant to Article 6(1)(a) of Regulation (EU) 2016/679.
You may request the Controller to clarify the specific legal basis of each processing activity, particularly if based on law or a contractual/pre-contractual relation.
Processing Methods
Data are processed by authorized staff and are not communicated to unauthorized third parties.
Processing is conducted using IT and/or telematic tools, both automated and manual, in compliance with Article 32 of GDPR 2016/679 on security measures, by designated personnel and according to Article 29 of GDPR 2016/679.
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data.
In some cases, other parties involved in service provision and website organization (hosting providers, IT companies, storage, invoicing, printing, mailing services, communication agencies, postal couriers) may have access to data. If necessary, external parties may be appointed Data Processors by the Controller. An updated list of Data Processors may always be requested from the Data Controller.
Transfer of Personal Data
Data are processed at the Controller’s operational offices and any other locations where those involved in processing reside. For more information, contact the Controller.
Personal data of the data subject are not transferred outside the European Union.
Retention Period
In accordance with principles of lawfulness, purpose limitation, and data minimization under Article 5 of GDPR 2016/679, personal data will be kept only as long as necessary to fulfill the purposes for which they were collected or to defend or exercise a right.
If processing is based on consent, the Controller may retain personal data longer until the consent is revoked. The Controller may also be required to keep data for a longer period under a legal obligation or order of an authority.
At the end of the retention period, personal data will be deleted. After this, rights of access, deletion, rectification, and data portability can no longer be exercised.
Data Subject Rights
At any time, data subjects may exercise their rights under Articles 15 to 22 of EU Regulation 2016/679, including:
a) Request confirmation as to whether their personal data exist;
b) Obtain information on purposes of processing, categories of personal data, recipients or categories of recipients of the data, and retention periods;
c) Obtain rectification or deletion of data;
d) Obtain restriction of processing;
e) Obtain data portability, i.e., receive their data in a structured, common, and machine-readable format and transmit them to another controller without hindrance;
f) Object to processing at any time, including for direct marketing purposes, without providing reasons;
g) Request access to their data and rectification, deletion, or limitation of processing concerning them, or object to processing, in addition to data portability;
h) Revoke consent at any time without affecting the lawfulness of processing based on prior consent;
i) Lodge a complaint with a supervisory authority.
The supervisory authority for data protection is the Garante per la Protezione dei Dati Personali, located in Rome, via di Monte Citorio 121 (tel. +39 06696771), with procedures available on their website www.garanteprivacy.it
Contact Information of the Data Controller
You can contact the Data Controller at:
Email: info@velati.com
Phone: +39 02 9064717
Postal address: Via Trento, 2 – 20067 Tribiano (MI)
