No products in the cart.
PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA
Pursuant to Art. 13 of Regulation (EU) 2016/679 (GDPR)
L’Archetipo di Carlo Nazareno Dibenedetto, with registered office in Altamura (BA), Via San Donato, 7, post code 70022, VAT No. 07093950728 (hereinafter the “Company” or the “Data Controller”), as the controller of personal data, hereby provides this privacy information notice pursuant to Art. 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”) to the data subjects (hereinafter the “Data Subjects”).
The Company, as the Data Controller, is committed to protecting the privacy and rights of the Data Subject. According to the principles dictated by the aforementioned regulations, the processing of the data provided will be based on principles of correctness, lawfulness, and transparency.
PURPOSES OF PROCESSING
Personal data of Data Subjects will be processed by the Company for the following purposes:
a) Administrative and Legal Compliance: To carry out all administrative, accounting, and tax activities related to the management of relationships and communications with customers and those who contact us for information, as well as to comply with national and foreign laws, regulations, or orders from judicial or other authorities to which the Data Controller is subject.
b) Legal Defense: To exercise the rights of the Data Controller, particularly regarding legal defense. Personal data necessary for the pursuit of the purposes described in letters a) and b) are indicated with an asterisk (*) within the registration form.
c) Marketing: To carry out various marketing activities, including the promotion of products and services, distribution of information, advertising and promotional materials, events, and the sending of newsletters and publications.
d) Profiling: To carry out analysis—through an automated process—aimed at determining the profile of the Data Subject to tailor marketing activities to their specific needs.
e) Market Research: To conduct market research and analysis, including assessing the level of satisfaction of the Data Subject.
Legal Basis and Provision of Data:
The provision of data for purposes a) and b) is necessary. Failure to provide data or an express refusal to process it will make it impossible for the Data Controller to allow the Data Subject access to special benefits and initiatives reserved for members. Processing is lawful as it is carried out for the fulfillment of pre-contractual and contractual obligations, compliance with legal provisions, and the exercise of the Data Controller’s rights.
The provision of data for purposes c), d), and e) is optional. Refusal to provide such data will result in the impossibility for the Data Controller to carry out the activities indicated therein. The Data Subject may revoke their consent at any time, as easily as it was granted.
PROCESSING METHODS
Data processing is carried out electronically and/or on paper through the recording, processing, storage, and transmission of data, including with the aid of IT tools. The tools and supports used are suitable for ensuring the security and confidentiality of the data. In carrying out processing activities, the Company undertakes to:
Ensure the accuracy and updating of processed data, promptly incorporating any corrections or additions requested by the Data Subject.
Adopt security measures suitable to guarantee adequate data protection, considering the potential impacts of processing on the fundamental rights and freedoms of the Data Subject.
Notify the Data Subject of any personal data breaches within the timeframes and cases provided for by mandatory legislation.
Guarantee the compliance of processing operations with applicable legal provisions.
COMMUNICATION AND DISCLOSURE OF DATA
Without prejudice to communications carried out in fulfillment of legal obligations, the personal data of the Data Subject may be known by:
Employees and collaborators of the Data Controller as authorized data processors (“Persons in Charge”).
National and foreign companies belonging to the same group as the Data Controller.
Commercial partners of the Data Controller in charge of managing points of sale.
Providers of data entry and digital archiving services.
Marketing companies.
Administrative/accounting consultants.
Authorities, administrations, public entities, and bodies, both national and foreign, exclusively for the purposes listed above and in accordance with any consent provided by the Data Subject.
Personal data is not subject to public dissemination.
DATA TRANSFERS ABROAD
Personal data will be stored and processed within the European Union. Any processing of personal data outside the European Union will only take place after the adoption of adequate safeguards, as required by mandatory legislation.
DATA RETENTION POLICY
The Company keeps personal information in its systems in a form that allows the identification of data subjects according to the following criteria:
For a period of time not exceeding the achievement of the purposes for which they are processed, unless otherwise required by regulatory or contractual obligations.
To comply with specific regulatory or contractual obligations.
Where applicable and legitimate, until a request for deletion by the data subject.
RIGHTS OF THE DATA SUBJECT
The Data Subject may assert their rights as recognized by mandatory legislation, in particular Articles 15 to 22 of the GDPR:
Right of Access: To obtain confirmation of whether or not personal data is being processed and access to that data and information regarding its origin, purpose, and recipients.
Right to Rectification: To obtain the correction of inaccurate data or the integration of incomplete data.
Right to Erasure (“Right to be Forgotten”): To obtain the deletion of data if it is no longer necessary, if consent is withdrawn, or if the data has been processed unlawfully.
Right to Object: To object at any time to processing based on the legitimate interest of the Data Controller.
Right to Restriction of Processing: To limit processing during periods of verification or if processing is unlawful.
Right to Data Portability: To receive data in a structured, commonly used, and machine-readable format to transmit it to another controller (applicable to electronic processing based on consent or contract).
Right not to be subject to automated decisions: Including profiling, which produces legal effects or significantly affects the person.
Right to lodge a complaint: To file a complaint with a supervisory authority (e.g., the Garante Privacy in Italy) if they believe the processing violates the GDPR.
How to exercise your rights: To exercise the rights provided by the GDPR, the Data Subject may:
Send an email to: info@larchetipo.it
Or contact the Data Controller at the following address: L’Archetipo di Carlo Nazareno Dibenedetto Via San Donato, 7 – Altamura (BA), post code 70022, Italy.
