Article 13 Regulation (EU) 2016/679 of the European Parliament and of the European Council
The Good Vibes Company S.r.l., with registered office in Lainate (MI) 20045, Viale Italia, 60, VAT registration number 03768980132 (hereinafter the “Company
” or the “Controller
”), as the controller of personal data, hereby provides this privacy notice pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter the “GDPR
”), to data subjects (hereinafter the “Data Subjects
The Company, in a capacity as controller, undertakes to protect the confidentiality and rights of the Data Subject and, according to the principles of the aforesaid regulation, the processing of data provided will be based on principles of lawfulness, fairness and transparency.
1. PURPOSES OF PROCESSING
The personal data of Data Subjects will be processed by the Company for the following processing purposes:
a) following requests or reports submitted by the Data Subject and to offer support services, whether technical or generally relating to customer care;
b) carrying out all administrative, accounting and fiscal activities related to the purposes set out in letter a) above as well as complying with the provisions of domestic and foreign laws and regulations, or executing an order of the judicial authority or other authorities to which the Controller is subject;
c )exercising the rights of the Controller with particular reference to representation in legal proceedings and managing litigation.
Providing data for the purposes under letters a), b) and c) is optional, however, failure to provide the data and/or not consenting to processing will prevent the Controller from initiating the contractual relationship. The processing is lawful as it is carried out to meet pre-contract and contract obligations, comply with legal provisions and regulations and exercise the rights of the Controller.
2. PROCESSING METHODS
Data are processed using electronic and/or hardcopy means, recording, processing, archiving and sending data also using IT tools
The nature of the tools and supports used in the various processing activities enable data to remain secure and confidential.
When engaging in data processing activities, the Company is dedicated to:
• ensuring that the data processed are accurate and up-to-date, promptly accepting any corrections and/or additions requested by the Data Subject;
• adopting appropriate security measures to ensure adequate data protection, taking into account the potential impact of the data processing activities on the fundamental rights and freedoms of the Data Subject;
• Notifying the Data Subject of any breaches of personal data, within the time frames and under the circumstances provided for by mandatory legislation;
• Ensuring that processing operations comply with the applicable legal provisions.
3. COMMUNICATION AND DISSEMINATION OF DATA
Without prejudice to communications made to fulfil legal obligations, the personal data of the data subject may be known, in addition to the Controller, by:
- employees and collaborators of the Controller as authorised employees for data processing;
- domestic and foreign companies belonging to the same group as the Controller;
- authorities in general, administrations, public bodies and agencies, both domestic and foreign;
- third-party advisors;
- and companies responsible for managing customer care services for the Company.
solely for the purposes listed above according to any consent given by the Data Subject. Personal data shall not be subject to dissemination.
4. TRANSFER OF DATA ABROAD
Personal data will be filed and processed within the European Union.
If personal data are processed outside the European Union, this will take only place adopting adequate safeguards, as provided for by mandatory legislation.
5. DATA STORAGE POLICY
The Company keeps personal data in its systems in a form that allows identification of the persons concerned according to the following criteria:
6. RIGHTS OF THE DATA SUBJECT
- for a period of time not exceeding that required in order to achieve the purposes for which this information is processed, unless otherwise provided for by legal or contractual obligations;
- to comply with specific regulatory or contractual obligations;
- where applicable and legitimate, until such time as the data subject requests their removal.
Data Subjects can exercise their rights granted by mandatory legislation and in particular by articles 15 to 22 of the GDPR, such as:
- The right of access by the data subject: the right to obtain confirmation from the Controller as to whether or not personal data concerning him or her are being processed, and where this is the case, to gain access to this personal data along with further information on the source, purposes, and categories of personal data concerned, as well as the recipients of transferred and/or communicated data, etc.
- The right of rectification: the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. This also includes the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, where:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject has withdrawn consent on which the processing is based and where there is no other legal ground for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation.
- Right to object: the right to object at any time to processing of personal where a legitimate interest of the Controller exists as a legal basis for this.
- Right to restriction of processing: the right to obtain from the Controller the restriction of processing, in cases where the accuracy of the personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data), if the processing is unlawful and the Data Subject has objected to the processing, if the personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court, if following the objection to the processing the Data Subject is waiting for the verification whether or not the legitimate interest of the Controller prevails.
- Right to data portability: the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller where the processing is based on consent or contract and is carried out by automated means.
- Right not to be subjected to automated decisions: the right to obtain from the Controller not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning the Data Subject or significantly affect the Data Subject, unless such decisions are necessary for the conclusion or performance of a contract or are based on the consent given by the Data Subject.
- Right to lodge a complaint with a supervisory authority: save for any other administrative or legal remedy, the Data Subject who considers that the processing concerning him/her has breached the GDPR are entitled to file a complaint with the supervisory authority.
At the end of the exercise of the rights provided by the GDPR, the Data Subject may:
(i) forward their requests to the Controller by accessing the following website: www.goovi.com/it/servizio-clienti/contatti
(ii) or alternatively contact the Data Controller at the following address:
The Good Vibes Company S.r.l.
Viale Italia 60
20045 Lainate (MI)
, indicating “Privacy” as the subject.