Art. 13 Regulation (EU) 2016/679 of the European Parliament and of the European Council
The Good Vibes Company S.r.l., with legal head office in Grandate (CO), Italy, via Saldarini Catelli n. 1, VAT no. 03768980132 (hereinafter the "Company
" or the "Data Controller
"), to the Data Subjects (hereinafter “Data Subjects
The Company, as the Data Controller, undertakes to protect the confidentiality and the rights of the Data Subject and, according to the principles established by the aforementioned regulations, the processing activity of the data provided will be based on principles of correctness, lawfulness and transparency.
1. PURPOSES OF THE PROCESSING ACTIVITY
The personal data of the Data Subjects will be processed by the Company for the following processing purposes:
- fulfill the obligations to pre-contractual and contractual obligations necessary to offer the sale service to the Data Subject if the latter has made a purchase or to offer any other services requested by the Data Subject, including participation in prize contests;
- carry out all administrative, accounting and fiscal activities related to the purposes referred to in letter a) above and comply with the provisions of laws and regulations, national and foreign, or execute an order of the judicial authority or other authorities to whom the Data Controller is subject;
- exercise the rights of the Data Controller with particular reference to the right to defense in court.
The personal data that are necessary for the pursuit of the processing purposes described in letters a) b) and c) are indicated with an asterisk in the registration form.
- carry out various types of marketing activities, including the promotion of products, services, distribution of informative, advertising and promotional material, events, sending newsletters and publications;
- carry out analysis - through an automated process - aimed at determining the profile of the Data Subject in order to adapt marketing activities to the needs of the Data Subject.
The provision of data for the purposes referred to in letters a) b) and c) is optional, however, failure to provide data and / or any refusal to the processing activity will make it impossible for the Data Controller to release the card and allow Data Subject to access the advantages and special related initiatives. The processing activity is lawful as it is carried out for the fulfillment of pre-contractual and contractual obligations, compliance with the provisions of laws and regulations and the exercise of the rights of the Data Controller.
The provision of data for the purposes referred to in letters d) and e) is optional, however, a refusal to provide them will only determine the impossibility for the Data Controller to put in place the activities indicated therein.
The Data Subject may also revoke his consent at any time, with the same ease with which he conferred it.
2. METHOD OF THE PROCESSING ACTIVITY
Data processing is carried out electronically and / or on paper, by recording, processing, archiving and transmission of data, even with the support of IT tools.
Tools and media used in carrying out the processing activities are appropriate to ensure the security and confidentiality of data.
In carrying out the processing activities, the Company undertakes to:
3. COMMUNICATION AND DISCLOSURE OF INFORMATION
- ensure the accuracy and updating of the data processed, and promptly acknowledge any adjustments and / or additions requested by the Data Subject;
- adopt security measures to ensure adequate data protection, because of the potential impact that the processing involves the rights and freedoms of the data subject;
- notify the data subject, in the times and in the cases provided for by the binding legislation, of any violation of personal data;
- guarantee the compliance of processing operations with the applicable provisions of the law.
Without prejudice to the communications made in fulfillment of legal obligations, the personal data of the data subject may be known, in addition to the Data Controller, by:
- Employees and collaborators of the Data Controller as authorized data processing personnel;
- national and foreign companies belonging to the same group to which the Data Processor belongs;
- administrative / accounting consultants;
- authorities in general, administrations, public bodies and organizations, both national and foreign;
- service providers of data entry and digital archiving;
- marketing company.
Exclusively for the purposes listed above according to any consent provided by the data subject. Personal data are not subject to disclosure.
4. TRANSFERS ABROAD
Personal data will be stored and processed within the European Union.
In the event of any processing of personal data outside the European Union, the same will only occur after the adoption of adequate guarantees, as required by the binding legislation.
5. DATA RETENTION POLICY
The Company keeps personal data in its systems in a form that allows identification of data subjects according to the following criteria:
6. RIGHTS OF THE DATA SUBJECT
- for a period of time not exceeding the achievement of the purposes for which they are processed, unless otherwise required by regulatory or contractual obligations;
- to comply with specific regulatory or contractual obligations;
- if applicable and legitimate, up to any request for cancellation by the data subject.
The data subject can assert his rights, recognized by the binding legislation and in particular by the articles. from 15 to 22 of the GDPR, such as:
- Right of access: the right to obtain from the Data Controller confirmation that personal data is being processed and, in this case, to obtain access to personal data and to further information on the origin, purpose, categories of data processed, recipients of communication and / or data transfer, etc.
- Right of amendments/ rectification: right to obtain from the Data Controller the correction of incorrect personal data without undue delay, as well as the integration of incomplete personal data, also by providing an additional declaration.
- Right to cancel: right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that:
- personal data are no longer necessary with respect to the purposes of the processing;
- the consent on which the data processing is based has been revoked and there is no other legal basis for the data processing;
- personal data have been processed unlawfully;
- personal data must be deleted to fulfill a legal obligation.
- Right to oppose data processing: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Data Processor.
- Right to limit processing: the right to obtain from the Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the data subject has objected to the processing, if the personal data are necessary to the data subject for the assessment, exercise or defense of a right in court, if as a result of opposition to the data processing the data subject is awaiting verification of the prevalence or otherwise of the legitimate interest of the Data Processor.
- Data portability right: the right to receive personal data in a structured, commonly and automatically readable format, and to transmit such data to another data controller, only for cases where the processing is based on consent or on a contract and only for data processed by electronic means.
- Right not to be subjected to automated decisions: right to obtain from the Data Controller not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that affect the data subject or that significantly affect his person, except that such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the data subject.
- Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial appeal, the data subject who considers that the data processing concerning him / her is in violation of the GDPR has the right to lodge a complaint with a supervisory authority.
In order to exercise the rights provided by the GDPR, the data subject may:
(i) forward your requests to the Data Controller, by logging on to the website www. goovi.com /contacts;
(ii) or alternatively contact the Data Controller at the following address:
The Good Vibes Company S.r.l.
Via Saldarini Catelli n. 1
22070 Grandate (CO)
indicating in the subject "Privacy".