Notice on data protection in compliance with the General Data Protection Regulation (GDPR) EU 679/2016 in force since 25 May 2018
You are hereby informed that Victoria Smith (hereinafter “Controller”), as Controller, in compliance with Article 13 of the EU Regulation No. 2016/679 (hereinafter “GDPR”), will process your data in the manner and for the purposes here following:

1) Controller:
The controller is: Victoria Smith. Email: victoria.lark@lodolina.com. Social security: 328-40-5158.

2) Subject of the processing:
The Controller processes personal data (hereinafter, “personal data” or even “data”) that you may have communicated for the conclusion of contracts for services or products sold by the Controller.

3) Purposes of the processing:
a) The personal data which you will provide through this website or directly to the Controller are processed without your express consent (Article 6, paragraph 1 (b), (e) of the GDPR), solely for the following Service Purposes:

  • Concluding contracts for the services of the Controller.
  • Fulfilling pre-contractual, contractual and tax obligations deriving from relationships with you.
  • Fulfilling the obligations established by law, by a regulation, by the community legislation or by an order of the Authority.
  • Exercising the rights of the Controller, for instance legitimate interests or the right of defence in court.

b) The personal data which you will provide through this website or directly to the Controller will instead be processed only with your specific and distinct consent (Article 7 of the GDPR) for the following Marketing Purposes:

  • Sending you commercial communications or newsletters or other advertising material on products or services offered by the Controller through e-mail, mail and/or text messages and/or telephone.
  • Sending you questionnaires through e-mail to detect the degree of satisfaction on the quality of services.
  • Please note that if you are already our customer, we may send you commercial communications or newsletters relating to services and products of the Controller similar to those you have already received, unless you withdraw your consent already expressed.

4) Mode, duration of processing and data security:

  • Your personal data are subject to paper-based as well as electronic and/or automated processing.
  • The Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and, in any case, for no more than 10 years from the end of the relationship with regards to the Service Purposes (3.a), and no more than 2 years from the data collection with regards to the Marketing Purposes (3.b).
  • The Controller declares to have adopted technical and organizational measures suitable for the fulfilment of the obligations pursuant to the GDPR. In particular, the Controller declares to have started internal procedures to safeguard data security (both electronic and paper-based), through encryption, backup and disaster recovery as well as measures to protect its network through firewalls, antivirus or anti-hacking systems. The Controller declares to have also verified that the same security measures have been established by those of its suppliers providing hosting services related to the functionality of this website.

5) Other recipients of the data
The Controller processes the collected data internally and uses them to carry out its business.

6) Transfer of data
Should personal data be acquired from the website, they are stored on servers located in Italy or, in any case, within the European Union. However, if necessary, the Controller will have the right to move the servers even outside the EU. In such a situation, the Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, always guaranteeing the security of the transfer, and after verifying that the new supplier have established suitable security measures and there is no unauthorized use of data.

7) Rights of data subjects
As a data subject, you can exercise all the rights pursuant to Article 15 of the GDPR and precisely the rights to:

  • Obtain confirmation of the existence or not of personal data relating to you, even if they have not been registered yet, and their communication in an intelligible form;
  • Obtain information about:
    a) The origin of personal data;
    b) The purposes and methods of the processing;
    c) The logic applied when the processing is carried out with the support of electronic instruments;
    d) The identification details of the Controller, the processors and the designated representative pursuant to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
    e) The subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as designated representative within the State, processors or people in charge;
  • Obtain:
    a) The update, rectification or, when interested, integration of data;
    b) The deletion, transformation into an anonymous form or blocking of data processed in violation of the law, including any not essential for the purposes for which they were collected or subsequently processed;
    c) Confirmation that the operations referred to in a) and b) above, including their content, have been communicated to those who received the data, unless compliance with this rule is found to be impossible or involves means clearly disproportionate to the safeguarded right;
  • Object, wholly or partially:
    a) For legitimate reasons, to the processing of personal data relating to you, even if pertinent to the purposes of the collection;
    b) To the processing of personal data relating to you for the purposes of sending advertising or direct marketing material or to carry out market or commercial communication research, through automated calling systems without the intervention of an operator, e-mail and/or traditional marketing methods by telephone and/or mail. It should be noted that the right to object of the data subject, referred to in b) above, concerns direct marketing either through automated or traditional methods. The data subject can also exercise the right to object partially. Therefore, they can decide to receive communications only through traditional methods or automated communications or none of the two.

Where applicable, the data subject has also the rights referred to in Articles 16-21 of the GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right of complaint to the Competent Authority.

8) How to exercise your rights
The data subject can exercise their rights by sending:
An email to victoria.lark@lodolina.com
An ordinary mail to: La Lodolina, Località Palazzone, 174, 51044 - Cortona (AR), Italy.