Dear User, on this page you will find information on how we process your personal data.
Our company pays the utmost attention to the protection of your personal data and for this reason, when we collect, process and store personal data we comply with all legal requirements, in particular the provisions of the EU Data Protection Regulation (European Regulation on Protection of Personal Data 2016/679 “GDPR”) and all the regulations on the protection of personal data in force.
Below are described principles and measures to protect the rights and freedom of individuals who come into contact with our Company, in relation to the processing of their personal data.
We take appropriate technical and organizational measures to protect personal data. These include, in particular, measures to ensure the confidentiality, integrity and availability of personal data, including the resilience of systems and services.
1. DATA CONTROLLER AND DATA PROTECTION OFFICER.
2. LAWFUL BASIS FOR PROCESSING, PROCESSING METHOD AND PURPOSE:
This site processes data for the execution of a contract, for the possible fulfilment of legal obligations, for its legitimate interest in advertising and your consent, where necessary (marketing, newsletters, commercial information, etc.).
The data will be processed for the purposes referred to in the following point in compliance with the privacy regulations in force; based on principles of correctness, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and non-excess, and can be carried out with or without the aid of electronic, computerized and online means.
Processing may consist of the following operations: collection, registration, organization and storage, consultation and use, processing, modification, selection, extraction, comparison, interconnection, transmission and communication, cancellation and destruction, blocking and limitation.
Processing will be carried out by the Data Controller, by the external Data Processors and by persons specifically authorized and instructed by the Data Controller in the correct processing of data. We inform you that, once the relationship has been established, the communication of data by the Data Controller to the subjects referred to in point 5 is mandatory, and does not require your consent, if it is necessary for compliance with laws, regulations and Community guidelines.
3. DATA COLLECTED, PURPOSE OF PROCESSING AND STORAGE TIME
By browsing our site, browsing data will be collected through the use of log files in which information collected in an automated manner is stored during user visits. The information collected could be the following:
- internet protocol address (IP);
- type of browser and parameters of the device used to connect to the site;
- name of the internet service provider (ISP);
- date and time of visit;
- visitor’s web page of origin (referral) and exit;
- possibly the number of clicks;
- operations carried out within the site;
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with applicable laws, to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime.
By entering the data in the form in the section dedicated to sending messages, you can also send us your contact identification data (for example your name, surname, telephone, e-mail, etc.). In the “Cart” section, when completing the purchase, you will be asked for additional personal data. The personal data necessary to complete the purchase are those marked with the symbol *. In the absence of entering any necessary data, you will not be allowed to complete your subscription contract.
To deliver the magazine, we need to know your name and surname, residential address, tax code and telephone number.
The processing of your data will also be carried out for the following purposes:
- Sending contact data (identification and personal details) by entering them in the form for registration in the Company’s CRM, activating the requested services (subscription to the Giuliana Ricama magazine), managing customer care and contacts (for the execution of a contract or managing the pre-contractual relationship); retention period: contractual duration and, after termination, 10 years.
- Fulfilling the obligations established by law and regulations (to fulfil legal obligations); retention time: 10 years or in any case the duration foreseen by the legislation in force;
- Exercising a right in court (legitimate interest of the Data Controller); retention time: for the entire duration of the legal dispute;
- Direct marketing purposes: by way of example, sending – with automated contact methods (such as text messages, mms, e-mails, social networks, instant messaging apps, push notifications) and traditional ones (such as telephone calls with operator and traditional mail) – promotional and commercial communications relating to services/products offered by the Company or reporting of corporate events, as well as measuring the degree of customer satisfaction, carrying out market surveys and statistical analyses (with your optional consent, which can be revoked at any time); retention time: until the withdrawal of consent for contact and personal data;
Once the retention terms indicated above have elapsed, the data will be destroyed, deleted or made anonymous.
4. CONSENT TO THE PROVISION OF DATA, THEIR USE AND CONSEQUENCES OF THE REFUSAL TO GIVE CONSENT.
Your personal data are processed:
4.A. Without your express consent (art.6 GDPR) for the following service purposes:
- Conclude subscription contracts for the Data Controller’s magazine and make deliveries, also managing accounts and payments;
- Fulfil the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
- Fulfil the obligations established by law, by a regulation, by community legislation or by order of the Authorities (for example pursuant to the Anti-Money Laundering Legislation);
- Exercise the rights of the Data Controller, for example the right to defence in court;
5. COMMUNICATION and DATA RECIPIENTS
We can communicate your personal information if it is required by law, if you violate our Service Terms, if it is needed to guarantee the operation of the Data Controller’s business activity for subjects appointed and instructed by the Data Controller, to expressly designated external managers who work on behalf of the Data Controller (e.g. accountants, consultants, IT technicians, etc.), to IT employees or System Administrators.
The data may also be processed, on behalf of the Company, by external parties designated as managers, who are given adequate operating instructions. These subjects, in the main, fall within the following categories:
– companies that offer e-mail or SMS sending services (MailUp);
– companies that offer services instrumental to the pursuit of the purposes indicated in this statement (media agency, IT suppliers, couriers …);
If personal data is processed by external service providers or partners on behalf of E-GRAPHIC S.R.L., adequate data protection measures are taken, depending on the category, for example:
- Assignment for the processing of personal data: if, by virtue of the instructions given, the service provider must process personal data, specific agreements are concluded with these suppliers and the assignment is only attributed to those service providers who adopt technical and organizational structures to protect them. The same applies in case of access to data for maintenance and assistance activities.
- Transfer of functions: if a third party is entrusted with other tasks other than the processing of personal data, for the exercise of which decision-making autonomy is required regarding the use of the data, a specific agreement is concluded to that effect which must provide for adequate technical and organizational measures, similarly to the provisions of the previous point.
- Confidentiality agreement: if it cannot be ruled out in individual cases that personal data should be disclosed to a limited extent, a confidentiality agreement is concluded for security reasons with the provider.
6. TRANSFER OF DATA ABROAD
Personal data collected by browsing this online site, with voluntary inclusion in the section dedicated to sending messages and data relating to the magazine subscription contract and delivery, are not transferred to non-EU countries and are not disseminated.
7. THIRD PARTY SERVICES
In general, the third party providers used collect, use and disclose your information to the extent necessary to enable them to perform the services they provide.
For these providers, we recommend that you read their privacy policies so that you can understand how your personal data will be handled by these providers.
Point 8.2 also indicates cookies collected by third parties.
The pages browsed by the user can send cookies to his/her terminal (usually the browser), i.e. small text strings that memorize their passage. Cookies can be used for different purposes: session monitoring, storage of specific information, etc.
Analytical cookies: we use analytical cookies to better understand how our visitors use the E-GRAPHIC SRL site, to understand what works and what doesn’t, to optimize and improve the site and apps, to measure the effectiveness of marketing and communications and to make sure the platforms are always interesting and relevant. The data we obtain includes the web pages browsed, the exit and entry pages, the type of platform, which e-mails you have opened and information on date and time.
For any details relating to the cookies used by E-GRAPHIC S.R.L. Italy, please refer to the specific Extended Cookies Information Notice.
- Disabling cookies
Instructions on how to disable cookies are available on the respective browser sites: Mozilla Firefox – Microsoft Internet Explorer – Microsoft Edge – Google Chrome – Opera – Apple Safari
Or you can select your Preferences from the cookie banner that appears when the page is opened.
- Third party cookies
This site also acts as an intermediary for third-party cookies collected in an aggregate and therefore anonymous form, used to provide additional services and features to visitors and to improve the use of the site, such as buttons for social media, or videos. The information on the use of these cookies and their purposes, as well as on how to disable them, are provided directly by third parties. (Google Analytics: “How Google uses data when using our partners’ sites or apps“).
9. USER RIGHTS
Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the User can, according to the procedures and within the limits established by current legislation, exercise the following rights:
Information: the data subjects will be promptly and transparently informed about the possibility and methods of processing their data. This applies both in the case in which personal data are collected directly from the data subject and in the case of data collection from other third parties).
- Access: data subjects may at any time request information on the personal data stored and/or processed as well as a copy of such data.
- Correction: data subjects may at any time request the correction or completion of false or incomplete personal data, for example, if a name or address is incorrect.
- Cancellation: data subjects may request the cancellation of their personal data, to the extent that there are no conflicting obligations or rights, e.g. retention obligations for tax/commercial reasons. The data subject also has the right to be “forgotten” with the consequence that other data controllers are informed of the cancellation request, to the extent that E-GRAPHIC S.R.L has communicated the personal data to them.
- Limitation of processing: data subjects may request that their personal data be limited, e.g. if they are inaccurate.
- Objection: data subjects may object to the processing of their personal data for advertising purposes at any time. Otherwise, an objection is possible under certain conditions in view of the particular personal circumstances of the data subject.
- Automated decision making: in the context of efficient business transactions, data subjects are subject to automated decisions only if this is lawful, e.g. for fulfilling the contract. Data subjects are informed of the corresponding automated processing procedures.
- Right to lodge a complaint with the supervisory authority (Italian Data Protection Authority – link to the page of the “Garante”) as well as, more generally, to exercise all the rights that are recognized by the current provisions of the law.
Requests should be sent to the following address: email@example.com.
Last revised 22 September 2020