Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 “General Data Protection Regulation” (hereinafter, the “Regulation”), the company TI.CONSIGLIO SA with registered office in CHAMERSTRASSE 176, 6300 ZUG: firstname.lastname@example.org, in its capacity as data controller (the “Controller”), informs the Data Subjects (as defined below) about (i) the categories of data processed, (ii) the legal basis that empowers the Controller to process the Personal Data of the Data Subjects, (iii) the purposes and methods of processing, (iv) the nature of their provision in the context of the relationship maintained with the Controller, (v) their scope of communication, (vi) the retention periods and (vii) the procedures for exercising the rights provided for by the Regulations.
This information refers exclusively to the luxury-click.com website (the “Website”) owned by the Controller.
The Owner reserves the right to update the content of the Website. The Interested Party is therefore invited to periodically consult the information contained herein in order to remain updated with respect to any changes that have occurred since the last consultation.
1. KEY DEFINITIONS
|Legal basis||Basis on which the Controller may process the Personal Data of the Data Subject.|
|Personal Data||Any information concerning an identified or identifiable natural person (‘data subject’); e.g. first name, surname, date of birth, mobile phone number and email address|
|Purpose||Reason for which the Controller processes the Personal Data of the Data Subject.|
|Data Subject||Users (natural persons), including potential ones, who request and/or use the Services offered by the Controller.|
|Data Processor||Third-party entities that perform Personal Data processing activities on behalf of the Controller.|
|Data Controller||TI.CONSIGLIO SA with registered office at Chamerstrasse 176, 6300 ZUG (CH), email: email@example.com|
2. ACQUISITION OF PERSONAL DATA
The Personal Data subject to processing activities by the Controller are acquired directly by the Controller, through navigation on the Website, as well as through the spontaneous sending of contact requests sent to the Controller via the Website form.
3. SUMMARY OF PROCESSING, PURPOSE AND LEGAL BASIS
a) Web Site navigation (Purpose a).
What does this Processing consist of?
What is the Purpose of this Processing?
To process the Personal Data of Data Subjects in order to allow them to browse the Web Site on which:
a) the company’s mission and description are communicated;
b) the activities of the company and the services offered are described.
What is the Legal Basis for this Processing?
The pursuit of the legitimate interest (art. 6 paragraph 1 letter f) of the Regulation) of the Data Controller in the use of the Website together with the applicable legislation on cookies.
b) Responses to Contact Requests aimed at establishing a business relationship (Purpose b).
What does this Processing consist of?
Data subjects may contact the Data Controller by sending an e-mail or using the form available on the Website. They are free to send spontaneous communications by email.
What is the purpose of this Processing?
To handle contact requests from data subjects in order to enter into a contractual relationship between company and customer.
What is the Legal Basis of this Processing?
The performance of pre-contractual and contractual activities between the company and the Data Subjects (Art. 6 paragraph 1 letter b) of the Regulation).
4. CATEGORIES OF DATA PROCESSED
- first and last name;
- e-mail address;
- telephone number;
- navigation data such as the IP address of the device used, the type of device, the operating system used;
- other personal data spontaneously communicated by the Data Subject in requests in generic contact requests and in the “write a message” field of the form.
5. PROCESSING METHODS
The processing of Personal Data is carried out by means of digital tools, with logics related to the Purposes highlighted above and, in any case, in compliance with the guarantees prescribed by the reference legislation, aimed at ensuring the confidentiality, integrity and availability of Personal Data, as well as at avoiding damages (e.g. loss of control of Personal Data or limitation of rights, identity theft or usurpation, etc.).
6. COMMUNICATION AND DISSEMINATION
In order to pursue the purposes described in this Policy, the Controller reserves the right to communicate Personal Data to recipients belonging to the following categories:
a) third parties that provide services for the management of the Owner’s information system and telecommunications networks (including mailing services);
b) third parties that perform data acquisition, processing and storage services (e.g. cloud providers, server hosting, etc.);
c) third parties whose components and content are present on the Website;
d) administrative authorities to which it is required to make such communications.
The subjects belonging to the above categories operate independently as separate data controllers, or as Data Processors appointed for this purpose by the Data Controller.
Personal Data may also be known, in connection with the performance of assigned tasks, by the Owner’s staff, specifically authorised to process them.
In any case, Personal Data shall not be disclosed and, therefore, shall not be brought to the knowledge of unspecified persons, in any form whatsoever, for instance by being made available or consulted, without the express consent of the Data Subject, when required.
7. TRANSFER OF DATA OUTSIDE THE EU
The Data Controller acknowledges that, for the pursuit of the above purposes, the Personal Data of the Data Subjects may be communicated to entities located in countries outside the European Union. Such transfer will only take place against the adoption of the measures required by the applicable legislation. The third country to which Personal Data may be transferred is Switzerland.
8. RETENTION PERIODS
Personal Data will be stored by the Data Controller for the following periods of time, based on the different purposes indicated in the paragraph “Purposes and legal basis of the processing”:
a) for the navigation of the Website (see paragraph 3 – Purpose a), the Data Controller will keep the Personal Data of the Data Subject for the period of time limited to what is technically necessary for the performance of the processing operations indicated therein;
b) for the management of contact requests that do not result in the establishment of a contractual relationship (see paragraph 3 – Purposes b) the Data Controller will store the Personal Data of the Data Subject for a maximum period of 12 months or until a request for deletion is made. For the management of requests that result in a contract between the Controller and the Data Subject (see paragraph 3 – Purposes b), the data will be kept for the duration established by the relevant Swiss regulations in force.
9. DATA SUBJECT RIGHTS
Pursuant to Articles 15 to 22, the Regulation gives the Data Subject the possibility to exercise specific rights. In particular, the Data Subject may obtain a) confirmation of the existence of processing of Personal Data concerning him/her and, in this case, access to such data; b) rectification of inaccurate Personal Data and integration of incomplete Personal Data; c) erasure of Personal Data concerning him/her, in cases where this is permitted by the Regulation d) the limitation of the processing, in the cases provided for by the Regulation; e) the communication, to the recipients to whom the Personal Data have been transmitted, of the requests for rectification/deletion of the Personal Data and limitation of the processing received from the Data Subject, unless this proves impossible or involves a disproportionate effort f) the receipt, in a structured, commonly used and machine-readable format, of the Personal Data provided to the Data Controller, The Data Subject also has the right to object at any time, for legitimate reasons, to the processing of Personal Data concerning him/her, even if pertinent to the purpose of collection, except where the Data Controller proves the existence of compelling legitimate reasons or the exercise or defence of a right pursuant to Art. 21 of the Regulation. The Interested Party may submit requests to firstname.lastname@example.org indicating in the subject line “Privacy – exercise of Privacy Rights”, detailing which right he/she intends to exercise and providing the Data Controller with the information necessary to identify him/her pursuant to Articles 11 and 12 of the Regulation.
The Data Subject also always has the right to lodge a complaint with the supervisory authority, namely in the Member State where he/she normally resides, works or where the alleged infringement took place, as provided for in Article 77 of the Regulation, as well as to take legal action in accordance with Articles 78 and 79 of the Regulation.