Legal Notices - Privacy policy

DISCLAIMER

The contents published on this website are for information purposes only and cannot be considered exhaustive or substitute of legal consultancy or advice.
We may not be liable for contents published on third party websites which are accessible from this website.

PRIVACY POLICY

1. Introduction
This policy, that we invite you to read carefully, describes how our company will process personal data that we collect from Users who use our services, the type of personal data we gather, how they are used, which third parties can access them, and how Users can access, update or delete their data.
This Policy has been drafted in accordance with EU Regulation 2016/679 and Italian laws (Legislative Decree 196/2003 “Data Protection Code”).
The information and data supplied by you or otherwise acquired when using our services will be processed in observance of the provisions of the GDPR and the obligations for confidentiality that form the basis of the work of our firm.
In accordance with the provisions of the GDPR, the processing operations carried out by our firm will comply with the principles of lawfulness, fairness, transparency, purpose and retention limitation, data minimization, accuracy, integrity and confidentiality.

2. Data Controller
The Data Controller is STUDIO BARBERO S.P.A., headquartered at Corso Massimo d’Azeglio 57, 10126 Torino (TO), Italy.

3. Categories of processed data
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal data means any information enabling a natural person to be, directly or indirectly, identified or identifiable, alone or together with other data (hereinafter, "Data").
In particular, the Data we process are the following:

- Navigation data
The web servers automatically record certain personal information implied by the use of Internet communication protocols. Said information is not collected to identify a specific person, but by its nature could identify users through elaborations and associations with third parties’ data. This information includes IP addresses or domain names of the computers used by the users through which they connect to our site, the URI addresses (Uniform Resource Identifier) of the resources requested, the time of the request, the method used for requesting the server, the dimension of the answer file, the numeric code which indicates the response of the server (good result, mistake etc) and other parameters of the operating system and of the user’s settings. These data are retrieved with the sole purpose to obtain anonymous statistical information on the use of our site and control its correct functioning. They are automatically deleted after the elaboration. They could also be used to ascertain the responsibility of the user in case of alleged criminal actions against our site. But for the exceptions mentioned above, the data retrieved will not be kept for more than seven days.

- Data voluntarily made available
We may collect and process the following Data through our site and during our activities aimed at providing our services:
names and surnames, addresses, email addresses, phone and fax numbers and possible additional information (such as tax codes) that you, as a client or prospect client, supplier or job applicant, will voluntarily disclose to our company.

- Information on Cookies

A cookie is a piece of data stored by a user's web browser on the user's hard drive - such as a computer or a smartphone - and allows web servers to recognize the device used to access a web site.
Our site does not use any type of cookies, including technical cookies, analytics cookies and profiling cookies.


4. Communication of the Data
The Navigation Data are automatically collected; in other cases, the submission of personal data is optional, but failure to submit data could result in the impossibility to fulfil agreements or supply the requested services.

5. Purpose of data collection
We will use the Data for the following purposes, upon receipt of your express consent where necessary:
- To ensure that the content on our site is presented in the most effective manner for you;
- To perform our services, providing the information you requested or supplying the service ordered, including the collection, retention and processing of data for the establishment and subsequent operational, technical and administrative management of the relationship arising from the provision of the services, and the exchange of messages during the course of our relationship;
- To send you information via e-mail for services similar to those you have subscribed to, unless you objected to such processing initially or in subsequent communications, to pursue our firm’s legitimate interests to promote services which you may be reasonably interested in;
- To fulfil contractual obligations;
- To discharge legal, accounting and tax obligations.

6. Legal basis of processing
The Data Controller may process Users' Data if one of the following conditions applies:

•    Users have given their consent for one or more specific purposes;
•    provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
•    processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
•    processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
•    processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

In any case, the Data Controller will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

7. Processing Arrangements
Once we have received your Data, we will process them in a proper manner and take appropriate security measures to prevent loss of Data, unauthorized access, disclosure, modification, illegal or incorrect use of the Data.
We will process your Data using computers and/or IT enabled tools, apt to grant security and confidentiality according to the above-mentioned legal provisions.

8. Data communication
Your Data may be accessible to persons involved with the operation of our site and our services (administration, legal, system administration) or external parties (such as persons, companies or professional firms providing our law firm with advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the services; entities that we may engage with in order to provide the services, i.e. domain name registration authorities, registrars and technical service providers, mail carriers, hosting providers, IT companies, communications agencies, the companies which manage the Trademark Clearinghouse, other Intellectual Property advisors; post couriers; people authorised to perform technical maintenance), appointed, if necessary, as data processors by our firm; or entities, bodies or authorities that we may disclose your Data to in accordance with the provisions of law or under the orders of the authorities; or people authorized by Data Controller to process the Data as required for carrying out activities strictly related to the provision of the services, such as the employees of our firm.
The updated list of these parties (i.e. Data Processors) may be requested to the Data Controller at any time.
Our employees, agents and contractors who have access to Data are required to protect them in a manner that is consistent with this Privacy Policy.
The complete list of these parties may be requested to our company at any time.

9. Retention time
Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:
•    Data collected for purposes related to the performance of a contract between the Data Controller and the User shall be retained until such contract has been fully performed.
•    Data collected for the purposes of the Data Controller’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Data Controller within the relevant sections of this document or by contacting the Data Controller.

The Data Controller may be allowed to retain Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Data Controller may be obliged to retain Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, the Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability could not be exercised after expiration of the retention period.

10. Place where the data are processed
The Data that we collect from you may be processed at our company operating offices and in any other places where the people involved with the processing, including our employees, technical staff and collaborators of our company who have been entrusted with the processing, are located.
The information you provide to us is stored on our secure servers. If we provide you with a password which enables you to access certain parts of our site, such as the reserved area, you are responsible for keeping this password confidential.
The Data may be also transferred to, or stored at, a destination located outside the European Economic Area (“EEA”), and be processed by people operating outside the EEA who cooperate with our company for the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your Data to our company, you agree to this transfer, storing or processing, except for the cases in which the processing is necessary for your use of the service, it is justified under art. 49(1)(b), (c) and (e) of the GDPR, according to the current privacy law. We will take all reasonable steps to ensure that your Data are treated securely and in accordance with this privacy policy.

11. Rights of interested parties
Users may exercise certain rights regarding their Data processed by the Data Controller.
In particular, Users have the right to do the following:
•    Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Data.
•    Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
•    Access their Data. Users have the right to learn if Data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
•    Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for them to be updated or corrected.
•    Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Data Controller will not process their Data for any purpose other than storing it.
•    Have their Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Data Controller.
•    Receive their Data and have them transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have them transmitted to another controller without any hindrance. This provision is applicable provided that the Data are processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
•    Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
You may request to access, update, correct, and request the deletion of, your Data or any additional information about the data processing at any time by contacting our company in writing at the email address [email protected].
If you provide Data about other individuals, you represent that they have been informed of the purpose for which said Data will be used, the recipients of the Data and the way they could access and update their information. You also represent that you have obtained their consent to our data processing.

12. Updates to this Privacy Policy
We shall update this Privacy Policy from time to time. Therefore, we invite you to regularly check this page for updates. Amendments to this Privacy Policy, but for mere formal changes, will be notified to Users by email at the addresses disclosed to our company and the continued use of our services for a period of two weeks thereafter may constitute acceptance of the amended provisions.

13. Contact
If you have any questions, comments or requests concerning this Privacy Policy, please do not hesitate to contact us by email at [email protected].