información al cliente | Viabizzuno
es
privacy policy for clients and professionals
pursuant to articles 13 and 14 of the european regulation 2016/679 (gdpr), Viabizzuno s.p.a., in the person of its legal representative pro tempore, with registered office in via romagnoli 10, bentivoglio (bo), italy, in its capacity as data controller of the personal data of its clients and of the professionals involved for whatever reason in the sales and design process (architects, lighting designers, interior designers, etc.) is required to provide the following information.the processing of personal data will be subject to the application of the principles of lawfulness, correctness and transparency. personal data shall be collected for specified, explicit and legitimate purposes (purpose limitation) and shall be adequate, relevant and limited in relation to the purposes for which they are processed (data minimisation). they will always be kept up to date and accurate and stored for no longer than is necessary for the controller’s purposes for which they are processed (storage limitation), after which they will be deleted. lastly, they will be processed by employing all appropriate security measures to ensure their integrity and inaccessibility by unauthorised third parties (integrity and confidentiality).
1) categories of personal data, purposes of processing and legal bases
the personal data of clients and professionals, as well as persons acting on their behalf (e.g. employees) necessary to respond to specific requests and/or to execute the contract to which they are a party, including e-mail addresses, are processed.the data are processed:
(a) for the purpose of selling products and services;
(b) for administrative, accounting and tax purposes;
(c) for probative purposes in and out of court;
d) for sending commercial and marketing communications by e-mail, sms, instant messaging and social networks or other means, to propose the purchase of its products or services, submit offers, promotions events and other commercial opportunities;
e) for the purpose of carrying out e-mail marketing campaigns to clients and professionals who have made purchases, in order to offer them products and services similar to those they have purchased (socalled 'soft spam'). this processing does not require the consent of clients and professionals, which however can be denied at any time. clients and professionals may object to this processing by clicking on the unsubscribe link in each email sent, or by writing to the company's addresses;
f) for the purpose of carrying out profiling activities and, therefore, to define the purchasing choices of clients and professionals and, therefore, to analyse their purchasing preferences and create individual and group profiles also in order to send targeted commercial offers consistent with the identified profiles.
the legal bases of the processing are respectively the need to respond to specific requests of the data subjects and/or to fulfil contractual obligations (purpose a); the need to fulfil legal obligations of the data controller or data processor (b); the legitimate interest of the data controller to have evidence to protect his/her rights and interests (c); the legitimate interest of the data controller in the case of so-called 'soft spam' (e), consent in the case of marketing and profiling (d) and (f).
with respect to processing for marketing and profiling purposes, clients and professionals may revoke their consent at any time and may object by clicking on the unsubscribe link provided in each email sent, or by writing to the company's addresses.
2) recipients of data and data communication
the personal data of clients and professionals may be disclosed to third parties who have contractual relations with the data controller within the scope of the purposes indicated in 1) a), b) and c) above.specifically, banks in charge of payments; public or private bodies for the implementation of tax and accounting obligations; suppliers and professionals carrying out consultancy services and other activities supporting those of the controller.
the communication of the above-mentioned data is necessary for the correct and complete execution of the clients’ contract with the controller and, more generally, to comply with all the obligations prescribed by law (in particular, of an accounting and tax nature).
the clients and professionals’ personal data may become known by companies of the group and by persons that the controller has appointed as data processors or subprocessors, pursuant to art. 28 of the GDPR.
3) transfer of data to a non-european country
the data are processed in the national territory. in the event that the personal data are transferred to a non-european country, the controller will implement all the guarantees prescribed by the GDPR in order to protect them adequately.4) data retention
data processed for the purpose of responding to specific requests or executing the contract with clients and professionals are used for as long as necessary to respond to the request or execute the contract and are then retained on the basis of the legitimate interest of the controller in maintaining business contacts.data are retained for 10 years also to comply with the storage obligations provided for by law for administrative-accounting and tax purposes.
finally, the processed data will also be retained as evidence, in view of any possible action or defence in court, for the limitation period of 10 years, provided for to enforce any contractual liability.
in the case of data processed for marketing and profiling purposes, they will be used until consent is withdrawn or objected to by clients and professionals.
5) access rights
articles 15 to 22 of the GDPR confer specific rights onto the natural persons concerned.art. 15 grants them the right to access and obtain a copy of their personal data. the right to obtain a copy of the data shall not adversely affect the rights and freedoms of others.
with a request for access, data subjects have the right to obtain confirmation from the controller as to whether or not their personal data are being processed and to know the purposes and categories of data processed, the third parties to which the data are communicated, and whether or not the data are transferred to a non-eu country with adequate guarantees. data subjects also have the right to know how long their personal data will be stored.
6) other rights
with respect to their personal data, data subjects have the right to request the rectification of inaccurate data and the integration of incomplete data, the erasure (right to be forgotten) of data under the conditions indicated in art. 17 of the GDPR, the restriction of processing, data portability, and the right to withdraw their consent and object to the processing.these rights may be exercised by e-mail to the address of the controller, privacy@viabizzuno.com, or by ordinary mail to its registered office, via romagnoli, 10 bentivoglio 40100 (bo), italy.
the controller may need to identify the data subject by requesting a copy of his/her identity document.
a reply will be provided without delay and in any case within one month of the request.
7) complaint with a supervisory authority
a client or professional who believes that the processing of his/her personal data violates the provisions of the regulation has the right to lodge a complaint with the supervisory authority of the country in which he/she resides or works or in which the violation occurred, pursuant to art. 77 of the GDPR.if the client and professional reside or work or the violation occurred in the Italian territory, the complaint must be submitted to the Italian data protection authority based in rome.
alternatively, he/she may take legal action before the judicial authority.
scroll