according to Article 13 - GDPR 2016/679
In compliance with the obligations laid down in European Privacy Regulation EU/2016/679 (GDPR), we hereby inform you about the processing of personal data freely provided by you and/or other subjects communicated to Novacolor Srl in particular through:
The data processing will be carried out in compliance with the privacy regulations in force and based on principles of correctness, lawfulness and transparency, and carried out in compliance with the principles of relevance, completeness and non-excess.
1. Identity of, and information on, the Data Controller
Administrative and operational headquarters:
Via Ulisse Aldrovandi 10 - 47122 Forlì (FC) Italy
telephone +39 0543 401840
corporate web site www.novacolor.it
Legal representative of the Data Controller: Dott. Marco Pietro Zini
2. Contact details of the Data Protection Officer (DPO)
Date Protection Officer: Dott. Maurizio Cataldo
telephone +39 041 4569322
3. Categories of personal data processed and purposes of the processing for which the personal data are intended, and their legal basis
3a. Data collected without the need for your explicit consent (according to Article 6 paragraph 1 letter b, c, f of the GDPR) and for what purposes:
3b. With your explicit, specific and free consent (as per Article 6, paragraph 1 letter a) and Article 7 of the GDPR) through dedicated online or paper forms, for the following purposes:
Any refusal, albeit legitimate, to provide all or part of the above data, may make it difficult to access and use our web applications and online services, and compromise the smooth running of the relationship with us and, in particular, regarding personal data defined as mandatory and indispensable, may make it impossible to access and use our web applications and online services, and make it impossible for us to provide normal business operations and smooth provision of the requested products/services.
4. Processing procedures
Your personal data is processed with or without the use of computer systems - including automated - and may consist of the following operations: collection, recording, organization and storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, dissemination, deletion, destruction, blocking and limitation.
In carrying out the processing operations, all technical, IT, organizational and procedural security measures will always be adopted, so as to guarantee the minimum level of data protection required by law. The above-mentioned procedures applied for the processing, will guarantee access to the data only to the subjects specified in point 5.
5. Recipient categories of personal data
The subjects or categories of subjects which may become aware of personal data or which may receive such data, are:
Personal data may also be disclosed but only in an aggregate and anonymous form and for statistical purposes.
6. Preservation and transfer of personal data to third countries
Personal data is managed and stored in cloud and on servers located within the European Union owned by and/or at the disposal of the Data Controller and/or third-party companies, duly appointed as Data Processors.
7. Period of retention of personal data.
The data will be collected and recorded only for the purposes described above and will be retained for a period strictly necessary for such purposes, and in any case for no longer than twenty-four months from their collection for marketing purposes, twelve months from their collection for profiling purposes and for automated decisions, and ten years from their collection for administrative or legal purposes.
8. Exercisable rights
In accordance with the provisions of the GDPR, you may exercise the rights set out therein and in particular:
8a. You may at any time request from the Legal Representative of the Data Controller or the Data Protection Officer, a copy of your personal data, information regarding the place where your personal data are processed and an updated list with the identification data of all the Data Processors and System Administrators authorized to process your data.
8b. As Data Subject, you may at any time freely withdraw your previously-given consent without any charge and prejudice to the legality of the processing carried out so far, and exercise the following rights against the Data Controller as provided by European Privacy Regulation EU/2016/679 on Access, Rectification, Erasure, Restriction, Objection, Portability and Complaint to the Privacy Guarantor.
The request can be submitted using the UNSUBSCRIBE functionality of the newsletter, or by writing an email to firstname.lastname@example.org