Privacy policy - art. 13 of EU Regulation 2016/679

Data Controller

• Biesse Invest s.r.l.
• Piazza dell’Indipendenza, 21
• 50129 - Firenze (FI) - ITALY
• CF/P.IVA 06924590489
• Mail: admin@biesseinvest.com
• WebSite: https://www.basetaly.com/
• (hereinafter also the “Data Controllor”)

Purposes and legal basis

The user's personal data will be processed for the pursuit of the following purposes and with the following legal basis:

1. the processing is aimed at executing the terms and conditions that the user accepts when registering in the reserved area and / or when purchasing the services / products offered by the Data Controller; the legal basis for the indicated purpose is represented by the need for processing for the conclusion and correct execution of the contract of which the data subject is a party and / or for the execution of pre-contractual measures adopted at the request of the data subject, as foreseen from art. 6 par. 1 letter b) of the GDPR;
2. send emails and / or newsletters and communications relating to the services and activities offered and promoted by the data controller, of the same type previously used by the data subject, except for the refusal to process by the same, which can be opposed at any time; the legal basis for this type of processing is represented by the legitimate interest of the Data Controller as provided for in Article 6 par. 1 letter f) of the GDPR;
3. to periodically send, via remote communication technologies (mail, telephone, sms, whatsapp, social network), newsletters and marketing communications on the services and activities offered and promoted by the Data Controller; the legal basis is represented by consent as required by art. 6 par. 1 letter a) of EU Regulation 2016/679;
4. respond to requests sent by the user via email and / or form on the website; the legal basis for the processing listed is represented by art. 6 par. 1 letter b) of the 2016/679 EU Regulation;
5. ascertain, exercise or defend a right in court; the legal basis for this type of processing is represented by the legitimate interest of the Data Controller as provided for in Article 6 par. 1 letter f);
6. to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority; the legal basis for this type of processing is represented by Article 6 paragraph 1 letter c);
7. make site navigation possible and functional, as well as guarantee an adequate level of security, integrity and availability; the legal basis for this type of processing is represented by the legitimate interest of the Data Controller as provided for in Article 6 par. 1 letter f);
8. analysis of statistical data on aggregate or anonymous data, with the aim of monitoring the correct functioning of the web site, traffic, usability and interest; the legal basis for this type of processing is represented by the legitimate interest of the Data Controller as provided for in Article 6 par. 1 letter f).

Data type

The data necessary for the pursuit of the purposes described above will be collected and processed, such as:

1. personal data
2. tax data for the issuance of legal documentation
3. data relating to the contractual relationship
4. contact details such as email and telephone
5. registration data and access to the reserved area.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Refusal to provide data

Apart from that specified for navigation data, users / visitors are free to provide their personal data. The provision of data is in some cases necessary as, any refusal to provide them, could lead to the failure to conclude or incorrect fulfillment of the contract of which the data subject is a party and / or failure to comply with the legal obligations to which the Data Controller is submitted. The provision of data for processing that require consent is optional, failure to provide it will not make it impossible to use the products / services offered by the Data Controller. Even in the event of consent, the data subject will still have the right to subsequently object, in whole or in part, to the processing of their personal data for the purposes set out above, by simply making a request to the Data Controller at the addresses indicated above.

Data source

The data will be collected from the data subject.

Processing methods

In accordance with the provisions of art. 5 of the Regulation, the Personal Data processed will be:

1. processed in a lawful, correct and transparent manner towards the data subject;
2. collected and recorded for specific, explicit and legitimate purposes, and subsequently processed in terms compatible with those purposes;
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. accurate and, if necessary, updated;
5. processed in such a way as to guarantee an adequate level of security;
6. stored in a form that allows the identification of the data subject for a period of time not exceeding the achievement of the purposes for which they are processed.

The data processing will be carried out both with manual and / or IT and telematic tools with organization and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the organizational and physical measures. and logic provided for by the provisions in force.

Data communication scope

Personal data may be communicated to the subjects authorized to process, as well as to external Data Processors appointed by the Data Controller (the complete list of external Data Processors is available from the Data Controller), responsible for managing the aforementioned purposes. As part of the pursuit of the aforementioned purposes, the data may be disclosed to other subjects acting as independent Data Controller.

Data dissemination

Personal data will not be disseminated.

Data transfer abroad

For the purposes indicated above, personal data will be processed within the European Economic Area (EEA). Should they be transferred to Third Countries, in the absence of an adequacy decision by the European Commission, the provisions of the applicable legislation on the transfer of Personal Data to third countries will be respected, such as the Standard Contractual Clauses provided by the European Commission.

Data retetntion

In general, personal data will be kept for the time strictly necessary to pursue the purposes for which they were collected and processed, including the retention period provided for by the applicable legislation and, in any case, for a maximum period of 10 years from the termination. of the relationship between the Data Controller and an data subject, for a maximum period of 2 years or until revocation for the purposes in which his consent is required, without prejudice to the possible need for the Data Controller to defend his own right in court.

Rights of Data Subject

Pursuant to art. from 15 and following of EU Regulation 2016/679, the data subject may, according to the methods and within the limits established by current legislation, exercise the following rights:

1. request confirmation of the existence of personal data concerning him (right of access);
2. know its origin;
3. receive intelligible communication;
4. have information about the logic, methods and purposes of the processing;
5. request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected.

If the requirements are met, the data subject also has the right to:

1. request the correction of inaccurate personal data concerning him (Article 16 of the GDPR);
2. request the cancellation of their personal data "right to be forgotten" (Article 17 of the GDPR);
3. request the limitation of processing (Article 18 of the GDPR);
4. request data portability (Article 20 of the GDPR);
5. oppose the processing (Article 21 of the GDPR).

The exercise of rights may take place by sending a request that must be addressed without any formalities to the Data Controller at the addresses indicated above. Before providing an answer, the Data Controller may need to identify the data subject, by requesting to provide a copy of his identity document. Written feedback will be provided without undue delay and, in any case, no later than one month from receipt of the request.

Complaint

In the event that the data subject believes that the processing of their personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the Personal Data Protection Authority, pursuant to art. 77 of the GDPR itself, as well as appealing to the judicial authority.