top of page
PRIVACY
EXTENDED INFORMATION PURSUANT TO ARTICLES 12,13 AND, IF APPLICABLE, 14 OF THE GDPR-REGULATION (EU) 2016/679 ON THE PROTECTION OF NATURAL PERSONS, WITH REGARD TO THE PROCESSING OF PERSONAL DATA (HEREINAFTER IN GDPR)
he data controller reports, below, the information pursuant to articles 12, 13 and, where applicable, 14 of the GDPR relating to the processing of personal data provided by the Customer/interested party by filling in and signing the contact to purchase the products/services offered for sale by the data controller himself, spontaneously uploading personal data to this website (in particular by filling in forms) or simply by browsing it.
1. Data controller and contract data
The data controller is DANTELA' DI THERESE BABIKIAN, with its registered office 63073 Offida (AP), Piazza del Popolo, 10, P.I. 02460000447, tel.: +39 3337036501, e-mail terezababik70@gmail.com
Tel. +39 3336036501, e-mail terezababik/0@gmail.com, web https://www.dantela.it/ ( di seguito il sito).
2. Principles applicable to processing
In accordance with the provisions of the GDPR, the data controller constantly works to ensure that personal data are:
a. processed lawfully, fairly and in a transparent manner;
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. accurate and, if necessary, updated;
e. retained for a period of time not exceeding the achievement of the purposes for which they are processed;
f. processed using appropriate technical and organizational measures, in a manner that guarantees their security;
g. processed, where by consent, by decision freely taken by the Customer/data subject, on the basis of a request presented in a manner that is clearly distinguishable from the rest, in an intelligible and easily accessible form, using plain and clear language.
The data controller adopts appropriate technical and organizational measures to ensure the protection of personal data by design and to guarantee that, by default, only the data necessary for each specific processing purpose are processed.
The data controller collects and takes into utmost consideration the indications, observations and opinions of the Customer/interested party sent to the contact details above, in order to implement a dynamic privacy management system that ensures effective protection of individuals, with regard to the processing of their data.
This information may undergo changes, in line with the evolution of the reference legislation and the technical and organizational measures gradually adopted by the data controller; the Customer/interested party is therefore requested to periodically visit this section of the site, to view the updates and the information in the text in force from time to time.
3. Methods of processing personal data
The processing of personal data is done manually and with electronic tools, with logic strictly related to the purposes indicated below and, in any case, in a way that guarantees the security and confidentiality of the data itself.
4. Purpose of the processing of personal data
(4a) Purposes for which data processing is necessary
​The personal data provided by the Customer/interested party are mainly processed for the execution of the contract and the management of credit and, more generally, of the relationship arising from the contract itself.
The provision of data in the contract or subsequently, during the contractual relationship, for the purposes of processing in question is mandatory; therefore, failure to provide, partial or incorrect provision of data makes it impossible to stipulate and/or execute the contract and, for the Customer/interested party, to use the products/services offered by the data controller, potentially exposing the Customer/interested party to liability for breach of contract.
The personal data provided by the Customer/interested party may also be processed if this is necessary to fulfill a legal obligation to which the data controller is subject, to safeguard the vital interests of the Customer/interested party or of another natural person, to perform a task of public interest or connected to the exercise of public powers vested in the data controller, or to pursue the legitimate interest of the data controller or of third parties, provided that the interests or fundamental rights or freedoms of the Customer/interested party do not prevail; even in these cases, the provision of data is mandatory and, therefore, failure to communicate, partial communication or incorrect communication of data may expose the Customer/interested party to any liability or sanctions provided for by the legal system.
(4b) Further purposes of processing following specific and express consent of the Customer/interested party
​In addition to the processing purposes indicated above, the personal data provided/acquired may be processed, subject to the consent of the Customer/interested party, to be expressed by selecting the box <<Give consent>> on the contract or on the site (or by using other social or web applications of the data controller), also for the performance of market research and to make commercial and promotional communications, by telephone (also using the mobile number provided) and automated contact systems (e-mail, sms, mms, fax, etc.), on products/services of the data controller or of companies of the group to which the data controller may belong.
Consent for the processing purposes indicated in this point (4b) is optional; therefore, following any denial, the data will be processed only for the purposes indicated in the previous point (4a), except as specified below with reference to the legitimate interests of the data controller or third parties.
5. Categories of personal data processed
The data controller mainly processes identification/contact data (name, surname, addresses, type and number of identification document, telephone numbers, e-mail addresses, tax/invoicing data, unless otherwise specified) and, if commercial transactions are envisaged, financial data (of a banking nature, in particular current account identifiers, credit card numbers, unless otherwise specified in connection with the aforementioned commercial transactions).
Il trattamento che il titolare del trattamento effettua, tanto per l'esecuzione del contratto quanto in forza di espresso consenso del Cliente/interessato, non riguarda, generalmente, categorie particolari di dati personali, conosciuti come sensibili (che rivelino l'origine razziale o etnica, le opinioni politiche, le convinzioni religiose, lo stato di salute o l'orientamento sessuale ecc.), ne dati genetici o biometrici o di dati cosiddetti giudiziari (relativi a condanne penali o reati).
Tuttavia, non può escludersi che il titolare del trattamento con riferimento al sito, e, potenzialmente, quale responsabile del trattamento a ciò incaricato (nei termini di cui sopra) dal Cliente/interessato, anche i cosiddetti dati di navigazione. I sistemi informatici e le procedure software preposte al funzionamento dei siti internet acquisiscono, nel corso del normale esercizio, alcuni dati personali, la cui trasmissione è implicita nell'uso di protocolli di comunicazione di internet. Si tratta di informazioni che, per loro stessa natura, consentono, attraverso elaborazioni ed associazioni con dati detenuti da terzi, di identificare gli utenti. Sul sito può, poi, essere fatto uso dei cookies, sia di sessione (che non vengono memorizzati sul computer dell'interessato e svaniscono alla chiusura del browser) che persistenti, per la trasmissione di informazioni di carattere personale, ovvero dunque per il tracciamento degli interessati.
6. Source of the personal data processed
​The personal data that the data controller processes are collected directly by the data controller from the Customer/interested party at the time of and during navigation of this site (or using other social or web applications of the data controller) or also through its own sales representatives at the time of or after signing the contract, during the execution of the same, or from public sources. As specified above, the data controller, as the data controller in charge of this processing, in order to perform the obligations arising from the contract, may store and/or process data, in particular navigation data, potentially also sensitive, genetic and biomedical or judicial, of third parties of which the Customer/interested party has access in the capacity of data controller, acquired with the prior consent of said third parties, at the time of and during navigation of the same third parties on the site (or using other social or web applications referable to the data controller).
7. Legitimate interests
​The legitimate interests of the data controller or third parties may constitute a valid legal basis for processing, provided that the interests or fundamental rights or freedoms of the data subject do not prevail. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the data controller and the data subject, for example when the data subject is a customer of the data controller. In particular, it constitutes a legitimate interest of the data controller to process personal data of the Customer/data subject: for fraud prevention purposes, for direct marketing purposes, to ensure the free circulation of the same data within the business group to which the data controller may belong, or relating to traffic, in order to guarantee network and information security, i.e. the ability of a network or system to resist unforeseen events or unlawful acts that may compromise the availability, authenticity, integrity and confidentiality of the data.
​8. Circulation of personal data
(8a) Circulation of personal data - categories of recipients
​In addition to the employees and collaborators of the data controller in various capacities (who are authorised by the data controller to process data, pursuant to adequate written operating instructions, in order to guarantee the security and confidentiality of the data), some processing operations may also be carried out by third parties, to whom the data controller entrusts certain activities or part of them, functional to the purposes in point (4a), therefore both in execution of contractual and legal obligations, among which the following deserve mention, but inevitably not exhaustively: commercial and/or technical partners; companies that provide banking and financial services; companies that perform document archiving services; debt collection companies; auditing companies for the certification of financial statements; rating companies; subjects that perform, for the data controller, professional assistance and consultancy activities; companies that carry out customer care activities; factoring companies, credit securitisation companies or other credit transferees; companies of the group to which the data controller may belong; subjects that provide commercial information; IT service companies. The subjects belonging to the aforementioned categories process the personal data themselves as independent data controllers, or as data processors, with reference to specific processing operations that fall within the contractual services that the subjects themselves perform in favor/in the interest of the data controller; the data controller provides the data processors with adequate operating instructions with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of the data. Some processing operations may be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, also functionally to the purposes referred to in point (4b), among which the following deserve attention, but not limited to: commercial and/or technical partners, companies that institutionally provide marketing services: advertising agencies; subjects that provide consultancy and assistance with reference to competitions and prize operations. The subjects belonging to the above categories process personal data as independent data controllers, or as data processors, with reference to specific processing operations that fall within the contractual services that the subjects themselves perform in favor/in the interest of the data controller; the data controller provides the data processors with adequate operating instructions, with particular reference to the adoption of security measures, in order to guarantee the security and confidentiality of the data. The list, subject to periodic updating, of the data processors with whom the data controller maintains relationships is available, upon written request to be sent to the headquarters of the data controller. Furthermore, personal data may be communicated, in the event of a request, to the competent authorities, in compliance with obligations arising from mandatory provisions of law.
(8b) Transfer of personal data to third parties
The personal data of the Customer/interested party may be transferred abroad, both to countries of the European Union and to countries outside the European Union and in this case either on the basis of an adequacy decision or within the scope and with the guarantees provided for by the GDPR (therefore in particular in the presence of standard contractual clauses for data protection approved by the European Commission) or outside the hypotheses mentioned above, using one or more of the derogations provided for by the GDPR (in particular by virtue of the explicit consent of the Customer/interested party or for the execution of the contract concluded by the Customer/interested party or for the execution of a contract stipulated between the data controller and another natural or legal person in favor of the Customer/interested party, in particular for the execution of activities delegated to the latter by the data controller for the execution of the contract concluded with the Customer/interested party). In the event of data transfer to countries outside the European Union, the Customer/interested party is allowed, upon written request to be sent to the headquarters of the data controller, to know the adequate guarantees or the derogations that legitimise cross-border processing. It is understood, in the event of data transfer outside the European Union, that for any request relating to the data, including for the exercise of the rights recognised by the GDPR to the Customer/interested party, the latter may always contact the data controller.
9. Criteria for determining the period of retention of personal data
​For the purposes referred to in point (4a) above, the retention period of the personal data released by the Customer/interested party and their consequent potential processing, coincides with the limitation period of the rights/duties (legal/fiscal etc.) arising from the contract: generally 10 years, therefore barring the occurrence of events interrupting the limitation period which could in fact extend said period. For the purposes referred to in point (4b) above, the retention period of the personal data released by the Customer/interested party and their consequent potential processing, ends with the revocation of the consent previously given by the Customer/interested party himself, or in the absence of this, in any case after one year from the cessation of any relationship between the data controller and the Customer/interested party.
10. Rights of the Customer/interested party
​The data controller recognizes - and facilitates the exercise, by the Customer/interested party, of - all rights under the GDPR, in particular the right to request access to his/her personal data and to extract a copy thereof (art. 15 GDPR), to rectification (art. 16 GDPR) and to erasure (art. 17 GDPR), to restriction of processing concerning him/her (art. 18 GDPR), to data portability (art. 20 GDPR, where the conditions are met) and to object to processing concerning him/her (art. 21 and 22 GDPR, for the cases mentioned therein and, in particular, to processing for marketing purposes or which results in an automated decision-making process, including profiling, which produces legal effects concerning him/her, where the conditions are met). The data controller also recognizes the Customer/interested party, if the processing is based on consent, the right to revoke said consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. To do so, the Customer/interested party can unsubscribe at any time on the site (or on other social or web applications of the data controller) or by using the appropriate link at the bottom of each commercial communication received, or by contacting the data controller at the contact details above. The data controller also informs the Customer/interested party of the right to lodge a complaint with the Personal Data Protection Authority, as the Authority operating in Italy and to lodge a judicial appeal, both against a decision of the Data Protection Authority and against the data controller himself and/or a data processor.
​11. Security of systems and personal data
​Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk, in terms of likelihood and severity, for the rights of natural persons, the controller shall adopt technical and organizational measures deemed appropriate to ensure a level of security appropriate to the risk, in particular by ensuring, on an ongoing basis, the confidentiality, integrity, availability and resilience of processing systems and services (including through encryption of personal data, where necessary) and the ability to restore the availability of data in a timely manner in the event of a physical or technical incident and by adopting internal procedures to regularly test, verify and evaluate the effectiveness of the technical and organizational measures adopted. In assessing the appropriate level of security, account shall be taken of the risks presented by the processing, which arise in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The data controller shall ensure that anyone acting under his/her authority and having access to personal data does not process such data unless instructed to do so by the data controller. That said, the Customer/interested party acknowledges and accepts that no security system guarantees, in terms of certainty, absolute protection; therefore, the data controller shall not be liable for acts or deeds of third parties who abusively, despite the adequate precautions adopted, should access the systems without the necessary authorizations.
​12. Automated decision-making processes
​The data controller may carry out automated processing, including profiling, in relation to the purposes referred to in point (4b) above, to optimize the navigability of the site (or the usability of other social or web applications of the data controller) and to improve the purchasing experience, except as specified above with regard to the rights of opposition and withdrawal of consent by the Customer/interested party. Profiling means any form of automated processing of personal data aimed at evaluating certain aspects relating to a natural person, in particular to analyze or predict aspects concerning, for example, the personal preferences, interests and location of said person, also for the purpose of creating profiles, or homogeneous groups of subjects by characteristics, interests or behaviors. The data controller does not carry out any automated processing that produces legal effects concerning the Customer/interested party that significantly affect his/her person in a similar way, unless this is necessary for the conclusion or execution of the contract, is authorized by law or is based on the explicit consent of the Customer/interested party, in any case always recognizing the latter's right to obtain human intervention, to express his/her opinion and to contest the decision.
CONTACTS
DANTELA' OF
TEHERESE BABIKIAN
People's Square 10
63073 Offida (AP)
+39 333 7036501
OUR HOURS
MON 3:30 PM - 8:00 PM
TUE - SAT 09.30 - 13.00 / 16.00 - 20.00
SUN 10:30 - 13:00
bottom of page