Privacy

DATA CONTROLLER AND CONTACT DETAILS

CTS S.r.l., with registered office in Via Piave 20/22, 36077 Altavilla Vicentina (VI), Tax Code and VAT No: 02443840240 - e-mail:ctsconservation@ctsconservation.com

CATEGORIES OF PROCESSED DATA, PURPOSE and LEGAL BASIS OF PROCESSING

CATEGORIES OF DATA PROCESSED

PURPOSE

LEGAL BASIS

First name, last name, e-mail address, telephone number, personal data possibly included in the message.

Responding to user requests sent via the contact methods on the Website (e-mail address, telephone number).

Performance of a contract to which the data subject is party/performance of pre-contractual measures taken at the data subject's request - Art. 6.1.(b) GDPR.

Browsing data (personal data whose transmission is implicit in the use of Internet communication protocols, e.g. IP addresses or domain names of the computers used by users, time of the request and other parameters relating to the user's operating system and computer environment).

Allowing the user to browse the Website.

Name, surname, e-mail address, telephone number, physical address (billing and shipping address), tax code

Allow the creation of a personal user account on the Website.

First name, last name, e-mail address, telephone number, physical address (billing and shipping address), tax code, credit card or other payment method data, other data required for billing purposes.

Perfecting and fulfilling the sale of products via the Website.

First name, last name, e-mail address.

Direct marketing activities through the sending of communications or material (e.g. by e-mail, newsletter) with respect to products/services similar to those for which the user has requested information and/or has purchased through the Website, also on the basis of profiling based on such previous purchases and requests, in order to send communications of greater interest to the data subject.

Legitimate interest of the data controller - Art. 6.1.(f) GDPR. The legitimate interest of the data controller is identified as (i) the promotion of its business by means of direct marketing - see Recital No. 47 GDPR - and (ii) the possibility of establishing, exercising, defending one's own right and/or defending oneself against disputes.

First name, last name, home address, contact details, history of user operations on the Website.

Handling of disputes arising from purchases or bookings through the Website.

First name, last name, e-mail address.

Marketing activities by sending newsletters to the user's e-mail address, possibly including profiled marketing, based on the data subject's previous purchases and their frequency, in order to send commercial communications of greater interest to the data subject.

Consent given by the user - Art. 6.1.(a) GDPR.

First name, surname, residential address, tax data

Accounting management of payments relating to sales made through the Website.

Legal obligation to which the data controller is subject - Art. 6.1.(c) GDPR.

Sensitive data (i.e. data concerning religious beliefs, trade union membership, sexual preferences and the others indicated in Article 9 GDPR) are not processed through the Website and we ask all users not to include such data in the forms of interaction provided by the Website.

MANDATORY NATURE OF PROVISION

The provision of data for marketing purposes is optional and failure to provide data and/or the request not to use them for direct marketing purposes will not affect the possibility of browsing the Website and/or sending messages and/or making purchases through the Website. The provision of the other data is necessary for browsing and/or sending messages and/or making purchases via the Website. Failure to do so may result in the inability to browse the Website and/or the inability to follow up messages and/or make purchases via the Website.

POSSIBLE RECIPIENTS OF PERSONAL DATA

The data may be communicated to (i) third parties who operate, also in the name and on behalf of the Data Controller, for the performance of services connected with the purposes indicated in this policy, and in particular the management and maintenance of the Website, promotional activities, couriers and other logistics operators for the delivery of products, etc.; (ii) consultants of the Data Controller, for example tax consultants; (iii) authorities and public bodies with respect to which communication is mandatory.

Data are not transferred outside the European Economic Area.

DATA RETENTION PERIOD

The data are kept for a maximum of 10 (ten) years from the date of the last interaction with the data subject, in view of the statute of limitations for any claims arising from the relationship between the Controller and the data subject, as provided by law. Browsing data will be stored for the technical time required to perform the functions for which they were collected.

RIGHTS OF THE DATA SUBJECT

At any time each data subject may assert against the Controller the rights provided for in Articles 15 to 22 GDPR, i.e. the right to request:

a.    access to personal data, i.e. to know their personal data stored by the Controller, the purposes for which they are processed, their origin and the other information provided for in Article 15 GDPR;

b.    rectification of personal data in the event of inaccuracy thereof;

c.     deletion of personal data (so-called ‘right to be forgotten’);

d.    restriction of the processing of personal data, i.e. the right to obtain the suspension of the processing of personal data for the period necessary to verify the request, or in the other cases provided for in Article 18 GDPR.

e.    data portability, i.e. the right to receive personal data in a structured, commonly used and machine-readable format, including by requesting their direct transfer to another data controller (in respect of data whose processing is carried out by automated means);

f.     right to request the controller to refrain from processing the data pursuant to Article 6(1)(e) or (f) GDPR (right to object);

g.    right to lodge a complaint pursuant to Article 77 et seq. of the GDPR with a supervisory authority, which for the Italian State is identified in the “Garante per la protezione dei dati personali”. The complaint procedures are indicated under this link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

AMENDMENTS TO THIS NOTICE

This privacy policy may be subject to change over time - also in connection with the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. The changes to the information notice become applicable as soon as they are published on the Website, it being understood that the Controller may not use the data collected previously for processing for purposes other than those described herein, without informing the user.