Privacy Policy rendered pursuant to Art. 13 of the regulation (EU) 2016/679 and to the e-privacy directive 2009/136/EC and subsequent amendments.
Dear user, below we provide some information that we need to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards you and towards all parties concerned is a fundamental part of our activity.
DATA CONTROLLER
The Data Controller (the subject that decides the purposes and methods for processing your personal data) is identified, based on the definition of “group of undertakings” pursuant to Art. 4.19 of EU Reg. 679/2016, represented by the parent company Sweden & Martina S.p.A. (00401550280), responsible towards you for the legitimate and correct use of your personal data and can be contacted for any information or request at the following:
Email: privacy@sweden-martina.com - Tel: +39 0499124300 - Address: Via Veneto, 10 - 35020 Due Carrare, PD, Italy
PERSONAL DATA PROTECTION OFFICER
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following: email: dpo@sweden-martina.com – certified email: dataprotectionofficer@pec.it
CATEGORIES AND SOURCE OF DATA
For processing purposes, the Data Controller will process ordinary data, such as: personal data, contact data, address data, data relating to identification/recognition documents, payment data, data relating to purchases or the use of services, profiling data, product quality certificates, access and identification data, video surveillance recordings and data relating to the accommodation service, including special data, photographs, video recordings and other multimedia content.
The data processed are communicated by the data subject and/or by third parties, such as public authorities and bodies (e.g., the Chamber of Commerce) and/or collected from publicly accessible sources.
PROVISION OF DATA
Failure to provide compulsory data may have legal and contractual consequences, while failure to provide optional data may result in data processing not being carried out or being carried out only in part. Therefore, in the event of failure to provide data, the data subject may not obtain the expected results or may only obtain them in part.
PROCESSING
Your personal data are collected and processed using automated, semi-automated and non-automated means, as specified below. In any case, the time necessary for the statute of limitation in relation to reciprocal rights and the storage time for backups to accrue must be added to the period for storing data indicated from time to time.
We process your data in order to execute pre-contractual measures adopted at your request or to perform a contract to which you are party, specifically:
customer management, following up customer or potential customer enquiries and handling pre-contractual or contractual obligations, providing technical support to customers (we will keep data for 10 years from the year of contact or termination of the last contract);
commercial activity aimed at offering goods and services (we will keep data for 10 years from the relevant year);
receipt and dispatch of documents and goods (we will keep data for 10 years from the relevant year or from termination of the last contract);
accommodation and management of related services regarding business negotiations (we will keep data for 10 years after termination of the last contract for data relating to accommodation);
organisation and delivery of courses and events (we will keep data for 10 years from the year the course was held).
We process your data in order to fulfil a legal obligation which the Data Controller is subject to, specifically:
bookkeeping and tax obligations (we will keep data for 10 years from the relevant year);
management and maintenance of the IT network and systems (we will keep data for 18 months after termination of the contract relationship with regard to obligations relating to system administrators);
ensuring corporate compliance, e.g., managing data protection requirements (we will keep data for as long as necessary to fulfil the purpose).
We process your data in order to pursue a legitimate interest of the Data Controller, specifically:
inhouse management checks (we will keep data for 10 years from the relevant year);
verification of the quality of goods and services (we will keep data for 10 years from the year of termination of the last contract)
programming of activities (we will keep data for 10 years from the year of acquisition);
monitoring people entering the company and sorting telephone calls (we will keep data for one year from the year of acquisition);
customer satisfaction survey (we will keep data for 10 years from the year of contact or termination of the last contract);
commercial activity aimed at offering goods and services (we will keep data for 10 years from the relevant year);
ensuring corporate compliance, e.g., preventing the commission of criminal offences to the benefit of or in the interest of the organisation (we will keep data for as long as is strictly necessary to fulfil the purpose);
video-surveillance activities to protect company assets, personal safety and perimeter security, against intrusion and damage to property (we will keep data for 24 hours unless events require footage to be kept longer - e.g., theft);
management and maintenance of the IT network and systems (we will keep data for 10 years from the year of termination of the contractual relationship for accounts, passwords and usernames)
to prevent and/or detect possible abuse and to defend our rights and interests in court or in the preparatory stages of a court case (we will keep data until the purpose of processing ceases).
We process your data on the basis of your consent for certain purposes, specifically:
sending information and/or advertising material, market analyses and surveys (we will keep data for up to 10 years after revocation of consent);
management of reviews to publicise the Data Controller's activities and services (we will keep data for up to 10 years after the year consent is revoked or the review is published);
promotion of the Data Controller's activities and video or photographic recordings, with possible subsequent publication (unless subject to dissemination, we will keep data until consent is revoked, after which processing will be limited to mere storage for 10 years from the year consent was revoked).
managing community and networking activities (we will maintain data until consent is revoked).
Special categories of personal data are also processed, for the purposes described, on the basis of your consent.
If you do not wish to provide your consent, we will not be able to process your personal data. Furthermore, you may revoke your consent at any time by contacting the Data Controller at the contact details above.
COMMUNICATION OF DATA
Your data may be communicated, exclusively for technical and operational requirements strictly related to the above-mentioned purposes, to parties who process the data on behalf of the Data Controller, appointed as Data Processors pursuant to Art. 28 of EU Reg. 2016/679, banks and financial institutions, public bodies and administrations or public authorities with whom there is a legal obligation to communicate.
Subject to your consent, for the stated purposes, some of your data may be published online, on Sweden & Martina's corporate website, on social networks related to Sweden & Martina or on video platforms (e.g., YouTube, Vimeo).
TRANSFER OF DATA OUTSIDE THE EU
The processing of personal data (e.g. storage, archiving and preservation of data on servers or the cloud) will be restricted within the areas of circulation and processing of personal data of countries that are part of the European Union, with an express ban on transferring them to non-EU countries that do not guarantee (or do not have) an adequate level of protection, or in the absence of the protection tools provided by EU Regulation 2016/679 (third country deemed adequate by the European Commission, group BCR, model contract clauses, data subject consent, etc.).
DATA SUBJECT RIGHTS
The data subject has the right, pursuant to Articles 15 et seq. of EU Reg. 2016/679, to request the Data Controller grant access to his or her personal data, as well as the right to rectification or deletion or the right “to be forgotten”. The data subject also has the right to request data portability, the restriction of processing or to object to processing.
For processing based on consent, the data subject has the right at any time to revoke consent, without prejudice to the lawfulness of the processing based on the consent given before revocation. To exercise such rights or to request additional information, data subjects may contact the Data Controller using the information provided above.
Lastly, data subjects may lodge complaints with the Italian Data Protection Authority, whose head offices are at Piazza Venezia 11, 00187 - Rome - protocollo@pec.gdpd.it.
MODIFICATIONS
We reserve the right to update our Privacy Policy. We will notify you of any changes as we deem appropriate and update the date in this Privacy Policy Statement. We therefore recommend you consult our Privacy Policy periodically, even by requesting a copy from the Data Controller.
Last update Revisione 6 - 2024/03/26