This document can be downloaded in PDF format by clicking on download.
Why this notice
Thank you for taking a few minutes to browse this section of our website. Your privacy is important and, to best protect it, we have prepared this note in which you will find information on the type of information collected online and on the various possibilities you have to intervene in the collection and use of this information.
Within a framework of maximum transparency and accountability, we have developed policies and procedures to ensure, for each operational area, the application of security measures appropriate to the protection of the data processed and therefore the rights and freedoms of the natural persons to whom the data relate.
Di Sardegna Confetti srls
Registered office: Viale Europa 43/C , 09045, (CA) Italia,
Operational headquarters Via Giudice Gugliemo 67/69, 09126, (CA) Italia.
Email address of the Data Controller: firstname.lastname@example.org
PEC of the Holder: email@example.com
In carrying out its activities, the Company Di Sardegna Confetti srls needs to collect and process information (personal data) relating to natural persons (interested) in order to carry out its activities directly and indirectly attributable to both its business and the management of its resources.
This section describes how to manage the site with reference to the processing of personal data of those who consult it, so that, even before accessing the various sections of the site and providing their data, the users of the site can know how the Società Di Sardegna Confetti srls treats the personal data acquired.
Without claiming to be exhaustive, the reference legal framework for the protection of personal data is set out below:
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with regard to the processing of personal data, as well as the free movement of such data (hereinafter the Regulation or GDPR)
• D.lgs. 196/2003, on the “Code on the protection of personal data” as integrated by d.lgs. 101/2018 (hereinafter the Privacy Code)
• D.lgs. 101/2018, Provisions for the adaptation of national legislation to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
Method – Scope of Communication
The data processing may be carried out on paper, through automatic or electronic means, including post, e-mail, telephone, fax and other means (eg websites, mobile applications) with logic strictly related to the purposes set out below. , in order to guarantee the security and confidentiality of the data and with the commitment by the interested party to promptly communicate any corrections, changes and updates.
The personal data processed by the Data Controller are not disclosed, i.e. they are not disclosed to indeterminate subjects, in any form, including that of making them available or simple consultation. The Data Controller does not communicate any personal identification data or information to third parties except, possibly and as strictly necessary, to those who:
• must provide goods and/or perform services or services, including the management of the website, for the purpose of evasion of purchases, provision of services or other requests relating to the contractual relationship with the Owner;
• are entitled to access them by virtue of provisions of law, regulations and Community legislation;
• operate under the authority of the Data Controller, on the basis of the roles and duties performed, within the limits of their skills and in accordance with the instructions given to them (e.g. administrative, commercial, marketing, legal staff);
• are designated as Data Processors pursuant to art. 28 of the GDPR.
The updated list of Data Processors may be requested from the Data Controller.
The user browsing the site assumes responsibility for the Personal Data of third parties obtained, published or shared through this Site and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.
The processing of data takes place at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information about this, please contact the Owner.
The rights of the data subject
The interested party has the right to exercise, in compliance with the conditions set out in the GDPR, the following rights regarding the processing of personal data:
• right of access (art. 15 of the GDPR): The data subject has the right to obtain from the Data Controller confirmation that a processing of personal data concerning him or her is being carried out and, if so, to receive a copy of the data processed;
• right of rectification (art 16 of the GDPR): The data subject may verify the correctness of his data and, if necessary, request the update or correction to the Data Controller;
• right to cancellation (Article 17 of the GDPR): the interested party has the right to obtain from the Data Controller the cancellation of personal data;
• right to limitation of processing (Article 18 of the GDPR): the interested party has the right to obtain the limitation or blocking of the processing. In this case, the Data Controller will not process the data for any other purpose other than their conservation.
• right to portability (art. 20 of the GDPR): the interested party has the right to receive in a legible and structured personal data concerning him and has the right, where technically feasible, to obtain the transfer of such information to another Data Controller, without hindrance. This provision is applicable when the data are processed with automated tools and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures related to it.
• right to object (Art. 21 of the GDPR): the data subject has the right to object at any time to the processing of personal data concerning him or her when it occurs on a legal basis other than consent.
• right to object to automated decision-making (Art. 22 GDPR): the data subject has the right not to be subject to a decision based solely on automated processing (e.g. profiling, as defined by the GDPR).
The interested party may exercise his rights by writing an e-mail to firstname.lastname@example.org or by means of a/r addressed to the Data Controller’s headquarters. The interested party, in order to allow the correct management of the request, must specify in the communication the right he intends to exercise and the processing to which he refers, attaching a copy of a valid identity document. The Data Controller will use the collected data exclusively to identify the sender and verify the legitimacy of the request, without carrying out any further processing other than the mere storage for the period strictly necessary to fulfill the request. In application of the accountability principle promoted by the GDPR, the details of the request will be traced and stored to allow the Data Controller to demonstrate its management in compliance with current legislation.
Revocation of consent
The interested party can revoke the previously expressed consent to the processing of data at any time (Article 7 of the GDPR). In the absence of a different legal basis, the withdrawal of consent means, within the strictly necessary technical time, the cessation of any further processing activity, including mere retention, but does not compromise the legitimacy of the processing previously carried out. If the processing is not based on consent, its possible withdrawal would not affect the legitimate continuation. The withdrawal of consent can be expressed according to the channels provided by the specific services or, if not available, following the same instructions provided for the exercise of rights.
Submission of a complaint
The interested party has the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) or to act in court if he believes that the processing of your Personal Data is contrary to current legislation.
This Website and the Owner’s Services are not intended for children under 18 years of age and the Owner does not intentionally collect personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of users.
Types of data processed and purposes of the processing
This information is given to natural persons who access and consult the website of the Data Controller (hereinafter the Site), pursuant to art. 13 of the GDPR and, more generally, in relation to the provisions of Italian and European legislation on the protection of personal data.
The Personal Data collected by this Site are the following;
• navigation data (e.g. IP address, location – country -, information on the pages visited by the user within the website. Although the Company does not collect this information in order to associate it with specific users, it is still possible to identify these users directly through this information or by using other information collected;
• personal data provided voluntarily to receive a specific service (e.g. name and contact information);
• cookies: small text files that act as computer markers. Cookies and similar technologies are information that sites and applications send or read on devices at the first visit of a site, and then be retransmitted to the same sites and applications at the next visit. Through these technologies, sites and applications remember actions and preferences (such as, for example, login data, the chosen language, font size, other display settings, etc.) so that they do not have to be indicated again at the next visit.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning. The data could be used by the competent authorities to ascertain responsibility in case of hypothetical computer crimes against the site.
Data provided voluntarily by the data subject
In addition to what is specified for navigation data, the interested party is free to provide their personal data. The optional, explicit and voluntary sending of data by sending e-mail messages to the address indicated on this site or by filling out the form on the page Contacts involves the subsequent acquisition of the address e-mail of the sender, necessary to respond to requests, as well as any other personal data included in the message. The Data Controller ensures that the personal data provided by users of the site (e.g. name, surname, e-mail, content of the message) that forward requests for information, are used only to allow the execution of the requested service. Failure to provide them, however, makes it impossible to obtain what is requested. In particular, personal data provided voluntarily by users are processed for the following purposes:
a) provide responses to products and services;
b) provide assistance and customer care services;
c) compiling statistics in anonymous form (e.g. to assess the number of requests received);
d) respond to complaints and requests from users in relation to the products.
The Data Subject’s personal data will be kept by the Data Controller for the time strictly necessary to pursue the purposes for which they were purchased. By way of example, the Data Controller will process personal data for the newsletter service until the Data Subject decides to unsubscribe from the service.
The data retention period depends on the purposes for which they are processed and therefore could vary. The criteria used to determine the retention period of personal data are the following:
1) provide answers regarding our products and services;
2) provide assistance and customer care services; 3) respond to complaints and requests from users in relation to products;
4) assert rights in court;
5) for the time required by the applicable legal provisions.
The Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period the Personal Data will be deleted, therefore, at the end of this period the right of access, cancellation, rectification and the right to data portability cannot be exercised.
Definitions and legal references
Personal Data (or Data)
Information that identifies or makes identifiable, directly or indirectly, a natural person and that can provide information about his characteristics, habits, lifestyle, personal relationships, state of health, its economic situation, etc.
The individual who uses this site. The user, unless otherwise specified, coincides with the interested party
The natural person to whom the Personal Data refer.
Data Processor (or Data Processor)
Natural, legal, public administration or entity that processes personal data on behalf of the Data Controller (art. 4, par. 1, n. 8 GDPR).
Data Controller (or Data Controller)
The natural or legal person, public authority, service or any other body which, individually or together with others, determines the purposes and means of processing personal data;
The hardware or software tool through which the Personal Data of the Data Subjects are collected and processed.
The Service provided by this site as defined in the relevant terms (if any) on this site/ application.
Small amount of data stored inside the User’s device.
Last Updated: May 2020