Privacy Policy
The purpose of this document is to inform the natural person (hereinafter “Data Subject”) about the processing of his/her personal data (hereinafter “Personal Data”) collected by the data controller, Finding La Dolce Vita SRL, with registered office in Contrada Forano 43, 62010 Appignano, Tax Code/VAT No. 02108090438, e-mail address privacy@findingladolcevita.com, certified e-mail address findingladolcevita@pec.it, phone number 3714485521, (hereinafter “Data Controller”).
The Data Controller may modify or simply update this policy, in whole or part, notifying Data Subjects if necessary.
​
​This policy complies with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and other applicable laws.
1- Categories of Personal Data processed
The Data Controller processes the following types of Personal Data voluntarily provided by the Data Subject:
-
-
Contact Data: first name, last name, address, e-mail address, phone number, photographs, authentication credentials, any further information sent by the Data Subject, etc.
-
Fiscal and payment Data: tax code, VAT number, credit card data, bank account details, etc.
-
Data on the employment relationship: data entered into the curriculum vitae, data on spouse or children, social security data, etc.
-
If the Data Subject should decide to not provide Personal Data for which there is a legal or contractual obligation, or if such data is a necessary requirement for the conclusion of the contract with the Data Controller, it will be impossible for the Data Controller to establish or continue any relationship with the Data Subject.
The Data Subject who communicates Personal Data of third parties such as family members, colleagues, employers/employees, landlords, etc, to the Data Controller is directly and exclusively liable for their origin, collection, processing, communication or divulgation.
2- Legal basis and purpose of data processing
The processing of Personal Data is necessary:
a. for the performance of the contract with the Data Subject and especially for:
-
the fulfilment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject
-
support and contact with the Data Subject: to answer the Data Subject’s requests
-
management of payment: to manage payments by credit card, bank transfer or other methods
b. for legal obligations and especially for:
-
the fulfilment of any obligation provided for by the applicable norms, laws and regulations, in particular, on tax and fiscal matters
​
c. for legitimate interest of the Data Controller in the full defence of their rights:
-
to assert and/or defend the rights of the Data Controller in the forums permitted by law, including through extrajudicial initiatives and through third parties and preventing, detecting and deterring fraudulent, dangerous, unauthorised or unlawful activities and crime (such as fraud, identity theft, etc.).
​
3- Data processing methods and receivers of Personal Data
The processing of Personal Data is performed via paper-based and computer tools with methods of organisation and logics strictly related to the specified purposes and through the adoption of appropriate security measures.
Personal Data is processed exclusively by:
-
persons authorised by the Data Controller to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
-
subjects that operate independently as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes set out in this policy (for example, business partners, consultants, IT companies, service providers, hosting providers);
-
companies and third-party professionals appointed to enforce rights, interests, claims arising from relations with the Data Subjects;
-
subjects or bodies to whom it is mandatory to communicate Personal Data by law or by order of the authorities.
​
These recipients will act, as appropriate, as data processor, independent data controllers or authorised to process the Personal Data.
To receive the updated list of recipients or request additional information, interested parties may write to the Data Controller at:
privacy@findingladolcevita.com.
Personal Data will not be indiscriminately shared in any way.
4- Location
If necessary, Personal Data may be transferred to subjects located outside the territory of the European Economic Area (EEA). Whenever Personal Data is transferred outside the EEA, the Data Controller shall take all appropriate and necessary contractual measures to guarantee an appropriate level of protection for Personal Data, including - but not limited - to agreements based on the standard contractual clauses for the transfer of data outside the EEA, approved by the European Commission. To obtain information on the specific guarantees adopted, the Data Subject may contact the Data Controller at the following e-mail address:
privacy@findingladolcevita.com
​
5- Personal Data storage period
Personal Data will be stored for the period of time that is required to fulfil the purposes for which it was collected. In particular:
-
for purposes related to the execution of the contract between the Data Controller and the Data Subject, will be stored for the entire duration of the contractual relationship and, after termination, for the ordinary prescription period of 10 years.
-
for purposes related to legitimate interests of the Data Controller, at least until the possible exercise of the right of opposition of the Data Subjects, provided that in the event of problems, anomalies, or disputes, including non-judicial, Personal Data will be stored for a period equal to the limitation period of the relevant actions, increased by a prudential period of six months for the assessment, exercise or defense of a right of the Data Controller.
-
in compliance with legal obligations, by order of an authority and for legal protection, it shall be stored according to the relevant time frames provided for by such obligations, regulations and, in any case, until the expiry of the prescriptive term provided for by the rules in force.
In all cases, after the respective terms, all Personal Data will be deleted. It is understood that the terms indicated may be extended in cases where the Personal Data is relevant in relation to pending or foreseeable disputes, for requests from the competent authorities or in accordance with the applicable legislation.
6- Rights of the Data Subject
Data Subjects may exercise specific rights regarding the Personal Data processed by the Data Controller. In particular, the Data Subject has the right to:
​
-
Access: To obtain confirmation from the Data Controller that specific Personal Data concerning them is being processed or not and, in this case, to obtain access to their Personal Data;
-
Rectification: To obtain the correction/integration of inaccurate/incomplete Personal Data;
-
Erasure (“right to be forgotten”): To obtain, in the cases provided for by law, the erasure of Personal Data concerning them without undue delay;
-
Restriction of Processing: To obtain, in the cases provided for by law, the limitation (that is, the marking of the Personal Data stored with the aim of limiting its processing in the future) of the processing of Personal Data;
-
Portability of Personal Data: If the processing is carried out by automated means on the legal basis of the contract or consent, to receive in a structured, commonly used and machine-readable format, the Personal Data provided to the Data Controller and request that the Data Controller transmit the data to another data controller;
-
The right to object to the processing of Personal Data: indicated in par. 2, lett. c) for reasons to be explained relating to a particular situation of its own, in relation to the Data Controller’s right of defence and where the Data Controller’s legitimate reasons prevail.
​
In addition, Data Subjects, whenever the processing of their Personal Data appears to breach any current legislation regarding personal data protection, have the right to file a complaint with the Data Protection Authority of the Member State of the European Union where they have their habitual residence or place of work or where the alleged violation of their right has occurred (in the case that State is Italy, they may contact the Authority for the protection of personal data) or appeal to the competent judicial courts (art. 79 GDPR).
To use their rights, Data Subjects may send a request to the following e-mail address privacy@findingladolcevita.com. Requests will be immediately treated by the Data Controller and processed as soon as possible, in any case within 30 days.
​
Last Update: 03/12/2024