(Art. 13 of the EU General Data Protection Regulation No. 679/2016)
Dear User, Pursuant to Article 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”), we inform you that the processing of the data you provide will be carried out using methods and procedures aimed at ensuring that the processing of personal data is carried out with respect for the fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality and security, personal identity and the right to protection of personal data. Recall that processing means any operation or set of operations, whether or not by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction (Art. 4 GDPR).This Notice describes how the website https://glemcircle.com/ is managed. With reference to the processing of personal data of users who consult it. The information does not apply to other websites that may be consulted through our links, for which GLEM Srl is in no way responsible. Translated with www.DeepL.com/Translator (free version)
OBJECT OF TREATMENT
The data processed by Company Name refer to:
• Biographical data (such as first and last name );
• Contact information (such as e-mail address, residential address and telephone number);
• Data on payments made.
LEGAL BASIS OF PROCESSING AND ORIGIN OF DATA
The legal basis for such processing is to be found in your express and unequivocal consent (ex art. 6.1, letter A) of the GDPR).The personal data held by the Data Controller are collected directly from the data subject and only possibly may come from third parties, registers or public lists.
PURPOSE OF PROCESSING
Personal data and any changes that you communicate in the future to GLEM Srl are collected and processed for the following and exclusive purposes:
• Registration of a nominal user account, through which to access the restricted area of this website;
• Conducting purchasing activity at this website – external handling of payments by credit card, bank transfer or other means. The Data used for payment are acquired directly from the operator of the requested payment service without being processed in any way by this Application;
• Sending information and promotional materials…
MODE OF TREATMENT
Processing is limited to the following operations and in the following manner:
• Data collection from the data subject by filling out online forms;
• Computer-based recording and processing;
• Organization of archives in mainly automated form, through business applications and computerized master records;
• Disclosure of your data to third party Partners of the Data Controller.
The processing of data will be carried out by means suitable to guarantee its confidentiality, integrity and availability, in compliance with appropriate technical and organizational security measures provided for by the GDPR. The processing shall be carried out on paper and by means of information and/or automated systems and shall include all the operations or set of operations provided for in Art. 4 of the GDPR and necessary for the processing in question, including communication towards the persons in charge of the processing itself. The data in question will not be disseminated, while they will or may be communicated to entities, public or private, operating within the scope of the purposes described above.
DATA RETENTION
The Controller will process your personal data for as long as necessary to fulfill the above purposes, in particular, within the ten-year period of ordinary statute of limitations. Limited to the processing of sending newsletters, against your express consent, the Controller will process your data for no longer than two years after their collection.
ACCESS TO TREATMENT
The data will be made accessible, for the purposes mentioned in point no. 3:- To employees/collaborators in their capacity as authorized processors, subject to appropriate appointment;- To third parties performing outsourced activities on behalf of the data controller.
COMMUNICATION OF DATA
Your data will not be disclosed to unauthorized third parties. Such communication will not be made to unauthorized third parties. Your data will not be disclosed in any way. To this end, the processing is conducted with the use of appropriate security measures to prevent unauthorized access to the data by third parties and to ensure their confidentiality.
DATA TRANSFER
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third party companies appointed and duly appointed as Data Processors. Data will not be transferred outside the European Union.
NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND
The provision of data for the purposes mentioned in 3.a) and 3.b) is mandatory. In their absence, it will not be possible to proceed with the registration of your user account in the restricted area of the Data Controller’s website and/or consequently it will not be possible to proceed with purchases. On the contrary, the provision of your data for the purposes referred to in point 3.c) is optional and the processing by the Data Controller will be subject to your express and unequivocal consent.
RIGHTS OF THE DATA SUBJECT
According to the provisions of the GDPR, the data subject has the following rights vis-à-vis the Data Controller:
• To obtain confirmation as to whether or not personal data concerning him or her are being processed, and if so, to obtain access to the personal data (Right of Access Art. 15);
• To obtain the rectification of inaccurate personal data concerning him/her without undue delay (Right to Rectification Art. 16);
• Obtain the erasure of personal data concerning him or her without undue delay, and the data controller has an obligation to erase personal data without undue delay if certain conditions are met (Right to be forgotten Art. 17);
• Obtain limitation of processing in certain cases (Right to limitation of processing Art. 18);
• Receive in a structured, commonly used and machine-readable format the personal data concerning him or her that he or she has provided and has the right to transmit such data to another Data Controller, without hindrance from the Data Controller to whom he or she has provided it, in certain cases (Right to Data Portability Art. 20);
• Object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her (Right to object art. 21);
• Receive without undue delay notice of the personal data breach suffered by the Data Controller (Art. 34);
• Revoke express consent at any time (Conditions for Consent Art. 7).
Where applicable, the data subject also has the rights under Articles 16-21 GDPR (Right to rectification, Right to be forgotten, Right to restrict processing, Right to data portability, Right to object), as well as the right to complain to the Data Protection Authority.
WAYS OF EXERCISING THE RIGHT
Sending e-mail message at the dedicated address of the Data Controller: info@glemcircle.com
DATA CONTROLLER
The Data Controller is GLEM Srl Viale Alessandro Volta,34 50131 Florence (FI)The list of data processors and data processors can be consulted at the above-mentioned office of the Data Controller.
UPDATE OF THIS POLICY
This Notice is subject to change. Any substantial changes will be transmitted to interested parties by notice or publication on the company website.