PRIVACY POLICY
as per Article 13 of the retained version of the General Data Protection Act EU Regulation 2016/679,
( “UK GDPR”)
This information notice is provided according to the Data Protection Act 2018 (“DPA 2018”), the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (“PECR”) in relation to the processing of personal data collected within or through the website DisaronnoInternational.co.uk and any subdomain (the “Website”), owned and managed by Disaronno International UK.
Third-party websites that are possibly linked to in this Website are regulated by and subject to a separate privacy policy and they are in no way linked to this information notice.
This information notice applies to all users surfing on the Website.
All users are invited to read this information carefully.
_
DATA CONTROLLER
Disaronno International UK
(“Company” or “Data Controller”)
_
PERSONAL DATA PROCESSED
In addition to the provisions set forth in other policies (with particular reference to the “Cookie Policy”), available on this Website and the use of the respective features and/or subscription to services offered therein, the following data may be collected and processed:
- browsing information: they are data that the server collects automatically at every access to the Website, such as IP addresses or domain names of computers used by the users to connect to the Website, URI addresses (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the dimension of the files obtained as an answer, the code number which indicates the answer status supplied by the server (i.e. good result, mistake, etc.) and other parameters related to the operating system and to the users’ IT environment. We collect this personal data by using cookies and other similar technologies; and
- personal data voluntarily provided by the users: such as name, surname, email address, additional contact data and further data and information provided in messages sent to the contact details of the Company or by filling in the electronic forms therein published.
The Website does not contain any information or feature or service directly offered to users of minor age.
Minors shall not provide information or personal data without the consent of those having parental responsibility.
Users of minor age are invited not to provide any personal data without prior authorization of their parents or by those exercising parental responsibility. In case the Company will be notified that personal data have been provided by a minor, the Company will immediately delete said data or request appropriate consent by the parents (or by the holder of parental responsibility), reserving the right to prevent any access to the services offered on the Website to any user who hided the minor age or who communicated personal data without consent of the parents (or of the holder of parental responsibility).
_
LEGAL BASIS AND PURPOSE OF PROCESSING
The processing of personal data is exclusively carried out for the following purposes:
(i) consent (art. 6 lett. a) UK GDPR - we rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to the newsletter service.
(ii) fulfilment of contractual or pre-contractual obligations (art. 6 lett. b) UK GDPR) – for the execution of services or for providing information requested through the Website and/or through electronic forms herein posted and for fulfilling all obligations arising out of pre-contractual or contractual relationships with the user and for managing interactions with the users.
(iii) fulfilment of legal obligations (art. 6 lett. c) UK GDPR)- for the fulfilment of obligations set forth by applicable laws or regulations in force, including tax legislation, as well as the fulfilment of orders of the competent entities or authorities;
(iv) on the basis of a legitimate interest of the Company (art. 6 lett. f) UK GDPR) where our interests are not overridden by your interests or fundamental rights and freedoms.
_
CONSEQUENCES OF THE REFUSAL TO PROVIDE DATA
The provision of data for the purposes set out in paragraphs (i) (fulfilment of contractual obligations) above is optional. However, since the processing of data for such purposes is necessary in order to allow using the online services offered through the Website (including the newsletter, if any), the missing, partial or incorrect provision of data will prevent, as the case maybe, from using the services offered online and, in general, the handling of users’ specific requests.
_
COOKIES
For more information about the cookies we use and how to change your cookie preferences, please see DisaronnoInternational_Cookie PolicywebsiteUK.pdf available to download from DisaronnoInternational.co.uk
_
DATA COMMUNICATION
Data can be communicated to the following categories of subjects (“recipients”):
- to all those parties (including public authorities) having access to the personal data according to law or administrative provisions;
- to all those public and/or private parties, individuals and/or legal entities to which data must be communicated in compliance with the contract or applicable law.
In addition to the above, in order to pursue the purposes specified above, personal data may be disclosed to Company’s staff that has been expressly authorized (in particular belonging to the IT and administration offices) and/or to third parties operating on behalf of the Company, such as, by way of example and not limited to:
- companies, consultants or professionals in charge of the set-up, maintenance, updating and, in general, the management of the Website;
- companies or professionals in charge of the development and realization and/or of the transmission of informative documents and communications;
- legal and tax professionals and consultants, statutory auditors and auditing companies or professionals, members of the supervisory body,
that will process the personal data in their quality as data processors on behalf of the Company or as independent data controller, as the case maybe and on the basis of the specific relationships with the Company.
_
INTERNATIONAL TRANSFERS
We do not transfer your personal data outside the UK, except if your enquiry requires communication with our global business or one of our global brands. In this case, our UK team will inform you prior to the transfer of your personal data. Whenever we transfer your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, we always ensure that a similar degree of protection is afforded to it by ensuring safeguards are implemented.
DATA RETENTION
Personal data will be retained for the entire duration of the contractual relationship and, subsequently, for the period of time allowed by applicable law on statutory or time limitation periods (also with respect to accounting and tax purposes) and, in general, for the time necessary for the exercise of Company’s rights in relation to claims raised by public authorities, public and private entities and subjects.
RIGHTS OF DATA SUBJECTS
As a data subject, the user may ask to the Data Controller to exercise the following rights:
Right to access
The user may ask whether or not his/her personal data are processed and, if so, have access to that data and to specific information on the processing, such as information on the purposes, on the categories of personal data concerned, on the existence of other rights as set out below. The user may also request copy of his/her personal data
Right to rectification
The user has the right to request and to have his/her data rectified in case of inaccuracy or incompleteness
Right to erasure
The user has the right to have his/her data erased without undue delay if, inter alia, (i) such data are no longer necessary in relation to the initial purposes for which they were collected, (ii) he/she objects to the processing of his/her personal data (as indicated below) and there is no other legitimate and prevailing reason for processing, (iii) user’s data are unlawfully processed, (iv) data shall be deleted for the fulfilment of a legal obligation. This right does not apply if the processing is necessary for, among other purposes, the performance of a legal obligation or for the establishment, exercise or defence of legal claims before the court.
Right to restriction of processing
The user has the right to obtain the restriction of processing, meaning that the processing activity will be suspended for a period of time. The circumstances under which this right can be exercised include cases in which the accuracy of personal data was contested but a period of time is necessary to verify the accuracy of such data.
Right to object
Users have the right to object at any time, for reasons related to their particular situation, to the processing based on a legitimate interest of the Data Controller, unless the Data Controller can demonstrate legitimate and mandatory grounds for processing that prevail on the interests, rights and fundamental freedoms of the data subject or that the data are necessary for the establishment, exercise or defence of legal claims before the court.
Right to data portability
In relation to the cases of (amongst the others) processing carried out by automated means, processing based on consent or based on the fulfilment of contractual obligations, the user has the right to request and receive personal data in a structured, commonly used and machine-readable format and to transmit the data to another data controller. He/she has also the right to request the direct transmission from a data controller to another data controller, where technically feasible, without prejudice to the possibility to obtain the erasure of the data, as indicated above.
_
COMPLAINTS
The user has the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk) in the cases referred to by Article 77, UK GDPR, and when the user believes that the processing of personal data infringes the law. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The above rights can be exercised by sending without any formality a request to the Data Controller. The request can be sent to the Data Controller via mail or e-mail to the following address hr@disaronno.it
_
If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:
Email address: customerservice_UK@disaronno.com
This Privacy Policy can be amended and updated, also depending on modifications of the applicable law provision. The Data Controller therefore invites users to periodically visit the present page for being aware of any change or update.
Last update: 22 March 2024