Identity of the Data Controller. Data Protection Officer. Contact Details
In compliance with the obligations set out in Articles 13 and 14 of the European Regulation 2016/679 (General Data Protection Regulation, hereinafter “GDPR”) and national legislation concerning the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data, Tiemme Mobili d’Arte srl, headquartered at Via Leonardo Da Vinci 34750059 – Vinci – Florence – Italy, Tax Code/VAT number: 00869820480, which can be contacted for these purposes at the email address: info@cheopexcellenceurns.it, as the data controller (hereinafter “Controller”), considering the importance given to the protection and security of the personal data provided through this site, informs that it has appointed Mr. Massimiliano Marconcini as the Data Protection Officer (hereinafter “DPO”), pursuant to Articles 37-39 of the GDPR, who can be contacted at cell phone +39 335371552.
Definitions
For the purposes of the aforementioned legislation, the following definitions apply:
- Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Processing: any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- File: any structured set of personal data accessible according to specific criteria, whether centralized, decentralized or distributed on a functional or geographical basis;
- Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
- Recipient: the natural or legal person, public authority, agency or another body to whom the personal data are disclosed, whether a third party or not;
- Data subject’s consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Categories of Personal Data Processed. Mandatory/Optional Provision. Consequences of Non-Provision
The Controller processes personal data relating to the user as the “data subject,” as voluntarily provided or lawfully collected.
Personal data may be provided by filling in the relevant fields in the various sections of the site, contacting customer service, or by sending requests via email where required.
The site does not contain information intended directly for minors. Minors must not provide personal information or data. Participation in any competitions on the website is reserved for adults only.
Specifically, the following personal data are processed:
Data Related to the Operation of This Site
The IT systems and software procedures used to operate this website acquire, in the course of their normal operation, the following personal data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses; type of browser used; addresses of websites from which access was made, access time, and other navigation-related parameters, etc.
These are information that are not collected to be associated with identified data subjects, but which by their very nature could allow users to be identified, through processing and association with data held by third parties.
Data Related to Promotional and Profiling Activities
Optionally, with the express consent of the data subject (given by voluntarily selecting the appropriate checkboxes), the contact details voluntarily provided may be used for the sending of promotional communications and/or the service may be personalized based on the preferences expressed by filling in the respective sections.
These are personal data that do not fall into special categories (such as, for example, name, surname, telephone and email contact details, date of birth, residential address, etc.) provided by the data subject to enable identification and/or to perform the requested service (e.g., sending newsletters or communicating initiatives of the Controller) or additional data to enable a personalized service (profiling), in any case only with the data subject’s express consent.
The data in this category are optional, and therefore consent to the processing of these data may be denied or revoked by the data subject at any time with the same ease with which it is given, without affecting the lawfulness of processing based on consent before its withdrawal. Consequently, the non-provision and/or revocation of consent for the processing of such data will not prevent the data subject (known as the “user”) from accessing the service, but the Controller will not be able to send its commercial communications, grant access to any dedicated promotional benefits, and/or personalize the sending of these based on the preferences expressed.
Purpose of Data Processing. Legal Basis
The purposes of the processing of the user’s (data subject’s) personal data, both those automatically acquired through browsing and those voluntarily provided, are detailed below according to the needs expressed when accessing contact services and/or various sections of the website, by completing online forms or by direct access, via links, to the Controller’s email address related to the requested service.
Data Related to the Operation of This Site
Browsing data are processed exclusively by subjects expressly authorized by the Controller to provide access to the website sections, participate in any promotions and/or contests present on the site, including evaluation, assignment, and/or communication of digital coupons (also through the sending of transactional emails), and the related prizes, respond to requests received by email (e.g., technical issues related to access or site functionality), in which case the legal basis is the performance of pre-contractual measures or a contract (Article 6, paragraph 1, letter b of the GDPR), or to maintain the site, in which case the legal basis is the Controller’s legitimate interest in ensuring site security, proper functioning, and obtaining statistics on its use (Article 6, paragraph 1, letter f of the GDPR).
Data Related to Promotional Activities (Marketing) and/or Market Research
With the user’s consent and until withdrawal, the Controller may engage in marketing activities such as, for example but not limited to: newsletter subscription, using the contact details provided by the data subject (ordinary mail, telephone, email address), market research, sending promotional and informational material, marketing and advertising regarding the Controller’s products and services, measuring user satisfaction with the quality of the Controller’s activities, carried out directly or through specialized companies using remote communication techniques including automated contact methods (such as SMS, MMS, faxes, phone calls, email, messages on web applications) and traditional methods (such as postal mail and phone calls with an operator), personal or telephone interviews, questionnaires, conducting statistical surveys, analyzing habits, and defining user profiles based on information provided at registration, during questionnaire completion, or actions taken while browsing or interacting with the Controller’s banner ads on various social media platforms.
In all these cases, the legal basis for the processing is the specific and freely given consent of the data subject (Article 6, paragraph 1, letter a of the GDPR), with the right to withdraw consent at any time without formalities and without affecting the processing carried out before the withdrawal.
Consent for personal data processing is optional, but in case of refusal, in whole or in part, to provide data or to consent to its processing and/or communication, it will not be possible to complete the newsletter registration process and thus perform the requested service.
Processing Methods. Categories of Recipients. Transfer Outside the EU
The personal data provided by the data subjects (directly or indirectly) will be processed mainly in an automated form, with logic strictly related to the purposes mentioned above, through archives managed by the Controller or third parties appointed as Processors (the full and updated list of appointed Processors for data processing concerning you can be requested from the Controller at the contact addresses provided above) and/or integrated systems of an IT nature and/or websites owned or used by the Controller.
The Controller has adopted adequate security measures to protect users (data subjects) against the risk of loss, misuse, or alteration of such data. Although it is not possible to guarantee that data transmission over the Internet or websites is perfectly secure from intrusion, the Controller and its suppliers strive to maintain physical, electronic, and procedural security measures in line with legal requirements, through the adoption of appropriate technical and organizational measures as outlined in Article 32 of the aforementioned GDPR. The Controller uses secure data