PRIVACY POLICY

Information sheet pursuant to Art. 13 Reg. (EU) 2016/679 – GDPR – Information on the processing of personal data obtained from the interested party.

In accordance with the General Data Protection Regulation (EU) 2016/679, we are providing herewith the necessary information relating to the processing of the personal data provided. This information is not considered valid for other websites visited through links on websites belonging to the controller, which is not considered in any way responsible for third-party websites.

This refers to a disclosure that is made pursuant to Art. 13 of the General Data Protection Regulation (EU) 2016/679 - GDPR. This information is also inspired by Recommendation no. 2/2001 that the European authorities for personal data protection, collected in the Group established by Art. 29 of Directive no. 95/46/EC, adopted on 17 May 2001 to identify several minimum requirements for collecting personal data on-line, and, in particular, the methods, times and nature of the information that the Data Controllers must provide to users when they connect to website pages, regardless of the purposes of connecting, as well as what is provided for by Directive 2002/58/EC, as updated by Directive 2009/136/EC, regarding Cookies and measure of the Guarantor Authority "Identifying simplified procedures for the disclosure and the acquisition of consent for the use of cookies - 8 May 2014 (Published in the Gazzetta Ufficiale no. 126 of 3 June 2014)" and subsequent clarifications.

Personal data (Art. 4 GDPR) - “personal data” are any information concerning an identified or identifiable natural person (“interested party”); a natural person is deemed to be identifiable if he or she can be identified, directly or indirectly, with particular reference to an identifier such as a name, identification number, details of his or her location, an online identifier or one or more details characteristic of his or her physical, physiological, genetic, mental, economic, cultural or social identity; (C26, C27, C30)

 Specific information - Specific information could be presented on the website pages related to special services or processing of Data provided.

Cookies - Please see the cookies policy at the following link here.

1. THE DATA CONTROLLER  

pursuant to Articles 4 and 24 of the GDPR, the data controller is Koiné di Francesco Riccio & C. Snc (Legatoria Koiné)- Via C. Marchesi, 19/21 - 53042 Chianciano Terme (Siena), Italy, in the person of the Legal Representative pro-tempore. The controller’s email contact is privacy@legatoriakoine.it.

2. The DATA PROTECTION OFFICER (DPO- Data Protection Officer) is determined pursuant to Articles 37 – 39 of Reg. EU 2016/679. The DPO’s email contact is privacy@legatoriakoine.it.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

The personal data will be processed in accordance with the conditions on legality pursuant to Article 6 of Reg. (EU) 2016/679 for the following purposes:

A)  Legatoria Koiné services:

- browsing on this website;

- contact request, customer care and for assistance with Legatoria Koiné services

- data collection to enlist the Controller's services;

- on-line purchases and related administrative-accounting activities, for the purposes of applying regulations regarding personal data protection, the processing carried out for administrative-accounting purposes refers to processing connected to performing organizational, administrative and accounting activities, regardless of the nature of the data processed. In particular, such purposes are pursued by internal organizational activities, activities necessary for fulfilling contractual and pre-contractual obligations, informational activity, shipping and returns;

- completion of data collection forms inherent to Legatoria Koiné services and activities to activate a single authentication or single identification, with an access control system that allows the user to perform a single valid authentication for several software systems or computer resources to which you will be enabled through Single Sign-On (SSO);

B) ) for direct marketing, newsletters and promotions, SMS messages or other types or messages, social networks and applications. The data will be included in the corporate CRM. In order to compare and possibly improve its communication results, Legatoria Koiné uses systems to send out newsletters and promotional notices with reports.

C) ) for activities, to compile your profile and analyse your habits and consumer choices and purchasing behaviour (if done), so as to improve the sales and services offered, enabling us to send you communications that could interest you. The processing of personal data could refer to customer care activities, comprising offers for personalised services at the points of sale and after sales, as well as complimentary services. Such purposes are also pursued by these being entered in the CRM of the company.

Data processing in accordance with purpose A) is based on the legitimate interest pursuant to Article 6(1), letter f): (whereas clause 47) taking into account the reasonable expectations held by the interested party at the time or within the scope of the collection of personal data, when the interested party may reasonably expect such data to be processed for that purpose.

Data processing in accordance with purpose B) is based on the consent pursuant to Article 6(1), letter a) GDPR.

Data processing in accordance with purpose C) is based on the consent pursuant to Article 6(1), letter a) GDPR.

4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA

The personal data supplied will be sent to recipients, who will process the data as data protection officers (Article 28 of Reg. (EU) 2016/679) and/or as natural persons acting under the authority of the Data Controller and Data Protection Officer (Article 29 of Reg. (EU) 2016/679), for the purposes listed in point 3. and to third parties. More specifically, the data may be sent to companies contracted to to Legatoria Koiné and may be communicated to third parties falling under the following categories: - parties that provide services for managing the computer system used by Legatoria Koiné and the telecommunication networks (including email, CRM Data Base management and mailing lists, e-commerce platforms, APP providers, etc.…); - third parties to support on-line purchases and administrative-accounting activities, shipping and returns (e.g. banks, shipping insurance);- offices or companies within the scope of assistance and consulting services; - the relevant authorities for compliance with legislative requirements and/or directives issued by public bodies, on request. Parties belonging to the categories above cover the function of Data Processor or operate completely independently as distinctive Data Controllers. The list of Data Protection Officers is constantly updated and available at Legatoria Koiné di Francesco Riccio & C. Snc, Via C. Marchesi, 19/21 - 53042 Chianciano Terme (Siena), Italy, by writing to privacy@legatoriakoine.it.

5. TRANSFER OF DATA TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANIZATION AND GUARANTEES.

To manage its e-commerce activities, Legatoria Koiné will be able to use cloud platforms provided by third parties as sub-processors. In this regard, we inform you that your personal data acquired on the basis of this disclosure will be stored on servers located in the UE.

6. DATA RETENTION PERIOD OR CRITERIA FOR DETERMINING THE PERIOD

The data will be processed electronically or manually, with procedures and tools able to guarantee maximum security and confidentiality, by persons specifically authorized to do so. In accordance with the provisions of Article 5(1) letter e) of Reg. (EU) 2016/679, the personal data collected will be kept in a form that allows the identification of interested parties for a period no longer than that required to fulfil the purpose for which the personal data is collected. The retention of the personal data supplied depends on the purpose of processing:

- browsing on this website (Please see the cookies policy at the following link here);

- for contact request (maximum 1 year);

- for restricted area for registered users/login (maximum 2 years);

- data collection for selecting personnel (maximum 2 years);

- receiving newsletters or promotional notices in general via e-mail (maximum 24 months);

- online sales (10 years)

Timing determined on the basis of criteria about which the interested party can obtain information by writing to privacy@legatoriakoine.it.

7. RIGHTS OF DATA SUBJECTS

You may assert your rights as provided for by Regulation (EU) 2016/679, by contacting the Data Controller, by sending an email to privacy@legatoriakoine.it or by writing to the Data Controller’s premises indicated above. You are entitled to ask the Data Controller for access to your personal data at any time (Art. 15), to correct it (Art. 16) or to delete it (Art. 17), or to limit the processing thereof (Art. 18) or to object to the processing thereof based on a legitimate interest (Art. 21). Finally, you are entitled to data portability (Art. 20).

Right to revoke. Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.

To object to processing or to exercise any other rights, you can write to privacy@legatoriakoine.it.

As an alternative to automatic-cancellation systems for e-mail, in order to stop receiving electronic direct marketing (e-mails, SMS, social networks), you can write to privacy@legatoriakoine.it with the subject line “cancellation from electronic communications”. To object to profiling processing, you can write to privacy@legatoriakoine.it with the subject line “no profiling”.

You are entitled to submit a claim to a supervisory authority.

There is no automated decision-making process.

8. NATURE OF SUPPLY AND REFUSAL

The transfer of data for the purposes stated under point A) above is optional, but necessary. The refusal to supply the necessary data regarding point A) makes it impossible to use the services of the Data Controller. The transfer and consent to processing for the purposes under point B) and/or C) is optional. Any refusal to provide consent for the purposes detailed under points B) and/or C) above, does not result in any negative consequence regarding the purposes referred to in point A). Profiling and marketing activities are only an eventuality and shall only be done with the specific consent of the data subject, should the party consent to the profiling of their data with these being entered into the CRM. Entering data into the CRM is optional and shall result in this becoming automatically visible to those that have access, or the data protection officers and persons in charge of the processing at the various points of sale worldwide.

9. CHANGES TO THE PRIVACY INFORMATION NOTICE

The Data Controller reserves the right to change, update, supplement or remove parts of the present Privacy Information Notice at its sole discretion at any time. The Data Subject must check periodically for any changes. To facilitate such checking, the Information Notice will contain the date of updating of the Information Notice.