Foreword
Lithos Design S.r.l. (Tax Code and VAT number 00793120247) with registered office in Via del Motto no. 25, San Pietro Mussolino 36070 (VI) Italy – Tel. +39 0444 687301 Fax +39 0444 687398, email info@lithosdesign.com, PEC lithosdesign@pec.it (hereinafter, „Data Controller“), in its capacity as Controller of the data processing, hereby informs you, pursuant to art. 13 EU Regulation no. 2016/679 (hereinafter, „GDPR“) that your data will be processed in the manner and with the purposes that follow:
Definitions and legal references
Personal data (or Data)
Personal data is any personal information relating to a natural person, identified or identifiable, even indirectly, by referencing any other information, including a personal identification number.
Data used
It is the information collected automatically by this application (or by third party applications that this application uses), including: the IP addresses or domain names of the computers used by the user who connects with this application, the addresses in URI (Uniform Resource Identifier) form, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc. ), the country of origin, the characteristics of the browser and operating system used by the visitor, the various times associated with the visit (for example, the time spent on each page) and the details of the path followed within the application, with particular reference to the sequence of the pages consulted, the parameters relating to the operating system and the user’s IT environment.
User
The individual who uses this application, which must coincide with the data subject or be authorized by him/her and whose personal data are being processed.
Data subject
The natural or legal person to whom the personal data refer.
Data processor (or processor)
The natural or legal person, public administration or any other entity, association or body that process the personal data on behalf of the data controller.
Data controller (or controller)
The natural or legal person, public administration and any other entity, association or body to which, even jointly with another controller, who are responsible for decisions regarding the purposes, means and methods of processing personal data and the tools used, including the safety profile, in relation to the operation and use of this application. The data controller, unless otherwise specified, is the owner of this application.
This application
The hardware or software tool through which the user’s personal data are collected.
Cookies
Cookies are small strings of text sent by the user’s computer when he/she visits a website which store, and sometimes keep track of information about the website use by the user
Legal references
Notification for European users: this privacy policy has been drafted in fulfilment of the obligations set out in art. 13 and subsequent Reg. EU 679/2016 GDPR, in addition to the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, concerning cookies.
This privacy policy only refers to this application.
Availability of the privacy policy
The data controller provides the opportunity to consult this information: a) by consulting this website; b) every time an explicit request is made.
Subject of the processing
The data controller processes personal, identifying and non-sensitive data (in particular, IP address, name, surname, email, profession and country – hereinafter, “personal data” or even “data”) communicated by you when filling in the forms present on the data controller’s website.
Purpose of the processing
Your personal data can be processed for the following purposes:
- To manage and maintain the website and update its content;
- To fulfil precontractual, contractual and tax obligations deriving from existing relationships with you;
- To fulfil the obligations established by law, a regulation, community legislation or by order of the Authorities;
- To prevent or uncover fraudulent activities or abuse which are harmful to the website;
- To exercise the rights of the data controller, e.g. the right to legal defence;
- To manage your request for information submitted after completing the appropriate form;
- Sending newsletters, commercial communications and/or advertising material on products or services offered by the data controller following a request and registration of the user via the appropriate form;
- Registration of the user in the appropriate reserved area and creation of the relevant profile with the assignment of access credentials;
- Profiling of users who register to the reserved area
- Statistical purposes;
- To allow additional services to be delivered that may be requested;
This website processes data based on:
– the consent explicitly requested from the User for profiling and statistical purposes;
– the consent explicitly requested to deliver a specific service, such as sending newsletters, the creation of the user profile after registration in the reserved area, handling of the request for information.
– the use or consultation of this website, related to the additional methods and purposes described, including any disclosure to third parties, if necessary, to deliver a service.
Some data, however, may be processed based on the user’s legitimate interest in using the contents published on the data controller’s websites and their correct administration and management, including the security and correct functioning of the site.
Method of the data processing
The processing of your personal data is carried out through the operations indicated in art. 4, no. 2) of the GDPR and specifically: the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of the data. Your personal data are subjected to processing with paper, electronic and automated instruments.
The Data Controller will process the personal data for the time necessary to fulfil the purposes referred to above and in any case not longer than 7 years from the termination of the relationship for the purposes of service and for no longer than 2 years after the collection of the data and/or from the last contact for Marketing Purposes.
Newsletter
We would like to point out that if you are already a customer, we may send you commercial communications relating to the data controller’s services and products, similar to those you have already used, unless you specifically refuse them.
In the other cases, if you want to subscribe to the mailing list that allows you to automatically receive our informative, popular, institutional and/or cultural communications via email free of charge, you must fill in the appropriate form available on the home page of this website.
The data requested are your first name, surname, email address, location and job title.
The user has the right to object at any time to this processing, by sending an email to the following address info@lithosdesign.com, as well as to exercise all the rights under articles 15 to 21 of the General Regulation no. 679/2016 (including access rights, rectification, updating, erasure).
The user is also has the opportunity to unsubscribe from the newsletter using the unsubscribe function present in each newsletter received or by sending an unsubscribe request to this email address info@lithosdesign.com. The request to unsubscribe will be processed within 48 hours of receipt.
Registration to the reserved area
There is a reserved area on the data controller’s website to which the user can register after completing the appropriate form.
The user’s registration request, as well as the suitability of the user’s profile, is initially assessed by the data controller’s, duly authorised staff.
Once the application for registration has been approved, the company database “Customer Relationship Management” (so-called CRM) automatically assigns temporary credentials to the user via email which the user must use for first access. The credentials consist of the user’s email address and a temporary password which the user must change after the first access. The aforementioned password will only be made known to the user.
The user is activated on the WordPress platform, used by the data controller.
The password chosen by the user will be stored on the aforementioned platform and also copied in the CRM, but will never be accessible to the data controller.
Profiling
In order to provide an increasingly personalised and functional service, the data controller intends to profile users who register via one of the three forms on the website (personal area, newsletter, request for information) after processing the country of origin and profession/job category (architect, interior designer, etc.), in order to prepare commercial communications which target the user’s interest as far as possible.
Specific consent for the profiling activity will always be requested beforehand in all cases. If the user does not give his/her consent, the relevant data will not be subject to profiling by the data controller.
Wroopa
The owner of the website uses Wroopa platform to monitor the browsing activity of the users registered to the reserved area (files download and browsing of the website pages) in order to obtain statistical reports and an analysis of the preferences aimed at forwarding communications and advertising in lines with the preferences and commercial needs of the user (so called one-to-one Marketing).
Specifically, Wroopa platform is used for the following processing purposes:
• Monitoring and tracking the downloads and page view by the users logged into the reserved area. In this case, profiling consent will be accepted during registration to the reserved area;
• Monitoring page view’s actions of users not registered to the reserved area. This monitoring will take place subject to the user’s consent by using an appropriate function in the banner and, in this case, the user will be monitored as „Anonymous“.
Only after registering to the reserved area, actions’ monitoring will take place unambiguously (with identification by name, surname, email address, nation and language).
Wroopa platform detects user logs without storaging or transfering from another platform.
Access to the data
Your data may be made accessible for the purposes set out in art. 2.A) and 2.B):
– to employees and collaborators of the Data Controller, in their role as appointed persons and/or internal data processors and/or system administrators;
– to outside companies for support activities in the feasibility study of the customer’s project, for the activities of technical management of the project, for the storage of personal data, etc.) or to third parties (e.g., provider for the management and maintenance of the website, suppliers, credit institutes, professional studios, etc.) which perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processing managers.
Data communication
Without your express consent, the Data Controller may communicate your personal data for the purposes referred to in art. 2.A) to Supervisory bodies, judicial Authorities as well as to all the other subjects to whom the communication is obligatory by law for the fulfilment of the stated purposes.
In any case, your data will not be subject to dissemination.
Data transfer
Your personal data will be managed and stored on servers located within the European Union and belonging to the Data Controller and/or third-party companies appointed and duly identified as Data processing managers. Currently our servers are located in Italy. Your data will not be transferred outside the European Union. It remains regardless understood that the Data Controller, if necessary, will have the right to transfer the servers’ location within Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller guarantees from this moment that the transfer of the data outside the European Union will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements which guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
Nature of data provision and consequences of refusing to respond
Providing data for the purposes indicate above, (from no. 1 to 5) is necessary to guarantee the services you have requested.
Providing data is optional for further purposes (from no. 6 to 11: sending of newsletters/commercial and/or promotional communications, profiling activities, registration in the reserved area, handling of the request for information, non-anonymised statistical purposes) and refusal to give consent does not have negative consequences on the delivery of the service offered on the website and related applications. You can, therefore, decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, for example, you will not be able to receive newsletters, commercial communications and advertising material relating to the services offered by the data controller. In any case, you will continue to be entitled to the services referred to in letters 1 to 5.
Data storage
The storage of personal data will take place in paper and/or electronic/IT form and for the time strictly necessary for the fulfilment of the purposes outlined above, in compliance with your privacy and current regulations.
The user data processed by the data controller will be stored and saved on a third-party supplier platform, duly appointed as data processor.
For the purposes of analysis aimed at the development and improvement of the service, the user’s personal data may be stored for seven years.
For direct marketing and profiling purposes, we store your data for a maximum period as laid down by the applicable legislation (24 and 12 months respectively).
Invoices, accounting documents and transaction data are kept for ten years in accordance with the law (including tax obligations).
If you exercise the right to be forgotten by expressly requesting the erasure of personal data processed by the data controller, we remind you that such data will be stored, in a protected form and with limited access, only for the purpose of ascertaining and preventing crimes, for a period not more than twelve months from the date of the request and subsequently, they will be safely erased or irreversibly anonymised.
Data relating to electronic traffic, excluding however the contents of communications, will be stored for a period of no more than six years from the date of communication, pursuant to art. 24 of Italian Law no. 167/2017, which transposed the EU Directive 2017/541 on anti-terrorism.
If no active interaction is carried out (e.g. browsing, research and/or any other way of using the service) on this website for a period of twenty-seven months, you will be classified as an inactive user and the relevant personal data will be erased.
Rights of the Data Subject
In your capacity as the Data Subject, you have the rights referred to in art. 15 GDPR and specifically the right to:
A) Obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data in a readable form;
B) Obtain the indication of:
– The origin of the personal data;
– The purposes and procedures of the data processing;
– The logic applied in the case of processing carried out with the aid of electronic instruments;
– The identification of the Data Controller, the Data processing managers and their appointed representative and the subjects or categories of subjects to whom the personal data can be communicated or that can be informed in their capacity as appointed representative in the State territory, managers or persons in charge;
C) Obtain:
– The updating, correction or, where relevant, integration of the data;
– The deletion, transformation into anonymous form or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
– The verification that the operations referenced in letters 8.A) and B) have been brought to the knowledge, including with regard to their content, of the parties to whom the data have been communicated or disseminated, except where this is impossible or requires the use of means which are manifestly disproportionate with respect to the protected right;
D) Object, in whole or in part:
– To the processing of your personal data for legitimate reasons, even if pertinent to the purpose of its collection;
– To the processing of your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail. Please note that, with regard to direct marketing through automated methods, the Data Subject’s right to object, as set out in point B) above, is extended to traditional methods, and that the Data Subject is able to exercise their right to object, even in part. Consequently, the Data Subject may choose to receive only communications via traditional means, only automated communications, or neither.
– Where applicable, the Data Subject also has the rights of articles 16-21 GDPR (right of correction, right to cancellation, right of limitation of the processing, right to data portability, right of opposition), and the right to make claims to the guarantor Authority.
Procedures for exercising your rights
You may exercise your rights at any time by sending:
– a registered letter with return receipt addressed to: Lithos Design S.r.l. Via del Motto no. 25 San Pietro Mussolino 36070 (VI)
– an email to the address info@lithosdesign.com
– a PEC email to the address lithosdesign@pec.it
Minors
This website and the Data Controller’s services are not intended for children under the age of 18 and the Data Controller does not knowingly collect personal information about minors. In the event that information relating to minors is unintentionally recorded, the Data Controller shall promptly delete it at the user’s request.
Data Controller, Data Processing manager and appointed persons
The Data Controller is Lithos Design S.r.l. (Tax code and VAT number 03395860244) with registered office in Via del Motto no. 25 a, San Pietro Mussolino 36070 (VI) Italy – Tel. +39 0444 687301 Fax +39 0444 687398, email info@lithosdesign.com, PEC lithosdesign@pec.it
The updated list of the Data processing manager and appointed persons involved in processing is kept at the registered offices of the Data Controller.
Changes to this Privacy disclosure
This Privacy Information Notice may be subject to change. We therefore recommend that you regularly check this Privacy Information Notice and refer to the latest version.