Back
DESA S.r.l. PRIVACY STATEMENT
Information on the Processing of Personal Data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). Effective from 18 October 2022.
INTRODUCTION
This information takes into account the provisions of the GDPR and the Privacy Code (Legislative Decree 30 June 2003, No. 196). The document has also been prepared in accordance with the Guidelines of the Privacy Guarantor (especially the Guidelines on combating spam issued by the Privacy Guarantor on 4 July 2013).
Data Controller: Desa S.R.L. - Viale G.De Gennaro,1| c/o Interporto Puglia - 70123 Bari (BA) - VAT Number IT06276470728 - Tel. +39 0802029159 - web@desatrade.com.
Website to which this privacy policy refers: https://www.desatrade.com/ (Website).
GENERAL INFORMATION
Below are described the main processing activities of your personal data provided on the website. In particular, the legal basis for the processing, whether the provision of data is mandatory, and the consequences of not providing personal data are explained.
Registration on the Website
The information and data requested during registration will be used to allow you both to access the reserved area of the Website and to use the online services offered by the Data Controller to registered users. The legal basis for the processing is the necessity for the Data Controller to perform pre-contractual measures adopted upon the request of the data subject. The provision of data is optional. However, your refusal to provide the data will result in the impossibility to register on the Website.
Purchases on the Website
Your personal data will be processed to allow you to make purchases on the Website. In the case of placing an online purchase order, this is necessary to enable the conclusion of the purchase contract and the proper execution of related operations (and, if required by sector-specific regulations, to fulfill tax obligations). The legal basis for the processing is the Data Controller's obligation to perform the contract with the data subject or to comply with legal obligations.
Responding to Your Requests
Your data will be processed to respond to your information requests. The provision of data is optional, but your refusal will result in the Data Controller's inability to respond to your inquiries. The legal basis for the processing is the Data Controller's legitimate interest in addressing user requests. This legitimate interest is equivalent to the user's interest in receiving a response to communications sent to the Data Controller.
Generic Marketing
With your prior consent, the Data Controller may process the personal data provided by you in order to send you advertising material and/or newsletters related to its own products or third-party products. The legal basis for this processing is your consent. The provision of personal data for this purpose is purely optional. Failure to give consent to the processing of data for marketing purposes will result in your inability to receive advertising material related to the products/services of the Data Controller and/or third parties, as well as the Data Controller's inability to conduct market research, including assessing the level of user satisfaction, and to send you newsletters. These communications will be sent to the email address provided by you on the Website.
Data Transfer
The Data Controller does not transfer your personal data to third parties.
Disclosure of Personal Data
In the course of its ordinary activities, the Data Controller may disclose your personal data to certain categories of recipients. In Article 2, you can find the list of parties to whom the Data Controller discloses your personal data. In some cases, Article 2 may specify when your data is not disclosed to third parties in order to facilitate the protection of your rights.
The "disclosure" of personal data to third parties is different from "transfer" (addressed in the preceding section). In fact, in disclosure, the third party to whom the data is transmitted can only use it for the specific purposes described in the relationship with the Data Controller. In transfer, on the other hand, the third party becomes an independent Data Controller of the personal data. Moreover, your consent is always required to transfer your personal data to third parties. Notwithstanding the above, the Data Controller may still use your personal data to fulfill obligations required by applicable laws.
SPECIFIC PRIVACY NOTICE
Article 1 Processing Methods
1.1 The processing of your personal data will primarily be carried out using electronic or automated means, in accordance with the GDPR, to ensure their security and confidentiality.
1.2 The information collected and the processing methods will be relevant and not excessive in relation to the type of services provided. Your data will also be managed and protected in secure and appropriate computer environments.
1.3 "Sensitive data" is not processed through the Website. Sensitive data refers to data that can reveal racial or ethnic origin, religious or philosophical beliefs, political opinions, membership in parties, trade unions, associations or organizations of a religious, philosophical, political, or trade union nature, as well as health and sex life information.
1.4 Judicial data is not processed through the Website.
Article 2 Disclosure of Personal Data
The Data Controller may disclose your personal data to specific categories of recipients. The following are the parties to whom the Data Controller reserves the right to disclose your data:
The Data Controller may disclose your personal data to all those subjects (including Public Authorities) who have access to personal data under legal or administrative provisions.
Your personal data may also be disclosed to all those public and/or private entities, individuals and/or legal entities (legal, administrative, and tax consulting firms, Judicial Offices, Chambers of Commerce, Labor Offices, etc.) when communication is necessary or functional for the proper fulfillment of legal obligations.
The Data Controller employs employees and/or collaborators in any capacity. For the proper functioning of the Website, the Data Controller may disclose your personal data to these employees and/or collaborators.
In its ordinary management activities of the Website, the Data Controller uses companies, consultants, or professionals responsible for the installation, maintenance, updating, and, in general, management of hardware and software used by the Data Controller for the provision of its services. Therefore, only for these purposes, your data may also be processed by these entities.
For the sending of communications, the Data Controller relies on external companies entrusted with the sending of this type of communication (CRM platforms). Your personal data (especially email) may therefore be disclosed to these companies. The Data Controller does not rely on external companies to provide customer care services.
The Data Controller reserves the right to modify the above list based on its ordinary operations. Therefore, you are invited to regularly access this notice to check which entities the Data Controller discloses your personal data to.
Article 3 Data Retention
3.1 This article describes how long the Data Controller reserves the right to retain your personal data.
Your personal data will be retained only for the time necessary to ensure the proper provision of services offered through the Website.
For the purpose of fulfilling the sales contract, data will be retained for 10 years from the date of receipt of the purchase order. This allows the Data Controller to exercise its right of defense and demonstrate the proper execution of the contract.
As provided by Article 2220 of the Civil Code, invoices, as well as all accounting records in general, are retained for a minimum period of ten years from the date of registration, in order to be presented in the event of an audit.
For marketing purposes, personal data will be retained until the consent is revoked. For inactive users, personal data will be deleted after one year from the last email viewed.
3.2 Notwithstanding the provisions of Article 3.1, the Data Controller may retain your personal data for the time required by specific regulations, as may be amended from time to time.
Article 4 Data Transfer
4.1 The Data Controller is based within the European Union. Therefore, the processing of your data is legally secure as governed by the GDPR. If the transfer of your personal data takes place to a non-EU country for which the European Commission has issued an adequacy decision, the transfer is considered legally secure in any case.
Article 5 Data Subject Rights
In accordance with Article 13 of the Privacy Regulation, the Data Controller informs you that you have the right to:
• Request access to your personal data from the Data Controller and rectify or erase them, or restrict their processing, as well as the right to data portability.
• Withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
• Lodge a complaint with a supervisory authority (e.g., the Garante per la protezione dei dati personali).
The above rights can be exercised by making a request, without any formalities, to the contact information provided in the Introduction.