PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA

This page describes the methods of management of the newsletter service with regard to the processing of personal data of users who subscribe to it.

This information is provided pursuant to Articles 13 and 14 of GDPR 2016/679 and the national legislation in force to all those interacting with the promotional newsletter services of VENISTAR SRL, accessible by electronic means.

Controller of the data processing.

The Data Controller is VENISTAR SRL, with registered office in Via Gaetano De Castillia, 23, 20124 Milan - Italy.

Data Protetion Officer (DPO).

The Data Controller has appointed a Data Protection Officer (DPO) who may be contacted by data subjects for all matters relating to the processing of personal data and the exercise of the rights under the GDPR 2016/679. The contact address of the DPO is: dpo-retex@retexspa.com.

Purpose and legal basis of the processing.

The collection and processing of personal data is carried out in order to pursue:

  • The sending, upon specific request of the Data Subject, of the informative newsletter concerning service communications and news on services or promotional initiatives (Article 6(1) b) of GDPR 2016/679).

The collection and recording of data shall take place for specific, explicit and legitimate purposes and in a manner compatible with such purposes, as part of the processing that is required for conducting business activities. Such data will be processed in accordance with the principle of accuracy and, where necessary, updated, so that they are adequate, relevant and limited to what is necessary and kept for no longer than their intended use in relation to the purposes for which they are collected and subsequently processed in accordance with the GDPR 2016/679 and current national legislation.

Personal data may be processed with the aid of both paper and electronic means, or in any case suitable for recording and storing the data, and in any case in such a way as to guarantee their safety and the utmost confidentiality of the Data Subject. Specific security measures will be observed to prevent data loss, unlawful or incorrect use and unauthorised access in full compliance with Article 32 of GDPR 2016/679 and current national legislation.

Mandatory or optional nature of providing data and consequences of refusal to provide such data.

Apart from what is specified for surfing data, the Data Subject is free to provide personal data in the request forms or indicated in contacts to request the sending of the newsletter. Consent is optional and, if given, it may be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given before revocation.

Failure to provide consent may make it impossible to obtain what has been requested.

Communication of data.

Apart from to the communication and dissemination of data in the performance of legal obligations, all data collected and processed may be communicated to:

  • Professionals and consultants, in particular those who provide services for the management of the information system and telecommunications networks, including emails;
  • Entities who process data on behalf of the Controller as Data Processors pursuant to Article 28 of GDPR 2016/679, including but not limited to entities who provide services for the management of the information system and telecommunications networks, including emails. The complete and up-to-date list of Data Processors is available, to those entitled to it, by simple request to the Data Controller’s head office;
  • Entities legally entitled to access the data in accordance with the regulations in force and/or to whom the data must be communicated in compliance with legal obligations.

Personal data may be processed by employees and co-workers assigned to the competent office of the Company, explicitly authorised to process the data in accordance with Article 29 of GDPR 2016/679 and current national legislation.

Transfer of data abroad

Personal data may be communicated and/or transferred abroad only for the purposes stated in this Policy, or for exclusively technical reasons related to the structure of the Company’s IT System and/or the implementation of technical and organisational security measures deemed appropriate by the Data Controller (Article 32 of GDPR 2016/679), and exclusively in compliance with Articles 44 et seq of GDPR 2016/679.

Data retention times.

The data provided shall be retained in our filing systems according to the following parameters:

  • Data processed for the informative newsletter service: up to the request for cancellation from the service.

Depending on the specific limitation periods provided for by law, data required for ascertaining, exercising or defending a right in court may be subject to longer retention times. Verifications on the obsolescence of the retained data in relation to the purposes for which they were collected are performer periodically.

Rights of the data subject.

With regard to personal data, the Data Subject may exercise the rights provided for within the limits and under the conditions set out in Articles 15 to 22 of GDPR 2016/679 and current national legislation. In particular, the GDPR 2016/679 grants the Data Subject the following rights:

  • Right of access (Article 15 of GDPR 2016/679);
  • Right to rectify inaccurate personal data and right to integrate incomplete personal data (Article 16 of GDPR 2016/679);
  • Right to erasure (Article 17 of GDPR 2016/679);
  • Right to restriction of processing (Article 18 of GDPR 2016/679);
  • Right to be informed about the recipients to whom any rectification or erasure of personal data or restriction of processing has been communicated (Article 19 of GDPR 2016/679);
  • Right to data portability (Article 20 of GDPR 2016/679);
  • Right to object (Article 21 of GDPR 2016/679);
  • Right not to be subject to a decision based solely on automated processing (Article 22 of GDPR 2016/679).

In the event of signing any kind of consent to data processing, it should be noted that the Data Subject may revoke it at any time, without prejudice to the mandatory obligations provided for by the legislation in force at the time of the request, by contacting the Data Controller at the following email address: info@venistar.retexspa.com.

Right to lodge a complaint.

The Data Subject who believes that the processing of his/her personal data carried out through this website is in violation of the provisions of GDPR 2016/679 has also the right to lodge a complaint with the supervisory authority for the protection of personal data, as provided for in Article 77 of GDPR 2016/679, or to apply to the competent judicial authorities (Article 79 of the GDPR 2016/679).

For further information you may contact the Data Controller:

VENISTAR SRL
Via Gaetano De Castillia, 23 – 20124 Milan (MI) – Italy
Tel.: +39 041 5102754 - Fax: +39 041 464464
e-mail: info@venistar.retexspa.com

Milan, 1 April 2022