This information is provided only for the web services for which La Novella Orchidea is the Data Controller.
PRINCIPLES FOR THE PROCESSING OF USER’S PERSONAL INFORMATION
The user’s personal information will be collected, stored, processed and transmitted in accordance with the criteria established by the data controller and with laws, regulations, and regulations in force in the field of data processing.
The principles related to the processing of the user’s personal information are as follows:
- The user’s personal information will be processed correctly and legally.
- The user’s personal information will be collected for specific, explicit, and legitimate purposes and subsequently processed in a manner compatible with such purposes.
- The user’s personal information collected will be relevant, complete, and proportionate to the purposes for which they are collected.
- The user’s personal information collected will be accurate and, if necessary, updated to the best of the data controller’s ability.
- The user’s personal information will be protected against unauthorized access and processing through commercially and technically reasonable technical and organizational security measures and controls.
- The user’s personal information collected will be stored as personal data no longer than necessary to achieve the purposes for which the personal information was collected.
TYPE OF DATA COLLECTED
Through web services, different types of information or data can be collected. “Personal information or data” refers to any information that directly identifies the user or information otherwise defined as “personal identification” under applicable law.
No processing of sensitive personal data (data that can reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, unions, religious, philosophical, political or trade organizations, as well as data that can reveal health status and sexual life) or judicial data is planned by the Data Controller.
Unless explicitly requested or specifically invited, the Data Controller asks the user not to send or disclose sensitive personal information through the web services or otherwise. In cases where the Data Controller may request or encourage the user to provide sensitive information, it will obtain explicit consent.
PURPOSES OF PROCESSING
The data collected through the web services can be used for the following purposes:
- To allow access to and browsing of the site.
- To check the correct functioning of the site.
- To process anonymous statistics on the use of the site.
- To promote the Data Controller’s activities through marketing campaigns or commercial initiatives.
- To provide assistance.
- To comply with legal obligations under the applicable law.
By subscribing to the mailing list, email messages containing information, including of a commercial and promotional nature, relating to www.lanovellaorchidea.com may be sent to the user’s email address. The user is free to provide any personal data requested and shown in request forms to use the offered service. The failure to provide them, or partial provision, will result in the inability to provide the service.
DATA PROCESSING METHODS AND DATA SECURITY
Data use will take place using paper-based, computer, or telematic means for the specified purposes, for the strictly necessary time to achieve the purposes for which they were collected, or, where possible, until the Data Controller receives a request for deletion of data whose consent to processing is optional and not mandatory.
Data provided for marketing purposes will be kept until consent is revoked and in any case for a period of 24 months from the relevant registration or from the original provision of consent and/or from its renewal.
The data will be stored in databases on the Data Controller’s servers or on the servers of trusted suppliers who act as data processors on Italian territory, or within the framework of countries in the European economic area in which approved contract clauses for the secure transfer of data are in force.
In any case, personal data is processed in accordance with the provisions regarding the confidentiality of personal data contained in the Code, the Regulation, and the Provisions issued by the Data Protection Authority.
The Data Controller uses commercially reasonable technical and organizational controls to protect the user’s Personal Information from loss, abuse, and unauthorized access. Unfortunately, data transmitted or accessible through web services cannot be 100% secure. While protecting all Personal Information, the Data Controller cannot ensure or guarantee that such data will be completely protected from illegal use by hackers or other criminal activities, or in the case of hardware or software failures or telecommunications networks. The Data Controller will inform the user if it becomes aware of a security breach concerning its personal identification information (as established and provided for in cases of so-called “Data Breach” incidents, in compliance with applicable regulations) in its possession.
If the user decides to communicate his/her email address to the Data Controller for any reason, he/she expressly agrees to receive electronic notices in the event of a security breach.
PERSONAL DATA COMMUNICATION
Subject to any communications made in compliance with a legal obligation, regulation, or EU legislation, the user’s data may be communicated:
- to individuals and/or legal entities used by the Data Controller in providing services and activities related to them;
- to delegated individuals and/or persons appointed by the Data Controller to carry out professional and technical maintenance activities (including the maintenance of network equipment and electronic communication networks where the data is held).
In any case, the individuals mentioned will only be communicated the necessary and relevant data in relation to the processing purposes for which they are responsible/appointed as external processing officers, nominated by the Data Controller as provided by current legislation. Personal data will not therefore be subject to dissemination.
The Data Controller cooperates with law enforcement and other public entities and authorities to ensure that its users comply with the law, the rights of other users and of third parties, including their intellectual property rights. Therefore, personal data may be communicated, for example but not exhaustively, to public entities in the event that this is necessary for defense, State security, prevention, investigation or prosecution of offenses, in accordance with the rules regulating this matter.
Such public entities will have the right to request and obtain the personal information of users even if this is necessary or appropriate for investigations or assessments relating to the commission of frauds, computer frauds, the violation of intellectual property rights, acts of computer piracy or other illegal activities, which could expose the Data Controller or users to legal, civil or criminal liabilities.
RIGHTS OF THE INTERESTED PARTIES AND EXERCISE OF RIGHTS
The current regulations (arts. 15-16-17-18-19-20-21 of EU Regulation 2016/679) give individuals the exercise of specific rights. In particular, at any time the user has the right to request: confirmation of the existence or not of personal data, knowledge of the content and origin, the purposes and methods of processing the same, the logic applied in case of processing carried out with the help of electronic tools, the identifying details of the Data Controller, the managers and the individuals or categories of individuals to whom personal data may be communicated.
Furthermore, the interested party has the right to obtain: access, copy, correction, integration, portability of data, deletion (right to be forgotten), anonymization or blocking of data processed in violation of the law, opposition in any case, for legitimate reasons. The interested party can submit a complaint to the Guarantor if he/she believes that the data processing takes place against the provisions in force in the field.
Also, the right under art. 34 of EU Regulation 2016/679 ensures that the user is communicated the data breach when it is serious for their rights and freedoms.
For the exercise of these rights, the user can contact the Data Processing Controller:
La Novella Orchidea, firstname.lastname@example.org
However, due to technical constraints and due to the backup of systems, the user’s personal information may continue to reside even after deletion for a certain period of time and in part of the Data Controller’s systems.
The Data Controller reserves the right to refuse access requests or deletion of personal information if the disclosure or deletion of the requested information is not permitted by law.
To protect itself from illegal access requests, the Data Controller reserves the right to request sufficient information to verify the identity of the party making the request before allowing access or making corrections.