Privacy Policy

Who is the Data Controller?

Gioia Reali
Vicolo dei Marchegiani 1
00186 - Roma

How can I contact it?

email: info@michelangeloforaday.com

Foreword

Pursuant to the European Data Protection Regulation, legal persons are considered data subjects and therefore the European Regulation does not apply. However, if personal data referring to a natural person are included in the context of the collection of company data, this person will be considered a data subject within the meaning of the aforementioned regulation.

What processing is carried out through the site? And what are the legal bases, purposes and retention periods?

Contact

Purpose:
The purpose of the data processing is to enable you to send us enquiries for the possible establishment of a contractual relationship.

Legal Basis:
Pre-contractual measures carried out at the request of the data subject.
In the event of litigation, the data will be processed in order to act or defend in court and this corresponds to the legitimate interest of the data controller.

Retention periods:
We will process data for 12 months from the last email exchange.
It may be kept longer only in the event of possible disputes and thus to exercise or defend a right based on the legitimate interest of the data controller.

Other informations:
The provision of data is optional and in case of refusal it will not be possible to proceed with the form submission.

Navigation Data

Purpose:
Security of the site.

Legal Basis:
We process data on the basis of the company's legitimate interest in information security and the fulfilment of legal obligations. The legal basis for the processing of cookies other than necessary cookies is consent.

Retention periods:
24 months.

Other informations:
Please refer to the cookie policy.

What else do I need to know?

The data will be processed lawfully, fairly and confidentially, in compliance with the appropriate security measures as set out in the Code and the Regulations. The processing will be carried out by digital means. The data will not be subject to public dissemination (with the exception of those that you voluntarily provide when commenting on the blog) and the user will not be subject to automated decision-making processes such as profiling unless he/she consents to this by installing cookies or other tracking tools, for the regulation of which please refer to the specific information sheet.

To whom will my data be communicated?

The Data Controller may communicate the data to all subjects to whom communication is obligatory by law in order to fulfil the purposes envisaged by the law.

The Data Controller also makes use of certain companies or IT tools that carry out processing activities on the personal data of data subjects in the sole interest of the data controller, all of whom are duly appointed as data processors pursuant to Article 28 GDPR. The list of data processors can be found at the head office.

Where is the data stored and transferred?

The management and storage of personal data will take place on servers located in Italy and in countries outside the EU. The data controller assures as of now that the transfer of data is carried out in compliance with the GDPR through the stipulation of standard contractual clauses.

What are my rights and how can I exercise them?

a) Rights of the data subject

The user, in his or her capacity as data subject, has the rights set out in Article 15 et seq. of the Regulation, namely:

RIGHT OF ACCESS (Art. 15 GDPR)
The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her exist, regardless of their being already recorded, and communication of such data in intelligible form.

RIGHT TO RECTIFICATION (Art. 16 GDPR)
The data subject has the right to obtain the rectification of inaccurate personal data concerning him/her and also the integration of incomplete data.

RIGHT OF DELETION (Art. 17 GDPR)
The data subject has the right to obtain the deletion of personal data in the presence of particular reasons such as revocation of consent, opposition to processing or if the data are no longer necessary in relation to the purposes for which they were collected and processed or in case of unlawful processing. Deletion will not always be possible, but it will certainly be the burden of the data controller to provide adequate justification.

RIGHT TO LIMIT THE PROCESSING (Art. 18 GDPR)
The data subject has the right to obtain the restriction of the processing in the presence of particular hypotheses such as, for example, in the case of a request for rectification or opposition during the time of assessment of requests.

RIGHT TO PORTABILITY (Art. 20 GDPR)
If the processing is based on consent or contract and is carried out by automated means, the data subject may receive them in a structured, commonly used and machine-readable format or request that they be transmitted to another data controller.

RIGHT OF OPPOSITION (Art. 21 GDPR)
The data subject has the right to object, in whole or in part:

(a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of collection;
b) to the processing of personal data concerning him/her for purposes not covered by Art. 2.
The user may make a request to object to the processing of his/her personal data pursuant to Article 21 of the GDPR in which he/she shall give evidence of the reasons justifying the objection: the Data Controller reserves the right to assess the request, which would not be accepted in the event of the existence of compelling legitimate grounds to proceed with the processing that prevail over the user's interests, rights and freedoms.

RIGHT TO LODGE A COMPLAINT
The data subject has the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if he or she considers that the processing of his or her data is contrary to the legislation in force.

b) Exercise modalities

The data subject may at any time exercise the rights referred to in the article by contacting the data controller at the addresses given above.

Consent to the use of cookies.

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

  • Your consent status or the withdrawal of consent
  • Your anonymised IP address
  • Information about your Browser
  • Information about your Device
  • The date and time you have visited our website
  • The webpage url where you saved or updated your consent preferences
  • The approximate location of the user that saved their consent preference
  • A universally unique identifier (UUID) of the website visitor that clicked the cookie banner