The purpose of this document is to inform the natural person (hereinafter "Data Subject") about the processing of his/her personal data (hereinafter "Personal Data") collected by the data controller, Daniele Bartocci, Via Santerno 25, 47923 Rimini, Tax Code BRTDNL86T22H501B, VAT No. 04583510401, e-mail address firstname.lastname@example.org, PEC address email@example.com, (hereinafter "Data Controller"), through the website demetrarimini.com (hereinafter
Categories of Personal Data processedThe Data Controller processes the following types of Personal Data voluntarily provided by the Data Subject:
- Contact data: name, surname, address, e-mail, telephone, pictures, authentication credentials, any further information sent by the data subject, etc.
The Controller processes the following types of Personal Data collected in an automated manner:
- Technical Data: Personal Data produced by the devices, applications, tools and protocols used, such as, for example, information about the device used, IP addresses, browser type, Internet Service Provider (ISP) type. Such Personal Data may leave traces that, in particular when combined with unique identifiers and other information received by servers, can be used to create profiles of individuals
- Application navigation and usage data: such as, for example, pages visited, number of clicks, actions taken, duration of sessions, etc.
Failure on the part of the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or if they constitute a necessary requirement for the conclusion of the contract with the Controller, will result in the impossibility for the Controller to establish or continue the relationship with the Data Subject.
The Data Subject who communicates Personal Data of third parties to the Controller is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
Legal basis and purpose of processingThe processing of Personal Data is necessary:
- for the execution of the contract with the Data Subject, namely:
- fulfilment of any obligation arising from the precontractual or contractual relationship with the data subject
- registration and authentication of the Data Subject: to enable the Data Subject to register on the Application, access and be identified, including via external platforms
- support and contact with the data subject: to respond to the data subject's requests
- payment management: to manage payments by credit card, bank transfer or other means
- by legal obligation, namely:
the fulfilment of any obligations provided for by the
applicable laws, regulations and rules, in particular in tax and
- the fulfilment of any obligations provided for by the
- on the basis of the legitimate interest of the Controller, for:
- marketing purposes via email of the Controller's products and/or services in order to directly sell the Controller's products or services using the email provided by the Data Subject in the context of the sale of a similar product or service
- management, optimisation and monitoring of the technical infrastructure: to identify and solve technical problems, to improve the performance of the application, to manage and organise information in a computer system (e.g. servers, databases, etc.)
- security and anti-fraud: to guarantee the security of the Owner's assets, infrastructure and networks
- statistics with anonymous data: to carry out statistical analysis on aggregated and anonymous data to analyse the behaviour of the Data Subject, to improve the products and/or services provided by the Controller and better meet the Data Subject's expectations
- based on the consent of the data subject, for:
- profiling of the Data Subject for marketing purposes: to provide the Data Subject with information on the Controller's products and/or services through automated processing aimed at collecting
- retargeting and remarketing: to reach with a personalised advertisement the Data Subject who has already visited or shown interest in the products and/or services offered by the Application using his/her Personal Data. The Data Subject may opt-out by visiting the Network Advertising Initiative page
- marketing purposes of the Controller's products and/or services: to send information or commercial and/or promotional materials, to carry out direct sales activities of the Controller's products and/or services or to carry out market research by automated and traditional means
The Data Subject's Personal Data may also be used by the Data Controller to protect itself before the competent courts.
- for the execution of the contract with the Data Subject, namely:
Processing methods and recipients of Personal DataThe processing of Personal Data is carried out by means of paper-based and computer-based instruments with organisational methods and logics strictly related to the stated purposes and through the adoption of appropriate security measures.
Personal Data are processed exclusively by:
- persons authorised by the Data Controller to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
- subjects operating autonomously as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes set out in this policy (e.g. business partners, consultants, IT companies, service providers, hosting providers);
- parties or entities to whom Personal Data must be disclosed by law or by order of the authorities.
The persons listed above are required to use appropriate safeguards to protect Personal Data and may only have access to those that are necessary to perform the tasks assigned to them.
Personal Data will not be disseminated indiscriminately in any way.
PlaceIf necessary, Personal Data may be transferred to entities located outside the European Economic Area (EEA). Whenever Personal Data is transferred outside the EEA, the Controller shall take all appropriate and necessary contractual measures to ensure an adequate level of protection of Personal Data, including, among others, agreements based on the standard contractual clauses for the transfer of data outside the EEA, approved by the European Commission. For request information on the specific guarantees adopted, the Data Subject may contact the Controller at the following e-mail address firstname.lastname@example.org.
Period of retention of Personal DataPersonal Data will be kept for the period of time necessary to fulfil the purposes for which they were collected, in particular:
- for purposes relating to the performance of the contract between the Data Controller and the Data Subject, shall be retained for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years. In the event of litigation, for the entire duration of the same, until the time limit for appeals is exhausted
- for purposes relating to the legitimate interest of the Controller, will be retained until that interest is fulfilled
- for the fulfilment of a legal obligation, by order of an authority and for legal protection, shall be retained in accordance with the time limits provided for by those obligations, regulations and in any case until the expiry of the prescriptive period provided for by the applicable regulations
- for purposes based on the consent of the data subject, will be retained until the consent is revoked
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.
Rights of the Data SubjectData Subjects may exercise certain rights with regard to Personal Data processed by the Controller. In particular, the Data Subject has the right to:
- be informed about the processing of their Personal Data
- withdraw consent at any time
- limit the processing of one's Personal Data
- object to the processing of your Personal Data
- access their Personal Data
- verify and request rectification of their Personal Data
- obtain the restriction of the processing of their Personal Data
- obtain the deletion of your Personal Data
- transfer their Personal Data to another controller
- file a complaint with the data protection supervisory authority and/or take legal action.
To exercise their rights, Data Subjects may address a request to the following e-mail address email@example.com. Requests will be taken up by the Controller immediately and processed as soon as possible, in any case within 30 days.
Last updated: 25/11/2021