Information pursuant to the Personal Data Protection Code The data controller is Winest di Paolo Panizzolo (hereinafter referred to as "the Company"), reachable via email at info@winest.it (hereinafter "Company email").
Legislative Decree No. 196 of June 30, 2003 (Privacy Code) and the new European General Data Protection Regulation (GDPR) are aimed at ensuring that the processing of your personal data is carried out in full respect of your rights, fundamental freedoms, and human dignity, with particular regard to privacy and personal identity. For this reason, we are committed to informing you about our privacy policy.
1. What data is collected
2. How is the collected data used?
3. Is providing data mandatory?
Providing personal data is mandatory only for the processing necessary to provide the Services offered by the Company (refusal for service provision purposes makes it impossible to use the service itself); it is optional for promotional and/or profiling purposes and any refusal to consent has no negative consequences on the provision of the Service.
4. Who handles the data?
The data controller is the Company through its legal representative, unless otherwise specified at the top of this page.
5. How can you access, modify, delete, or obtain a copy of your data?
5.1 Access to personal data
The user may at any time request access to the personal data provided by directly contacting the Company.
5.2 Exporting and deleting personal data
To export or request deletion of personal data, you can send a request to the Company email. Personal data will be exported within 30 days or, if the export is particularly complex, within three months. Deletion will be carried out within the technical timeframes provided and in accordance with the retention period set out in point 6.
5.3 Exercising your rights
Any individual using the service may:
obtain from the controller, at any time, information about the existence of their personal data, their origin, the purposes and methods of processing, and, if present, access to the personal data and the information referred to in Article 15 of the GDPR;
request the updating, rectification, integration, deletion, limitation of processing of data when one of the conditions set out in Article 18 of the GDPR applies, anonymization or blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data were collected and/or subsequently processed;
object, in whole or in part, for legitimate reasons, to the processing of data, even if pertinent to the purpose of the collection and to the processing of personal data intended for commercial information or sending advertising material or direct sales or for carrying out market research or commercial communication. Each user also has the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before withdrawal;
receive their personal data, knowingly and actively provided or through the use of the service, in a structured, commonly used, machine-readable format, and transmit them to another data controller without hindrance.
For any questions or requests regarding personal data and privacy, you may use the Company email.
6. How and for how long is data stored?
One of the principles applicable to the processing of your personal data concerns the limitation of the retention period, governed by Article 5, paragraph 1, point (e) of the Regulation, which states: "Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject." In accordance with this principle, your personal data will be processed by the Controller only to the extent necessary to pursue the purposes referred to in Section D of this Policy. In particular, your personal data will be processed for the minimum period necessary, as indicated by Recital 39 of the Regulation, that is, until the termination of the contractual relationships in place between you and the Data Controller, without prejudice to an additional retention period that may be required by law as also provided for by Recital 65 of the Regulation.
7. How is data protected?
Data is collected by the Company, in accordance with the indications of the relevant legislation, with particular regard to the security measures provided for by the GDPR (Art. 32) for its processing using IT tools, manual and automated means and with logics strictly related to the purposes indicated in point 2 and, in any case, in such a way as to guarantee the security and confidentiality of the data itself.
8. Can the privacy policy change over time?
This policy may be subject to changes. If substantial changes are made to the use of user data by the Company, the user will be informed by publishing them prominently on its pages or by alternative means.