In view of the new General Regulation on the Protection of Personal Data (EU Regulation 2016/679), in force from 25 May 2018, Projeko S.r.l. updated its information on the matter in order to comply with the standards of the new EU regulation.
Procedures, verified and where necessary updated, do not modify the purposes and methods with which Projeko S.r.l. has treated your personal data to date.
In particular, with the information on Projeko Privacy 01.2018 - in compliance with the principles of transparency and clarity of presentation foreseen by the Regulations - Projeko S.r.l. provides some additional information on the categories of personal data processed, the purposes of processing applied and on how to exercise your rights.
This section describes the management of this Website www.caffekamo.it with reference to the treatment of the personal data of the users consulting it.
The treatment is always based on principles of legality and fairness in compliance with all applicable regulations (and therefore in compliance with the principles of necessity, fairness, lawfulness, transparency and protection of privacy) and with logic strictly related to the purposes pursued.
From this Website you can link to other websites; this option is clearly marked in order to indicate to the users when they are leaving the Website owned by Projeko S.r.l. The user is therefore asked to pay particular attention to the fact that these websites are not the property or responsibility of Projeko S.r.l. as they are managed entirely by other companies and/or organizations, for which it is necessary to verify and accept their policies on privacy protection. Projeko S.r.l. therefore declines any responsibility regarding requests and/or release of personal data to third party websites.
Mere access to the Website does not require registration to this Website or the communication of any personal data.
Information systems and software procedures necessary to the operation of the Website acquire, during their normal working, some personal data (so-called log files), the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected in order to be associated to specific users, but that, for its nature, could, through processing and connection with data held by third parties, allow the identification of the users. The following data are included in this category: IP addresses and domain names of the computers used by users accessing to the Website, address notation URI (Uniform Resource Identifier) of requested resources, time of the request, system used to submit the request to the server, size of the file obtained as response, numeric codex indicating the response status given by the server (success, error, etc.) and other parameters relating to the operating system and information technology environment of the user.
These data are used only to obtain anonymous statistical information on the use of the Website and in order to verify the proper functioning of the same. The data may be used in order to verify liability in the case of possible crimes to the detriment of the Website or third parties and may be handed over to the Judicial Authorities, should the latter expressly request it.
As regards the treatment of the personal data of the users collected within the site, please refer to Projeko Information on Privacy 01.2018.
PROJEKO INFORMATION ON PRIVACY 01.2018
Projeko S.r.l., with legal headquarters in Naples, Via Luca Giordano 15, 80127 (hereinafter “Data Controller”), as data controller, informs you in conformity with Article 13 D.Lgs. 30.6.2003 n. 196 (hereinafter, “Privacy Law”) and Article 13 EU Regulation n. 2016/679 (hereinafter, “GDPR”) that your data will be processed with the modalities and purposes as follows:
1. Data Subject
The Data Controller processes the personal and identification data (for example, name, surname, business name, address, telephone number, e-mail, bank and payment references) – hereinafter “personal data” or data”) communicated by you when concluding contracts/commercial agreements for products/services from the Data Controller.
2. Purpose of the data processing
Your personal data are processed:
A) without your express consent (Article 24 subsection a), b), c) Privacy Law and Article 6 subsection b), e) GDPR), for the following Service Purposes:
• closing contracts/commercial agreements for products/services by the Data Controller;
• fulfilling the pre-contract, contract, accounting and fiscal obligations deriving from ongoing relations with you;
• fulfilling obligations foreseen by law, by a regulation, by an EU regulation or by an order by the Authorities (as, for example, the law on money laundering);
• exercising the rights of the Data Controller, for example the right to defend himself in a lawsuit;
B) only after your specific and distinct consent (Articles 23 and 130 Privacy Law and Article 7 GDPR), for the following Marketing Purposes:
• sending by e-mail, post and/or text and/or telephone, newsletters, commercial communications and/or advertising material on the products or services offered by the Data Controller and establishing the degree of satisfaction on the quality of the services;
• sending you by e-mail, post and/or text and/or telephone contact commercial and/or promotional communications of third parties.
We advise you that if you are already our customers, we can send you commercial communications relative to the services and products of the Data Controller similar to those you have already received, except if you dissent (Article 130 subsection 4 Privacy Law).
3. Processing Modality
The processing of your personal data has been carried out as indicated by Article 4 Privacy Law and Article 4 subsection 2) GDPR and precisely: collecting, recording, organizing, storing, consulting, elaborating, modifying, selecting, extracting, comparing, using, interconnecting, blocking, communicating, deleting and destroying the data. Your personal data are subjected to hard and electronic and/or automated processing.
The Data Controller will hold the personal data for the time necessary to fulfil the above-mentioned purposes and in any case for no longer than 10 years after the end of relations for Service Purposes and for no longer than 5 years after collection to fulfil the pre-contract obligations and for Marketing Purposes.
4. Access to Data
Your data may be made accessible for the purposes stated in Article 2.A) and 2.B):
• to employees and collaborators of the Data Controller in Italy and abroad, as internal delegate and/or responsible for the processing and/or systems administrator;
• To third party companies or other subjects (for example, banks, professional offices, consultants, insurance companies for insurance services, etc.) who carry out outsourcing activity on behalf of the Data Controller, in their duties as external members responsible for data processing.
5. Data Communication
Without express consent (Article 24 a), b), d) Privacy Law and Article 6 b) and c) GDPR), the Data Controller can communicate your data for the purposes as per Article 2.A) to Supervisory Bodies (such as IVASS, Agenzia delle Entrate), Judicial Authorities, to insurance companies for insurance services, as well as to those to whom communication is compulsory by law and to carry out said purposes. These subjects will hold the data as independent processors of the data.
Your data will not be made public.
6. Transfer of Data
The Personal Data are stored on the server in Naples. It is understood in any case that the Data Controller, when necessary, will have the right to move the server even outside the EU. In this case, the Data Controller ensures from now that the transferral of data outside the EU will come about in conformity with the laws applicable, after stipulation of the standard contractual clauses foreseen by the European Commission.
7. Nature of the data conferral and consequences of refusal to reply
Data conferral for purposes relating to Article 2.A) is compulsory. In its absence, we cannot guarantee you the services stipulated in Article 2.A).
Data conferral for the purposes relating to Article 2.B) is instead optional. You can therefore decide not to give any data or to subsequently deny the right to process data already given: in this case, you cannot receive newsletters, commercial communications and advertising material relating to the services offered by the Data Controller. You will continue however to be entitled to the Services relating to Article 2.A).
8. The rights of the interested party
As the interested party, you will have the right regarding Article 7 Privacy Law and Article 15 GDPR and precisely the right to:
i. obtain confirmation of the existence or not of personal data relating to you, even if not yet recorded and their communication in an intelligible form;
ii. obtain the indication: a) of the origin of the personal data; b) of the purposes and modality of processing; c) the logic applied in the case of processing carried out with the help of electronic tools; d) the identification of the owner, of the people in charge and of the data processor as stated in Article 5, subsection 2 Privacy Law and Article 3, subsection 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may have been communicated or may have knowledge of in the role of designated representative in the territory of the State, of people in charge of the data or employees;
iii. obtain: a) an update, rectification or, if interested, integration of the data; b) erasure, transformation to an anonymous form or a blocking of all the data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data was collected or subsequently processed; c) a declaration that the operations relating to subsections a) and b) have been notified, also concerning their content, to those to whom the personal data was communicated or made public, except in the case that this proves impossible or entails the employment of means manifestly disproportionate compared to the right protected;
iv. to oppose, in all or in part: a) for legitimate reasons to the processing of personal data that involve you, even if pertinent to the purpose of the collection; b) to the processing of personal data that involve you with the purpose of sending advertising material or direct sales material or to carry out market research or commercial communication, using automatic calling systems without the presence of an operator using e-mail and/or traditional marketing modalities using a telephone and/or the postal services. We state that the right to oppose by the interested party, shown in the preceding point b), for direct marketing purposes using an automated modality is extended to the traditional modality and that in any case the interested party can exercise the right to oppose also only in part. Therefore, the interested party can decide to receive only communications by traditional modality or only automated communications or neither of the 2 types of communication.
Where applicable, he also has the rights mentioned in Articles 16-21 GDPR (the right of rectification, the right to be forgotten, the right to a limitation of processing, right to the portability of the data, right to oppose), besides the right to apply to the Supervisory Authority.
9. Modality of exercising rights
You can at any time exercise your rights by sending:
• a registered letter to Via Luca Giordano 15, 80127, Naples
• an e-mail to email@example.com.
10. Data Controller, Data processor, and employees
The Data Controller of the processing is Projeko S.r.l., with legal headquarters and operating headquarters in Naples, Via Luca Giordano 15, 80127 and the person in charge of Data Protection is the accountant at firstname.lastname@example.org.
An updated list of the people in charge of the data, of data protection and employees is kept in Naples, Via Luca Giordano 15, 80127.