PRIVACY POLICY STATEMENT REGARDING PROCESSING OF PERSONAL DATA pursuant to (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR” or “Regulation”)
Summary
Art. 1. Identity and contact data of Matteo Casini in its capacity as Data Controller. Data processing for carrying out the relevant services of the web site
Art. 2. Data processing for generic marketing purposes
Art. 3. Data processing for customer service and customer care purposes
Art. 4. Data processing for the purpose of establishing, exercising or defending a right
Art. 5. Categories of subjects to whom Matteo Casini discloses user personal data (recipients)
Art. 6. Data transfer to other countries
Art. 7. Right to object
Art. 8. Right of access
Art. 9. Right to rectification
Art. 10. Right to erasure
Art. 11. Right to restriction of processing
Art. 12. Right to data portability
Art. 13. Response times and modalities in case of exercise of data subjects’ rights
Art. 14. Right to lodge a complaint with a supervisory authority
***
Art. 1. Identity and contact data of Matteo Casini in its capacity as Data Controller. Data processing for carrying out the relevant services of the web site
MATTEO CASINI is the data controller for processing of the personal data or users illustrated in this privacy policy statement, with respect to data collected from the site www.stepsero.com (Website) for the purposes therein specified.
The identification and contact details of MATTEO CASINI are the following:
MATTEO CASINI, with residence in Berlin, Germany.
- E-mail: matteo@stepsero.com
MATTEO CASINI will process user personal data for carrying out the questionnaire of the Website.
The legal basis for this processing is the legitimate interest of Matteo Casini (art. 6.1.f) of the Regulation).
Upon consent of the user, the user’s personal data and his/her answers to the questionnaire will be (i) published on the Website; (ii) inserted in articles published online by MATTEO CASINI.
Failure to consent to processing of personal data for the purposes indicated in this article will make it impossible for MATTEO CASINI to publish on the Website the personal data of the user and his/her answer to the questionnaire.
MATTEO CASINI will process user personal data no longer than 24 months from the moment data is collected, reserving the right to request users to renew consent and/or update data before the aforementioned deadline.
Art. 2. Data processing for generic marketing purposes
Subject to express consent of the user, MATTEO CASINI will process user personal data for the purpose of sending e-mail communications containing information and promotions, including the newsletter, regarding proprietary and third party products and/or services.
The legal basis for this processing is the consent expressed by the user (art. 6.1.a) of the Regulation).
Users may revoke consent at any time and/or object to processing of personal data for marketing purposes, at any time, by contacting MATTEO CASINI through the contact information provided in art. 1.
Conferment of personal data for generic marketing purposes is voluntary: there is no legal or contractual obligation for users to provide such data for these purposes and/or give consent to processing of personal data for the aforementioned purposes.
Failure to consent to processing of personal data for marketing purposes will make it impossible for the user to receive advertising materials regarding products and or services provided by MATTEO CASINI and/or third parties, as well as preventing MATTEO CASINI from sending its newsletter to the user.
For generic marketing purposes, MATTEO CASINI will process user personal data until consent is revoked and/or until the right to object is exercised, and in any event for no longer than 24 months from the moment data is collected, reserving the right to request users to renew consent and/or update data before the aforementioned deadline.
Art. 3. Data processing for customer service and customer care purposes
MATTEO CASINI will process user personal data for generic customer service and customer care activities and therefore to respond to requests for information coming from users or to respond to complaints, reports or claims, as well as to allow users to release a customer review, if they so desire.
The legal basis for this processing is the performance of pre-contractual measures adopted on request of the subject (art. 6.1.b, last paragraph of the Regulation) or, based on the case in point, processing is necessary for the pursuit of the legitimate interest of MATTEO CASINI (art. 6.1.f of the Regulation).
Responding to user requests for information and/or reviews and/or reports and/or complaints and/or claims is a legitimate interest pursued by MATTEO CASINI. This legitimate interest also coincides with the legitimate interest of the same users of the Site, who submit requests for information and/or reports and/or claims and/or complaints and who, therefore, within the scope of the relationship with MATTEO CASINI, it is reasonable to assume, will expect that their personal data will be used by MATTEO CASINI to respond to them.
Hence, the legitimate interest of MATTEO CASINI, thus defined, may therefore be considered to prevail over the fundamental rights and freedoms of the data subjects, also in view of the aforementioned reasonable expectations and the relationship in place between the subjects and MATTEO CASINI, as well as in consideration of the nature of the data being processed and the coinciding interests of the same subjects.
In any event, users have the right to object, on grounds relating to their particular situation, at any time to processing of personal data for the aforementioned purposes (i.e. customer service and customer care).
Art. 4. Data processing for administrative-accounting and taxation purposes
MATTEO CASINI will process user personal data for the purpose of fulfilling administrative and/or accounting and/or taxation obligations connected to the performance of services and/or the purchase of products sold on the Site.
The legal basis for this processing is the compliance with legal obligations to which MATTEO CASINI is subject (art. 6.1.c of the Regulation).
Conferment of personal data for the aforementioned purposes is obligatory, in that the processing of such data is necessary in order to allow MATTEO CASINI to comply with legal obligations to which it is subject. Refusal to provide data for these purposes will prevent the user from using the services provided on the Site.
For these purposes, MATTEO CASINI will process user personal data up until the expiry of legal terms provided for compliance with each administrative-accounting and fiscal obligations and/or for the period of time for retention of data and relative documents as required by law.
Art. 5. Data processing for the purpose of establishing, exercising or defending a right
MATTEO CASINI will process user personal data for the purpose of establishing, exercising or defending a right in all competent venues.
The legal basis for this processing the is legitimate interest of MATTEO CASINI (art. 6.1.f of the Regulation).
Seeking remedies to guaranty the respect of its contractual rights or to demonstrate having fulfilled all obligations deriving from the contract with the subject or required of MATTEO CASINI by law is a legitimate interest pursued by MATTEO CASINI. This legitimate interest, in turn, is founded in the right of defence, which is protected under constitutional law. Hence, it may be considered to prevail over the fundamental rights and freedoms of the data subjects, also in view of the reasonable of the selfsame data subjects.
In any event, users have the right to object, on grounds relating to his/her particular situation, at any time, to processing of personal data for the aforementioned purposes (i.e. defence of a right/purposes of justice).
Users may exercise this right by contacting MATTEO CASINI through the contact details provided in article 1 of this privacy policy statement.
Art. 6. Categories of subjects to whom Matteo Casini discloses user personal data (recipients)
Personal data provided by users may be disclosed by MATTEO CASINI to the categories of recipients specified below.
The subjects to whom MATTEO CASINI discloses data act as data processors, designated by MATTEO CASINI by means of a specific contract (“Data Processors”) or by persons designated to processing of personal data under direct authority of (“Appointees”) or, as in the case of third parties designated by the Data Processor, as “Sub-Processor”, pursuant to article 28.4 or the Regulation.
User personal data may be disclosed by MATTEO CASINI to the following categories of recipients:
- To companies, consultants or professionals who may be charged with installing, servicing, updating or, in general, managing the hardware and software of the Site (including the platform), therein including cloud computing service provides and third parties whose services they in turn may make use of;
- Companies entrusted by MATTEO CASINI to send commercial communications;
- Any subjects, including public authorities, who may access data under regulatory or administrative provisions;
- All public and/or private subjects, private individuals or legal entities (legal, administrative and fiscal consultancy firms), where data disclosure is necessary or functional to correct fulfilment of contractual obligations relating to the products or services offered on the Site, and of all obligations required by law or where required for the purpose of establishing, exercising or defending a right.
Art. 7. Data transfer to other countries
Personal data will not be transferred to countries outside the European Union.
Art. 8. Right to object
The data subject has the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her.
The data subject has the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her for purposes that have their legal basis in the legitimate interest of the Data Controller.
Where personal data are processed for direct marketing or profiling purposes, the data subject also has the right to object at any time to processing of personal data for such purposes.
Where the data subject exercises the right to object to processing, MATTEO CASINI will desist from further processing of personal data, unless MATTEO CASINI can demonstrate legitimate and compelling grounds for the processing that override the interests, rights and freedoms of the data subject or for the purpose of establishing, exercising or defending a legal claim.
If the data subject objects to data processing for direct marketing or profiling purposes, the personal data in question will no longer be subject to processing for the aforementioned purposes.
Art. 9. Right of access
Data subjects have the right to obtain from MATTEO CASINI confirmation as to whether or not personal data concerning him/her are being processed and, where that is the case, access to the personal data and the information specified below.
By exercising the right of access, users will obtain access to personal data and the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or International organisations;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the data controller rectification or erasure of personal data or restriction of the processing of personal data concerning the data subject or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from the data subject, any available information as to their source;
- The existence of automated decision-making, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him/her, and, at least in those cases, meaningful information regarding the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
MATTEO CASINI provides a copy of the personal data undergoing processing. For any further copies requested by the data subject, MATTEO CASINI may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Art. 10. Right to rectification
The data subject has the right to obtain from MATTEO CASINI, without undue delay, the rectification of personal data concerning him/her. Taking into account the purpose of the data processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
Art. 11. Right to erasure
The data subject has the right to obtain from MATTEO CASINI, without undue delay, the erasure of personal data concerning him/her and MATTEO CASINI has the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- The data subject withdraws consent on which the processing is based, and where this is no other legal ground for the processing;
- The data subject objects to the processing based on the legitimate interest of the data controller for reasons related to his/her personal circumstances and there are no overriding legitimate grounds for the processing, or the data subject objects to processing for the purposes of direct marketing or profiling;
- The personal data have been unlawfully processed;
- The personal data must be erased for compliance with a legal obligation required by a European Union or a Member State law to which the data controller is subject.
Art. 12. Right to restriction of processing
The data subject has the right to obtain from MATTEO CASINI restriction of processing where one of the following grounds applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling MATTEO CASINI to verify the accuracy of the personal data;
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- Although MATTEO CASINI no longer needs the personal data for the purposes of the processing, the data are nonetheless required by the data subject for the establishing, exercise or defence of legal claims;
- The data subject has objected to processing based on the legitimate interests of the data controller, for reasons related to his/her personal circumstances, pending the verification whether the legitimate grounds of MATTEO CASINI override those of the selfsame data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
Art. 13. Right to data portability
The data subject has the right to receive the personal data concerning him/her, which he/she has provided to MATTEO CASINI, in a structured, commonly used and machine-readable format and further has the right to transmit those data to another data controller without hindrance from the controller to which the personal data have been provided, where:
- The data processing is based on consent provided by the data subject or on a contract;
- The processing is carried out by automated means.
In exercising his/her right to data portability, the data subject has the right to have personal data transmitted directly from one data controller to another, where technically feasible.
The exercise of the right to data portability shall be without prejudice to the right of erasure.
The right to data portability shall not adversely affect the rights and freedoms of others.
Art. 14. Response times and modalities in case of exercise of data subjects’ rights
MATTEO CASINI will provide data subjects all the information regarding actions that have been undertaken to accommodate data subject rights under articles from 15 to 22 of the Regulation (i.e. right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object) and under this privacy policy statement (“Rights of the Data Subject”), without undue delay and, in any event, within one month from receiving the request to exercise a right. However, this term may be postponed by two months, where necessary, in consideration of the complexity and number of requests. MATTEO CASINI will inform data subjects of such a delay, and the underlying reasons, within one month of receiving the request. If the data subject submits the request electronically, the information will be provided, where possible, electronically, unless otherwise requested by the same data subject.
Art. 15. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him/her infringes this Regulation. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy.