Categories of stakeholders: customers and users of the institutional website
AMBROSIANA ARTE SRL undertakes to guarantee theprotection of its personnel every day.
With this information, we wish to offer you a clearand transparent view of what information we collect and processregarding our customers in the context of the contractualrelationship, the use of our website and the online applicationsinstalled on mobile devices.
In the followingparagraphs we will explain how we use your personal data, for whatpurposes and for how long, also reminding them how we guaranteeyour rights and compliance with the rules on the protection ofpersonal data.
2.Identity and contact details of the data controller
AMBROSIANA ARTE SRL,with registered office in Via Sant'Agnese 18, 20123 Milano Tel.02/89459708 in the person of the legal representative pro tempore,is the data controller of his personal data.
3.Appointment responsible for data protection (DPO)
The owner of the processing of personal data ofAMBROSIANA ARTE SRL in line with the accountability principleintroduced by the GDPR in the creation of a data protectionmanagement model has carried out an analysis of the personal dataprocessed by its organization.
From this analysis we can see how, due to thecharacteristics of the organization, the nature of the personaldata processed, the categories of data subjects involved in theprocessing, there is no verification of the cases referred to inart. 37, par. 1 of the aforementioned regulation.
It is also declared that the organization does notcarry out treatments that require regular and systematicmonitoring of large-scale data subjects, nor the treatment ofparticular categories of personal data on a large scale, nor theprocessing of data relating to criminal convictions and offenses.
For these reasons,the data controller of AMBROSIANA ARTE SRL has decided not toproceed with the appointment of a data protection officer (RPD)also known as DPO.
4.Purpose and legal basis of the processing
Your data will be processed for the followingpurposes:
a) Forthe stipulation and execution of the contract concerningour services, ie for purposes strictly connected and instrumentalto the completion of the necessary pre-contractual activities(verification of creditworthiness and solvency), to the managementof the contractual relationship (administrative and accountingactivities, customer assistance, complaints management, creditrecovery), the provision of services, from time to time, required.
b) Tocomply with legal obligations and requests of the Authorities, aswell as to comply with the provisions of the legislation for theprevention of fraud, anti-money laundering legislation andterrorist financing, where applicable
c) Forbusiness promotion and marketing activities forthe direct offering of our products and services similar to thosealready purchased by you.
d) Forprofiling activities relatedto the art gallery sector and auction houses based on yourinterests.
The provision of your data for thepurposes referred to in subparagraphs a) and b) is mandatory asnecessary for the conclusion and / or execution of contractual and/ or legal obligations, the failure to disclose the data thereforeimplies the impossibility of fulfilling to these obligations,while the treatments referred to in letter c) and d) require theirexpress consent. If we had previously acquired your express andspecific consent, the same can be revoked at any time by writingto the email address email@example.com
There are noautomated decision-making processes.
5.Methods of processing
The processing ofyour data will be based on the principles of lawfulness, fairnessand transparency and can also be done through automated methodsdesigned to store, manage and transmit them accurately and willtake appropriate technical and organizational measures to ensuresecurity and protection from treatment unauthorized or unlawful,from loss, destruction or accidental damage.
6.Personal data and cookies
"Personal data" means any informationsuitable to identify, directly or indirectly, a physical person,in this case your data are processed to be able to provide theservices offered by AMBROSIANA ARTE SRL
In particular, we collect and process your personaldata necessary for the conclusion of the contract and theprovision of the required services, such as:
personaldata and identification (name, surname, date and place of birth,tax code, gender, ID);
the address of residence and address, telephonenumber and email address;
bank account details;
in general, any other data and information necessaryfor the conclusion and execution of the contract.
In addition, when using our website and our apps wedeal with: the information requested during registration, thenavigation data, its contact details, the IP address, the domainname of the devices you use, the URL used, information about theoperating system and the IT environment used by you, the browsinghistory, the geographical coordinates of the mobile device, aswell as the data you voluntarily provided in this context to takeadvantage of our services and purchase our products
We also collect your data via cookies.
Cookies are small text files that the sites visitedby users send to their terminals, where they are stored beforebeing re-transmitted to the same sites at the next visit.
In general, we use the c.d. technical cookiesnecessary to guarantee the user the best functionality of ourwebsite. If you wish to disable / refuse the use of these cookies,you can change the settings of your PC browser at any time.
For more detailsabout the additional types of cookies we use, ie cookies c.d. ofthird parties and profiling, we invite you to consult our cookiepolicy published on our website.
7.Redirect to external sites
The Website uses the c.d. Social plug-ins, or specialtools that allow you to incorporate the features of the socialnetwork directly within a website (e.g. The "like"button of Facebook).
8.Recipients of personal data
We communicate your data only to the subjects we useto perform activities necessary for the achievement of thepurposes indicated and described in the previous point 4,including for example:
• external companies offering services related tothe verification of creditworthiness, capital solidity, riskprofile and regulatory compliance (eg anti-money laundering);
• third-party companies that provide logisticsservices;
• companies that perform technical coordination,assistance and maintenance of IT systems;
• in general, third-party companies that provideassistance with matters relating to the contract.
The subjects mentioned above arespecifically appointed by us as data processors, whose list can berequested from the Data Controller by writing to the email firstname.lastname@example.org
We may alsocommunicate your data to the parties to whom the disclosure is dueby virtue of legal obligations and the credit institutions withwhich we operate for the purpose of signing the contract. Thesesubjects perform their respective treatment activities asindependent owners.
9.Data transfer to third countries
Normally we do not transfer your data outside the EU.In some specific circumstances and for purposes related to theverification of creditworthiness and financial soundness, some ofyour data may be transferred to third countries.
In this case we make sure that the recipient, actingas data controller, complies with the provisions of the GDPR,including the rules specifically for the transfer of personal datato third countries. In particular, we guarantee that suchtransfers take place on the basis of an adequacy decision or thesigning by the manager of contractual clauses approved by theEuropean Commission.
The actual transfer of personaldata to third countries and the related more information can berequested to the Owner by writing to the email email@example.com
Your data are nottransferred to third-party companies located outside the EuropeanEconomic Area, should it be necessary to transfer this, we willtake care to ensure that the recipients of your data have adoptedappropriate security measures to ensure their protection.
10.Data retention period
Yourpersonal data will be kept for the period of time strictlynecessary for the pursuit of the specific purposes of theprocessing for which you have given your consent and,specifically:
-For the purposes indicated in letter a) and b) of point 5 for thetime necessary for the fulfillment of the contractual obligationsand, in any case, no later than 10 years from the time ofcollection of your data for compliance with regulatory obligationsand, in any case, no later than the deadlines set by law for theprescription of rights.
-For the purposes indicated in letter c) and d) of point 4 (or formarketing and profiling purposes) for 24 (twenty-four) months fromthe issue of consent to treatment, each user can revoke hisconsent (opt-out) by clicking on specific link placed on thesubscript of the communication sent in electronic format or bysending an e-mail to firstname.lastname@example.org
Finally, we reservethe right to store the server log data of the institutionalwebsite for a period of 12 (twelve) months in order to be able tohandle any crimes committed against the Website and for requestsby the Judicial Authority.
11.Rights of the interested party (Article 13 of the GDPR)
• Right of access (art.15GDPR): Theinterested party has the right to obtain from the data controllerconfirmation that it is or is not undergoing treatment of personaldata concerning him and in this case, to obtain access to personaldata.
• Right of rectification andcancellation (art. 16-17 GDPR):The interested party has the right to request the correction anddeletion of personal data that are no longer necessary in relationto the purposes for which they were collected or otherwiseprocessed.
• Right to limit processing(Article 18 GDPR):The person concerned has the right to request the limitation ofthe processing of their data when one of the hypotheses referredto in Article 18 GDPR occurs.
• Right to data portability(art.20 GDPR):The data subject has the right to receive, in a structured, commonand automatically readable form, the personal data concerning him/ her provided to a data controller and has the right to transmitsuch data to another data controller without hindrance by the datacontroller who supplied them.
• Opposition right (art. 21GDPR): Theinterested party has the right to object, at any time for reasonsconnected with his particular situation, to the processing of dataconcerning him based on the lawfulness of legitimate publicinterest and exercise of public powers, including profiling.
• Right of withdrawal ofconsent: Thedata subject has the right to withdraw consent to the processingof his / her data at any time, without prejudice to the lawfulnessof the processing based on consent before revocation.
• Right to propose a complaint to the supervisoryauthority (Privacy Guarantor).
Theabove rights may be exercised against us by writing to the emailaddress email@example.com.The exercise of your rights as an interested party is free underArticle 12, GDPR.