INFORMATION ON THE PROCESSING OF PERSONAL DATA PROVIDED PURSUANT TO ART. 13 OF THE EU REGULATION 2016/679 (GDPR)

WHO DOES THE GDPR APPLY TO?

This information is addressed to the subjects who will use the services provided by the website www.mistertimbri.it, that is, in detail:

  1. natural persons browsing the website, even if only for consultation;
  2. natural persons who register on the site by creating a “Private” account;
  3. natural persons who register on the website by creating a “Company, Body or Professional” account, regarding the personal data of the person who materially registers;
  4. natural persons who make a purchase from the website, with simultaneous registration;
  5. natural persons who contact the company Presspower SRL using the “Contact” form.

In this information will be indicated as Data Subject.

WHO PROCESSES THE DATA?

The Data controller for all the data processing carried out as a result of the use of the website www.mistertimbri.it is the company PRESSPOWER SRL (VAT ID 09425980019), a company established under Italian law in Gassino Torinese (TO), in the person of its legal representative pro tempore, hereinafter also referred to as “Presspower SRL”.
Within the scope of the data processing covered by this information, it is possible to contact the Data Controller at the following address:

PRESSPOWER SRL
Str. San Tommaso, 2
10090 Gassino Torinese (TO)
Tel. and fax: 0119812218
E-mail: info@mistertimbri.it
PEC (Certified email): presspower@pcert.it

The data is physically processed by employees and collaborators of the Data Controller, who have been previously instructed and authorized.
In order to carry out the processing related to registration and orders made through the website www.mistertimbri.it, the Data Controller is supported and assisted by companies providing IT, advertising and shipping services, which have been appointed as Data Processors.
The complete list of Data Processors is available at the Data Controller’s registered office and will be communicated upon simple request for access, in accordance with current legislation.
The address and contacts of the Data Processors, for the purposes of this information notice, can be found on the respective company websites.

WHAT DATA IS PROCESSED?

For the management of the services provided through the website www.mistertimbri.it, the following data is processed:

  • [Type of data collected], for browsing the website, even without registration and/or authentication;
  • [Type of data collected], or subscription to the Presspower SRL newslettering service;
  • Name, Surname, Tax code, Full address, E-mail, Telephone number, for site registration;
  • Name, Surname, E-mail, Telephone number,to get in touch with Presspower SRL.

WHERE IS THE DATA PROCESSED?

The data collected through the website www.mistertimbri.it will be processed by the Data Controller in Italy, at its headquarters in Gassino Torinese (TO) and at the Italian branches of the company Presspower SRL.
The data will be processed by the Data Processors at their offices and branches, located in the territory of the European Union.
For some processing operations, it may be necessary to communicate the data also outside the European Union, if the Data Processor carries out activities and processing outside the EU and/or if the delivery of the order is requested outside the EU.
In any case, the transfer of data outside the European Union will take place on the basis of the assumptions provided for by current legislation, including the use of Binding Corporate Rules (BCR) for transfers within companies belonging to Presspower SRL, the application of standard contractual clauses defined by the European Commission for transfers to third party companies or the verification of the presence of a decision on the adequacy of the personal data protection system of the country where the data is collected, such as the EU Execution Decision 2016/1250 (Privacy Shield).

HOW IS THE DATA PROCESSED?

The data is collected from the Data Subject, through the use of cookies, or by sending them through online forms dedicated to the registration and/or finalization of the purchase order or by sending them through the online contact form or subscription to the newsletter.
Once acquired, the data of the Data Subject is archived and stored in digital form on the computer systems of the Data Controller and/or his Data Processors.
In case of purchase, the data may also be processed in analogical form at the headquarters of the Data Controller and/or his Data Processors.

WHICH COOKIES COLLECT DATA?

The website www.mistertimbri.it uses technical cookies, which may be used without the consent of the Data Subject, as they are strictly necessary for the provision of the service.
In addition, third party profiling cookies may be used, the use of which is subject to the consent given directly to these third parties by accessing the relevant information on the use of cookies.
The profiling cookies may be used by the Data Controller or by the owner of the cookie itself to memorise the choices made by the Data Subject, to provide personalised or optimised functions or to memorise his/her habits and preferences expressed during browsing. For example, profiling cookies may be used to offer the Data Subject online services, to send him/her advertisements that take his/her interests into account or to prevent him/her from being offered services that he/she has refused in the past.

The site www.mistertimbri.it uses the following cookies:

ServiceOwnerPurposeDuration 
Google AnalyticsGoogle LLCProfiling  
Google AdsGoogle LLCAnaliytical/Profiling  
HotjarHotjar Ltd.Profiling  
FeedatyZoorate srlAnaliytical  
SendinblueSendinblue sasProfiling  
Google Tag Manager Google LLCAnaliytical/Profiling  
Facebook pixelFacebook inkProfiling  
Social Plug in Google LLCProfilazione  
Social Plug in Google LLCProfiling  
Rfm CubeRfm Cube srlsProfiling  

Authorisation to collect and store data using cookies can be revoked at any time: the Data Subject can deactivate the use of cookies through the specific setting options of the different browsers.

WHAT IS THE PURPOSE OF DATA PROCESSING?

The data collected by the Data Controller is used in order to:

  • improve the use of the website and record statistics on its use, as well as profiling Data Subjects;
  • register and census the Data Subject on the website www.mistertimbri.it;
  • comply with the obligations, including legal obligations, arising from the purchase contract signed by the Data Subject on the website www.mistertimbri.it, and inform the Data Subject on the progress of the order and shipment;
  • send commercial communications regarding the activity carried out and the products sold by the company Presspower SRL
  • send informative and commercial communications regarding the order;
  • manage the reviews of purchases made on the website www.mistertimbri.it.

The data will also be processed through automated decision-making processes, such as profiling, for marketing and accounting purposes

ON WHAT LEGAL BASIS IS THE DATA PROCESSED?

The processing of the data collected by the Data Controller is based on the explicit consent of the Data Subject, in cases of browsing the website www.mistertimbri.it and/or registering for the website and/or the newsletter service of the company Presspower SRL and/or in case of contact through the website www.mistertimbri.it; in case of purchase, the processing is based on the consent given at the time of conclusion of the contract.
In case the Data Subject withdraws his/her consent to the processing, the Data Controller could continue the processing for obligations deriving from the law and/or on the legal basis of his legitimate interest.

HOW IS THE DATA PROTECTED?

The data processed by the company Presspower SRL is protected by access control systems, both physical and computerised; in order to ensure the availability, integrity and confidentiality of information, Presspower SRL has adopted technical and organizational measures that ensure the storage of data, recovery in case of loss, destruction or theft, the traceability of access in case of violation.

IS IT MANDATORY TO PROVIDE DATA?

The provision of data by the Data Subject is mandatory in order to comply with the requests of the Data Subject, i.e. registration, purchase, subscription to the newsletter or request for contact.
Any refusal to provide the data will make it impossible to provide the requested service, preventing the Data Subject from registering, making a purchase, subscribing to the newsletter and/or contacting Presspower SRL.
The provision of data collected through technical cookies is mandatory to proceed with website browsing, while it is optional for analytical and profiling cookies.

TO WHOM IS THE DATA DISCLOSED?

The data collected and processed by the Data Controller will not be communicated to parties except the Data Processors and parties authorized to process by Presspower SRL.

HOW LONG IS THE DATA PROCESSED?

The data collected through the website www.mistertimbri.it are stored and processed only as long as the purposes for which they were collected remain the same, that is:

  • in case of browsing, the data is processed for the duration specified for each cookie;
  • in case of registration or subscription to the newsletter, until the Data Subject revokes the consent to the processing or requests cancellation from the service;
  • in case of purchase, the data relating to the order will be processed for a period not exceeding 24 months from the date of order delivery while the data relating to invoicing will be processed for a period not exceeding 10 years from the date of purchase;
  • in case of contact request, the data will be processed until the request has been completely processed, and in any case for a period of time not exceeding 24 months.

HOW IS THE DATA SUBJECT PROTECTED?

The Data Subject an protect himself/herself and his/her personal data by exercising the rights provided for by current European legislation, sending a request in free form to the Data Controller.
The Data Controller will reply as soon as possible and in any case within one month from receipt of the request or, if further time is required to process the request, within a maximum of two months; in this case, the Data Controller will inform the Data Subject party of the reasons for the delay.
If the Data Controller does not consider it necessary to process the request, it will communicate his refusal directly to the Data Subject within one month of receipt of the request. In this case, the Data Subject may lodge a complaint with the Control Authority of his/her country or appeal to the Judicial Authority of his/her country.
The exercise of the rights of the Data Subject is free of charge, unless the requests are manifestly unfounded or repetitive: in this case, the Data Controller may charge a fee or refuse the request.

The Data Subject may exercise his/her Right of access, pursuant to art. 15 of EU Reg. 2016/679, by making a request to the Data Controller in order to obtain confirmation that data concerning him or her are being (or are not being) processed. In the same way he can request to know: which data is processed and for what purposes; for how long it is stored; whether the data has been or will be communicated to other subjects, and if so the identity of these subjects and the country where it is located, as well as the existence of adequate guarantees for the transfer; the existence of the right to request correction, limitation or cancellation of their data; the existence of the right to oppose the processing; the existence of the right to lodge a complaint to a Supervisory Authority; the existence of an automated decision-making process, including profiling, and the consequences of such processing. Finally, the Data Subject has the right to receive a copy of his/her personal data subject to processing free of charge, provided that this does not infringe the rights of other parties; any further copies requested could be issued against payment of an expense contribution.

The Data Subject may exercise his/her Right to rectification, ursuant to art. 16 of EU Reg. 2016/679, by addressing a request to the Data Controller in order to correct inaccurate data concerning him or her. In the same way, the Data Subject may request that the data processed be integrated with others, providing a statement to that effect.

The Data Subject may exercise his/her Right to erasure, pursuant to art. 17 of EU Reg. 2016/679, by addressing a request to the Data Controller to delete the personal data collected and processed by the company Presspower SRL in one of the following cases: if the personal data is no longer necessary with respect to the purposes for which they were collected; if the Data Subject has revoked his/her consent to the processing; if the Data Subject has opposed the processing; if the personal data has been processed unlawfully by the Data Controller; if the data must be deleted in order to comply with a legal obligation to which the Data Controller is subject; if the Data Subject is under 16 years of age and the persons exercising parental responsibility have not given their consent.
If the Data Controller has made the personal data of the Data Subject public and is obliged to delete them, it will inform any further parties who are processing the data of the Data Subject of the request for deletion, limited to the actual technical and economic possibility of this procedure.

The Data Subject may exercise his/her Right of restriction, pursuant to art. 18 of EU Reg. 2016/679, by addressing a request to the Data Controller so that the data processing is limited only to the storage of the data, without the Data Controller being able to carry out other operations, in one of the following cases: if the Data Subject contests the accuracy of the data, for the time necessary for the Data Controller to verify the data; if the processing is unlawful and the Data Subject opposes the cancellation; if the Data Controller no longer needs to process the data but must retain them for judicial reasons; if the Data Subject opposes the processing, for the time necessary to verify the balance between the rights of the Data Subject and the legitimate interests of the Data Controller.

The Data Subject may exercise his/her Right to object, pursuant to art. 21 of EU Reg. 2016/679, at any time and for reasons related to its particular situation. This right can be exercised by sending a communication to the Data Controller if the processing is based on the legitimate interest of the Data Controller or if the data is processed for scientific research or statistical purposes.

The Data Subject may exercise his/her Right to data portability, pursuant to art. 20 of EU Reg. 2016/679, by making a request to the Data Controller in order to receive personal data concerning him or her in a structured, commonly used and machine-readable format. In the same way, the Data Subject may request that their data be transmitted to another Data controller.
However, the exercise of this right may not affect the rights and freedoms of others.
The data will be communicated in comma-separated values (.csv) format.

If the Data Subject believes that the processing of his/her personal data is carried out in violation of European Regulation 2016/679, he/she has the Right to lodge a complaint with a Supervisory Authority, pursuant to art. 77 of EU Reg. 2016/679, by choosing among the Supervisory Authorities of the Member State where he/she resides, the Member State where he/she works or the Member State where the alleged violation has occurred.
In any case, the Data Subject may act for the protection of his/her rights also through recourse to the Administrative and/or Judicial Authority of his/her country.

The Data Subject may revoke consent to the processing of his/her data at any time, in the same manner in which he/she has given consent or by sending a communication to the Data Controller. The revocation of consent will not affect the processing already carried out, but will entail the interruption of the processing in progress and the destruction of the data of the Data Subject.

REGULATIONS AND REFERENCES

This information is provided pursuant to European Regulation 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, as well as pursuant to the General Provision of 8 May 2014 of the Guarantor Authority for the protection of personal data.

This version has been in force from 01.05.2020