PERSONAL DATA PRIVACY NOTICE
(pursuant to Art. 12 of EU Regulation 2016/679 adopted by the European Parliament and Council)
Company Capri La Punt SA. with registered office in Via Chantunela 27, 7522 La Punt-Chamuesch (CH) Switzerland, in its position as Data Controller, informs you that EU Regulation 2016/679 (General Data Protection Regulation (GDPR)) adopted by the European Parliament and Council has established new rules on the protection of the personal data of natural persons and the dissemination of such data.
The EU Regulation protects the rights and basic freedoms of natural persons, with special regard to the protection of personal data.
The data Controller (a natural person or a legal person who defines the purposes and modalities of data processing) puts in place appropriate measures to ensure that the data subjects receive all the information concerning the management of their personal data.
According to the Regulation, the processing of personal data is based on the principles of correctness, lawfulness, transparency and protection of Your privacy and Your rights.
Pursuant to articles 12 and 13 of EU Regulation 2016/679, upon obtaining personal data from a subject, the data Controller must provide the following information to the subject:
1. Purposes of data processing
The data Controller manages the personal data that identify a natural person (the data subject), such as, for instance, name, surname, identification number, company name, address, telephone, e-mail, bank and payment data, etc… that you provide in order to enter into a contract for the services supplied by the Controller.
2. The Data Controller and the Representative of the data Controller
The data Controller is: Capri La Punt SA.
c/o Capri La Punt SA. with registered office in Via Chantunela 27, 7522 La Punt-Chamuesch (CH) Switzerland, Tel +41 076-2412368/ Tel +39 347-2938908, email@example.com.The Representative of the data Controller (where applicable) is: not specified.
An updated list of the data processors (where applicable) and the persons in charge of data processing is kept at the registered office of the Controller.
3. Data protection officer (where applicable)
The Data Protection Officer is: not specified.
4. Purposes of data processing
The data you provide will be processed without your express consent for the following purposes:
4A) legal obligation the data Controller is subjected to
7A) pursuit of the legitimate interests of the data Controller or those of a third party
The data you provide will be processed with your express consent for the following purposes (where applicable):
2B) Newsletters delivery service activation and management
Data processing is legitimate when:
1C) the person concerned has given her consent to the management of his/her personal data (newsletters service)
3C) data processing is necessary to meet a legal obligation the data Controller is subjected to,
6C) data processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of a data subject, which require protection of personal data, in particular where the data subject is a minor (direct marketing, right to the exercise or defence of legal claims in court proceedings)
Pursuant to art. 13 clause 3, the Controller undertakes not to use the personal data acquired for any purposes other than those for which the data has been collected without providing additional information to the data subject regarding such different purposes and any additional relevant information as per paragraph 2, or without having obtained an additional consent (where required).
5. Legitimate interests of the data Controller (where applicable, only when the lawful basis for data processing as per paragraph 3 is as described above in 6C)
Data processing is based on the following legitimate interests: the right to the exercise or defence of legal claims in court proceedings, direct marketing.
6. Data processing modalities
Data processing is performed through the operations specified in art. 4 clause 2) and namely through the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.
The processing of persona data is performed by means of appropriate tools and procedures designed to ensure the security and confidentiality thereof. Personal data processing is performed according to the following modalities:
■ by means of IT tools, with automated decision-making processes.
7. Disclosure of personal data
Without the express consent of the subject (pursuant to art. 6, letters b) and c)), the Controller can communicate your data for the aforementioned purposes to Supervisory Bodies, Judicial Authorities, insurance companies, as well as other subjects to whom disclosure is required by the law, in order to fulfil the purposes specified above. Such entities/subjects process the data as independent data controllers.
■ Personal data will not be communicated to any category of recipients and will not be disseminated in any manner whatsoever.
8. Transferring the data to a third country or an international organisation
■ Personal data will not be transferred to a third country or an international organisation.
9. Nature of the provision of personal data and consequences of failure to provide the data
The data Controller is required to inform the data subject as to whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether or not the data subject is obliged to provide his/her personal data, and of the possible consequences of failure to do so;
The provision of personal data is:
■ required (point 4, letters A)
■ optional (point 4, letters B) (newsletter service)
if the provision of data for the aforementioned purposes is required, this is motivated by
■ a legal obligation the data Controller is subjected to
■ the pursuit of legitimate interests of the data Controller or a third party.
If the provision of personal data for the aforementioned purposes is required, refusal to provide the data will result in:
■ impossibility to carry on the relationship,
■ failure to supply the services envisaged (newsletters service);
If the provision of personal data for the aforementioned purposes is not required, refusal to provide the data will result in:
■ failure to supply the services envisaged (newsletters service)
10. Storage period
The Controller will retain the personal data for the time strictly necessary to fulfil the aforementioned purposes and, in any event, not after the day on which a request to terminate the relationship for service-related purposes is received.
11. Rights of the data subject
Data subjects can exercise their rights towards the data Controller at any time.
Art. 13 letter b) of EU Regulation 2016/679 specifies that the moment personal data have been obtained, the data Controller is required to inform the data subject of the existence of the following rights, which are necessary to guarantee the correct and transparent management of personal data:
– Right of access (Art. 15)
– Right to rectification (art. 16)
– Right to erasure (Art. 17)
– Right to restriction of processing (Art. 18)
– Right to object (Art. 21)- Right to data portability (Art. 20).
Besides the rights provided for in art. 13, the EU Regulation defines a number of additional rights that the data subject can exercise, including:
– Right to withdraw their consent (Art. 7)
– Right to lodge a complaint with a control authority (Art. 77).
12. Withdrawal of consent (Art. 7)
According to art. 7, clause 3, data subjects have the right to withdraw their consent at any in the following circumstances:
– Data-processing is based the consent given by the subject to the processing of his/her personal data for one or more specific purposes (article 6, paragraph 1, letter a),
– Data processing is about special categories of personal data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person’s health or sex life or sexual orientation) is based the consent given by the subject to the processing of his/her personal data for one or more specific purposes (article 9, paragraph 2, letter a).
Withdrawal of consent does not undermine the lawfulness of the processes based on the consent given before the withdrawal. Data subjects are informed of this before they express their consent. The consent is withdrawn as easily as it is given.
13. Right to lodge a complaint with a control authority (Art. 77)
According to art. 77, when he/she considers that his/her rights under this Regulation are infringed, a subject has the right to lodge a complaint with a supervisory authority, in the EU member states where the subject habitually resides or in the country where the alleged infringement has occurred, without prejudice to any other administrative or judicial remedy.
The data Controller informs the data subject of the possibility to lodge a complaint with a supervisory authority and the possibility to seek a judicial remedy.
The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
The data subject is also entitled to seek judicial remedy if the supervisory authority does not address a complaint or does not inform him/her on the progress and the outcome of the complaint within three months’ time, without prejudice to any other administrative or judicial remedy.
14. Modalities for the exercise of the rights of the data subject
The data subject can exercise his/her rights at any time by sending to the data Controller and/or to the Processor (if specified):
– a registered letter with return receipt to: Capri La Punt SA. registered office, Via Chantunela 27, 7522 La Punt-Chamuesch (CH) Switzerland
– an e-mail to: firstname.lastname@example.org
WEB SITE SURFING
Data processed and purpose of treatment
The simple consultation of the site does not constitute in itself the collection or processing of personal data, except as regards navigation data and cookies to the relevance of which please refer for privacy to the next sections. If between the data provided there were some attributable to third parties, the user shall guarantee towards Capri La Punt SA. for his / her obtaining the consent for the collection and processing the data. As for the purpose of treatment, it is identified with the completion of the subscription phase and its subsequent execution, with the sending of messages concerning the registration and its operations and, subject to a specific user’s consent, with the sending of promotional and illustrative material of the products / services and, if present, the newsletter of the site.
The processing will be done by tools and procedures guaranteeing the security and confidentiality of data in compliance with the law and can be done either on or offline. Specific security measures are taken to prevent data loss, illicit or incorrect use and unauthorized access.
Upon registration, the user is asked to read the notice pursuant to the Code and to confirm the agreement to the processing of data at that time supplied, for the purpose from time to time described. This agreement and the provision of the data processed should be considered mandatory in order to refine the registration to the site and the use of services connected with the registration; on the contrary, the agreement will be optional with reference to sending promotional materials and / or information on the activities and products / services of Capri La Punt SA..
Scope of circulation of data
Personal data submitted by users will be processed Capri La Punt SA. or persons appointed by the company as managers or agents. They will also be disclosed to third parties responsible for providing services related to the activities of the site and to the execution of the contractual obligations undertaken through them; the third parties will also provide the storage of the data and their processing to allow the execution of the service to each of those entrusted. In particular, the subjects are technology and telecommunication service providers, logistics service providers, system and payment services operators.
The computer systems and software procedures used to operate the site acquire, during their normal operation, some data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified users but, by their nature, could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used to connect to the site, URI of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of response from the server (successful, error, etc.) and other parameters regarding the operating system and the computer environment.
These data are not disclosed but are used only to obtain anonymous statistical information about the site and to check its correct functioning; they are kept for the time defined by applicable regulations of reference. The data could still be used to ascertain responsibility in case of computer crimes against the site.
Rights of the user
The user has the right at any time to obtain confirmation of the existence of the data and to know their content and origin, the purposes and methods of treatment and, in case of processing with electronic instruments, the logic applied to processing and has the right at any time to verify its accuracy or to request its integration, update or correction (art. 7 of the Legislative Decree. n. 196/2003). According to the same article, the user has the right to request cancellation, transformation into anonymous or block of data processed in violation of the law, and oppose for legitimate reasons to their treatment. The processing of personal data will be tight to and be governed by Swiss law. The rights of the user can be exercised by sending a written communication to Capri La Punt SA., based in Via Chantunela 27, 7522 La Punt-Chamuesch (CH) Switzerland or by e-mailing to email@example.com.
Cookies are small files of text sent by a site to its computers, where they are stored before being re-transmitted to the same sites on the user next visit. Cookies of so-called third parties, however, are set by a different website than the one the user is visiting: on each site can be present elements such as images, maps, sounds and specific links to web pages of other domains that are hosted on different servers than the site. Cookies are used for different purposes: execution of authentication, monitoring sessions, storing of information about specific configurations about users accessing the server, storing of preferences. A cookie cannot retrieve any other data from your hard drive, transmit viruses, or capture email addresses. Each cookie is unique to the user’s browser.
Management of cookies by browser
The user can withdraw the agreement at any time, being it effective for the future, by selecting the specific parameters that allow the browser to exclude enabling the cookies. The procedures are the following:
– Internet Explorer: Select Tools / Internet Options, click Privacy and choose the level of privacy you want using the cursor;
– Chrome: select Tools / Settings, click Show Advanced Settings and, in the Privacy section, click Content settings;
– Firefox: Select Tools / Options and click the Privacy;
– Safari: select Settings > Safari > Block Cookies and select one of the followings: “Always Allow”, “Allow only from the websites I visit”, “Allow only from the current web site”, “Block always”.
If the user deletes or blocks a cookie may be impossible to restore any preferences or customization settings.
The use of so-called session cookies, which are not stored permanently on the user’s computer and disappear when the browser is closed, is strictly limited to the transmission of the user’s session and cart information. They serve to enable a safe and efficient site and to make and keep the user identification during the session.
Google Analytics Demographics and Interest Reporting
The service is part of Google Analytics service and allows to profile users anonymously. Personal Data collected: Cookie and Usage data.
Google Maps is a maps visualization service provided by Google Inc. that allows this site to incorporate content of this kind on its pages. Personal Data collected: Cookie and Usage data.
Youtube is a video content visualization service provided by Google Inc. that allows this site to incorporate content of this kind on its pages. Personal Data collected: Cookie and Usage data.
Vimeo is a video content visualization service provided by Vimeo, LLC that allows this site to incorporate content of this kind on its pages. Personal Data collected: Cookie and Usage data.
Registration and Newsletter
By registering for the newsletter or for other purposes in the website, the user’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this site. The user’s email address might also be added to this list as a result of signing up to this site or after making a purchase. Personal Data collected: user, mail, name, surname, company, birth date, birthplace, address, city, postal code, district, country, phone, fax, account type, tax code, VAT n.
This site may collect, use and share data on the user’s geographic location, in order to provide location-based services. Most browsers and devices provide by default the tools to deny geographical tracking. Once the user has expressly authorized such a possibility, this application can receive information on its actual location. Personal data collected: Geographic location.
The Personal Data collected will be used for the provision of services to the User or for the sale of products, including the payment and the eventual delivery. The Personal Data collected to allow the payment may be those relating to the credit card, to the account used for the bank or to other payment instruments provided. The Data collected from this site depend on the payment system used. Notwithstanding the above, the Holder informs that the User may use Your Online Choices (Country / Your Choices). Through this service, you can manage the tracking preferences of the most of advertising tools. The Owner, therefore, recommends using this resource in addition to the information provided in this document.