Information for customers


This information disclosure is rendered to customers of GLAM LAB srl, whether they are individual persons or
natural persons acting in the name and on behalf of legal person customers, in accordance with Article 13 of
Legislative Decree dated 30 June 2003 n. 196 – “Personal Data Protection Code” and with Article 13 of GDPR
679/2016 – “European Regulation on personal data protection”.
Data Controller identity
Mr. Marco Baudraz is the Data Controller of any processing carried out by GLAM LAB srl, with registered and
administrative office at Corso Germano Sommeiller 35, 10138 TORINO.
The Data Controller ensures security, confidentiality and protection of personal data in his possession, at any stage
of its processing activity.

The DPO has not been appointed.

Data source

The processed data is what is provided by data subjects when:
• visiting the offices;
• interacting through the website;
• requesting information, also by email;
• making previous transactions.

Processing purpose

Tax obligations, organisational and bureaucratic fulfilments of required services. Negotiation and pre-contractual
relationships management. Management of marketing activities, object of the business activities.
In the end, all personal data of the above-mentioned data subjects, will be entered in the Controller’s archive and
used to send communications regarding products, services, innovations and promotions.

Legal basis

The legal basis is represented by the execution of a contract to which the data subject is a party, or the
implementation of pre-contractual measures adopted in response to the data subject’s requests. Some processing is
carried out for the legitimate interest of the Controller (promotion of its own business activities and pursuit of the
statutory purpose).

Data recipients

Personal data processed by the Controller will not be disseminated, in other words indeterminate subjects will not
gain knowledge of them, in any possible form, including the one made available to them or by mere consultation. It
may be communicated, instead, to workers that are employed by the Controller and to some external parties that
collaborate with them. It may also be communicated, within the strictly required limits, to subjects that for purchase
fulfilment purposes, other requests or for the provision of services regarding the transaction or contractual
relationship with the Controller, must provide goods and/or carry out services. To conclude, it may be communicated
to persons authorised to access it pursuant to legal provisions, regulations or community legislations. In particular,
based on roles and on fulfilled working tasks, some workers have been authorised to process personal data, within
the limits of their competences and in compliance with instructions given to them by the Controller.

Transferring data

The Data Controller does not transfer personal data in third countries or to international organisations. However, he
reserves the right to use services in cloud; in that case, service providers will be selected among those which provide
appropriate guarantees, as provided for by Article 46 GDPR 679/16.

Data retention

The Data Controller retains and processes personal data for as long as is necessary to carry out the indicated
purposes. Later, personal data will be retained, and not further processed, for as long as established by current
provisions on civil and fiscal matters.

Revocation of consent

With reference to Article 23 of Legislative Decree 196/2003 and of Article 6 of GDPR 679/16, the data subject may
revoke the possibly given consent at any time. However, the processing in question in this information disclosure is
licit and permitted, even without agreement, as it is required for the execution of a contract to which the data
subject is party (provision relationship) or the fulfilment of their requests.

Lodging a complaint

The data subject has the right to lodge a complaint to the controlling authority in their state of residence.

Refusal to provide data

Natural person customers cannot refuse to give personal data required to comply with the rules of law that control
commercial transactions and tax system to the Controller. The provision of their further personal data may be
necessary to improve quality and efficiency of the transaction. Therefore, the refusal to provide the data required by
law will impede the fulfilment of orders; while the failure to provide further data may compromise in whole or in
part the fulfilment of other requests and the quality and efficiency of the transaction itself.
People that work in name or on behalf of legal person customers can refuse to give their personal data to the
Controller. The provision of personal data is however necessary for the precise and efficient management of the
contractual relationship. Therefore, a possible refusal to provide data may compromise the contractual relationship
itself, in whole or in part.

Automated decision-making

The Controller does not carry out processing that consist in automated decision-making on the data of natural
person customers, or the natural persons which work in name or on behalf of legal person customers.