INFORMATIVA IN ITALIANO
For Customers
Dear Customer, we wish to inform you that European Regulation No. 679 of April 27, 2016, regarding the processing of personal data, ensures the protection of natural persons with regard to the processing of personal data.
Pursuant to Article 13 of EU REG. 2016/679, we kindly ask you to familiarise yourself with the following privacy notice.
Data Controller’s Identification
The Data Controller for the processing of data is GLAM LAB S.R.L., with registered office at Via G. Garibaldi 18/4 – 10122 Turin VAT number: 10623790010, represented by its current legal representative.
Legal basis
The processing is necessary for the performance of a contract to which each customer is a party or for the performance of pre-contractual measures taken at the request of the customer.
For the purpose mentioned in section 3.b, the processing will occur exclusively with your specific and separate consent, which will constitute the legal basis for the processing. Subsequently, the customer will have the right to withdraw their consent at any time. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before the withdrawal.
Processing purpose
Your personal data are processed:
a) without your express consent, pursuant to Article 6 letter b) of GDPR 2016/679, for the following purposes:
– to fulfill pre-contractual, contractual, and tax obligations arising from relationships with you;
– to comply with legal obligations, regulations, EU legislation, or an order of the Authority (such as anti-money laundering regulations);
– to exercise the rights of the Data Controller, such as the right to defend in court;
b) only with your specific and separate consent, according to Article 7 of GDPR 2016/679, for the following purposes:
– sending commercial communications and/or advertising material on products/services offered via email;
– newsletter subscription.
Failure to Provide Data
The provision of data is a necessary requirement for the execution of the contract. Therefore, the failure to provide such data will make it impossible for the Data Controller to carry out the activities related to the main processing, namely:
– contract management;
– compliance with legal obligations arising from the established relationship.
Processing Methods
Your personal data will be processed in both paper and electronic form, including their insertion into databases, lists, and suitable records for data storage and management, in the ways and within the limits necessary to pursue the aforementioned purposes.
Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access. These measures include, but are not limited to, firewalls, antivirus software, anti-malware tools, and regular backups.
Your data will be processed only by authorised personnel explicitly appointed and instructed by the Data Controller.
Retention
The Data Controller will process personal data for the time necessary to fulfill the above-mentioned purposes and for the period provided by laws related to tax and civil obligations.
For the purposes mentioned in section 3.b, data will be processed until the data subject exercises their right to withdraw consent.
Recipients of Personal Data
The personal data processed by the Data Controller will not be disclosed, nor will they be made known to undetermined subjects in any form, including providing access or simple consultation.
Your data may be made accessible for the purposes mentioned in section 3 to:
– employees and collaborators of the Data Controller, appointee data processors and/or data processors;
– third-party companies or other entities (indicatively, banks, professional firms, consultants, etc.) that carry out outsourcing activities on behalf of the Data Controller, acting as external data processors.
Therefore, some of the personal data collected may be communicated to, for example:
– consultants and freelance professionals, even in association, law firms, etc., for administrative and accounting purposes, professional consulting activities, and tax and legal assistance;
– banks and credit institutions for cash management and payments;
– insurance companies;
– tax authorities and public entities to fulfill legal obligations;
– data processing and IT service companies (e.g., web hosting, data entry, management and maintenance of IT infrastructure and services, etc.).
They may be disclosed to subjects authorised to access them under legal provisions, regulations, and EU legislation. The updated list of external data processors is available at the Data Controller’s headquarters. Additionally, based on their job duties, some authorised personnel have been empowered to process personal data within the limits of their skills and in accordance with the instructions provided by the Data Controller. The updated list of individuals authorised to process personal data is available at the Data Controller’s headquarters.
Data Subject Rights
With regard to the following articles: Article 15 right of access, Article 16 right to rectification, Article 17 right to erasure, Article 18 right to restriction of processing, Article 20 right to data portability, Article 21 right to object, Article 22 right not to be subject to automated decision-making under GDPR 2016/679, the data subject may exercise their rights by writing to the Data Controller as indicated in section 1, or contact us by website form, specifying the subject of their request, the right they intend to exercise, and attaching a photocopy of an identity document to prove the legitimacy of the request.
