PRIVACY POLICY Ser-Vis srl

PRIVACY POLICY

This notice is provided pursuant to Article 13 of EU Regulation No. 2016/679 (“General Data Protection Regulation”, hereinafter referred to as the Regulation).

This Privacy Policy aims to describe in a simple and transparent manner to users which personal data are processed, for what purpose, by whom and by what means, and to inform them about the measures that are applied to protect their rights and freedoms.

Therefore, anyone who decides to navigate within the website, accessible via the following address: www.drgiorgini.com, is the recipient of this information pursuant to Article 13 of the Regulation.

We specify that this information is provided exclusively for this Website and not for other third-party websites that may be consulted by the user through hypertext links.

INDEX

1. DATA CONTROLLER
2. DATA PROTECTION OFFICER
3. PERSONAL DATA SUBJECT TO PROCESSING
4. PERSONAL DATA OF MINORS
5. PURPOSES AND LEGAL BASIS OF PROCESSING
6. RECIPIENTS OF PERSONAL DATA
7. TRANSFER OF PERSONAL DATA
8. STORAGE OF PERSONAL DATA
9. DATA SUBJECT RIGHTS
10. AMENDMENTS
11. CONTACT POINTS

1. DATA CONTROLLER

Ser-Vis srl Zona Ind. S. Adriano 15/16,50034 Marradi (FI) P.IVA 04419730488, email…..

2. DATA PROTECTION OFFICER

The Data Protection Officer designated by Ser-Vis s.r.l. in accordance with Article 37, paragraph 1, letter a) of EU Regulation 2016/679

3. PERSONAL DATA SUBJECT TO PROCESSING

By accessing and visiting our website, as well as using the services offered to users through the website, personal data relating to identified or identifiable individuals (users and third parties, so-called "Data Subjects" under the GDPR) may be processed, collected automatically by the website itself, also through automated systems, or voluntarily provided by the data subjects, namely:

• Personal data, identifying data (in particular name, surname, tax code, postal address, email address, telephone number, directly provided by you for the purpose of purchasing in the online store).
• Data for accessing the account. These are the data necessary to allow you to access the profile of your account, such as the ID to log in/email address, username, password in non-recoverable format.
• Demographic and interests data. These are data that describe your demographic characteristics such as date of birth, age or age range, gender, geographical origin.
• Browsing data: The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. This data, necessary for the use of web services, is also processed for the purpose of obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.) and checking the correct functioning of the services offered. Browsing data is not retained for more than 365 days and is deleted immediately after aggregation (unless there are any requirements for investigation of crimes by the Judicial Authority).
• Data communicated by the user: The optional, explicit, and voluntary sending of messages to the contact addresses of the Data Controller entails the acquisition of the sender's contact details, necessary to respond, as well as all personal data included in the communications.
• Cookies (tracking systems, push notifications, etc.): Please refer to the detailed information available from the link in the bottom right corner of the page.

4. PERSONAL DATA OF MINORS

We do not intentionally request or collect personal data from minors (i.e., individuals under the age of 18). If we become aware of inadvertently receiving personal data from a minor, we promptly delete such data from our records.

5. PURPOSES AND LEGAL BASIS OF PROCESSING

Your data, as outlined in Section 3, will be processed, in compliance with applicable data protection laws, solely for the following purposes:

Purchase from the Online Store: The legal basis for this processing is the necessity to perform a contract to which the data subject is a party or to take pre-contractual measures at the data subject's request, as provided in the terms and conditions of sale.

The personal data requested is necessary to process the purchase, and any refusal will result in the inability to process the purchase order.

Respond to inquiries submitted through the contact form: The legal basis for this processing is the necessity to take pre-contractual measures at the data subject's request. The retention period of data processed for this purpose is the time necessary to respond to the inquiry.

The personal data requested is necessary to respond to the inquiry, and any refusal will result in the inability to respond to the data subject.

Send informational and promotional materials (direct marketing), including via email and SMS (mailing lists, offers, etc.): The legal basis for this processing is the explicit consent of the data subject. The retention period of data processed for this purpose is until the data subject requests to unsubscribe from the promotional communication service. Please note that consent can be revoked at any time without affecting the lawfulness of processing before the revocation. Providing personal data is optional, and any refusal will result in the inability to receive informational and promotional materials.

Analyze consumer habits and choices, carry out market research: The legal basis for this processing is the explicit consent of the data subject. Please note that consent, which is optional, can be revoked at any time without affecting the lawfulness of processing before the revocation.

Fulfil tax obligations arising from existing relationships as well as obligations under law, regulation, EU legislation, or an order of the Authority.

The legal basis for processing is compliance with legal obligations incumbent upon the Data Controller pursuant to Article 6.c of the GDPR.

6. RECIPIENTS OF PERSONAL DATA

Your personal data may be shared, for the purposes outlined above, with:

- Entities acting typically as "Data Processors" pursuant to Article 29 of the Law and Article 28 of the Regulation, i.e., individuals, companies, or professionals providing assistance and consultancy services to the Data Controller regarding the provision of services/products.

- Entities with whom it is necessary to interact for the provision of services/products as independent Data Controllers (e.g. social media providers, online payment companies, etc.).

- Entities, bodies, or Authorities to whom it is mandatory to communicate your personal data pursuant to legal provisions or orders of the Authorities.

- Personnel expressly authorized by the Data Controller, pursuant to Article 30 of the Law and Article 29 of the Regulation, necessary to perform activities strictly related to the provision of services/products, who are committed to confidentiality or have an adequate legal obligation of confidentiality and have received appropriate operational instructions.

The complete list of Data Processors is available in Section 11.

7. TRANSFER OF PERSONAL DATA

We store your Personal Data in operational environments that use security measures, among those reasonably available, to prevent unauthorized access. We follow appropriate standard measures, among those available, to protect Personal Data.

The storage and processing of your Personal Data as described above may require that Personal Data be finally transferred/transmitted to, and/or stored in, a destination outside your country of residence or the EU.

The Data Controller ensures that the processing of your personal data by these recipients complies with the Law and the Regulation.

8. STORAGE OF PERSONAL DATA

The Data Controller will process personal data for the time strictly necessary to fulfill the purposes outlined above, in accordance with the principles of minimization and limitation of storage set forth in Article 5, paragraph 1, letters c) and e) of the GDPR. Personal data will be processed for a maximum of 10 years from the termination of the contractual relationship for contractual purposes as stated in point 5. After this storage period, the data will be destroyed or anonymized and made unusable for the purposes for which the storage periods have elapsed. The Data Controller will process personal data for the time necessary to fulfill the purposes outlined above and for no more than 2 years from the collection of data for Marketing Purposes. After this storage period, the data will be destroyed or anonymized. Personal data necessary for the use of the account on the drgiorgini.en website will be preserved until explicit deletion request to ensure the functioning of the user profile or up to 3 years in case of inactivity.

9. DATA SUBJECT RIGHTS

Pursuant to Articles 15 and following of the Regulation, you have the right to request, at any time, access to your Personal Data, rectification, erasure of the same, integration of incomplete data, or to object to their processing; you have the right to request the restriction of processing in cases provided for by Article 18 of the Regulation, as well as to obtain, in a structured, commonly used, and machine-readable format, the data concerning you, in cases provided for by Article 20 of the Regulation.

Requests should be addressed in writing to SER-VIS at the following address: Ser-Vis srl Industrial Zone S. Adriano 15/16, 50034 Marradi (FI) – Italy, or by email to privacy@drgiorgini.com.

Data subjects who believe that the processing of personal data concerning them carried out through this website is in violation of the provisions of the EU Regulation (GDPR) have the right to lodge a complaint with the supervisory authority, as provided for in Article 77 of the GDPR, or to bring proceedings before the appropriate judicial authorities (Article 79 of the GDPR).

10. AMENDMENTS

Ser Vis s.r.l. may modify or simply update, in whole or in part, this Privacy Policy, also in consideration of changes in the rules governing this matter and protecting your rights. The changes and updates to the Privacy Policy will be binding as soon as they are published on the website in this same section. We therefore invite you to regularly access this section to check the publication of the most recent and updated Privacy Policy.

11. CONTACT POINTS

Any request regarding the processing of personal data and any communication concerning the exercise of your rights may be addressed to the Data Controller by sending a communication via email to privacy@drgiorgini.com or by post to Ser-Vis srl Industrial Zone S. Adriano 15/16, 50034 Marradi (FI).