Lamar S.r.l., with registered office in Via 8 Marzo n°10, Pieve a Ripoli Cerreto Guidi (FI), as Data Controller, protects the personal data provided by the interested parties when navigating and using the website www.lamar.it, ensuring their confidentiality and guaranteeing compliance with the regulations in force as well as the necessary level of protection, from any event that might put them at risk of violation.
As required by art. 13 of the General Regulation on the Protection of Personal Data of the European Union (GDPR), before proceeding with the processing, the user of the website www.lamar.it, (hereinafter also referred to as “Data Subject”) is informed that his/her personal data, collected through the website, are subject to processing by the Data Controller as generalized above, by means of computer and/or telematic tools, for the purposes indicated below in this information notice.
- PURPOSE AND LEGAL BASIS OF PROCESSING Your personal data will be processed for the following purposes a. to allow the fruition and use of this website, as well as to carry out the maintenance and technical assistance necessary for its proper functioning; b. to allow the Controller to respond to your request for contact. The legal basis underlying the processing referred to in letter a) of this point is: Art. n°6 par.1 lett. f) GDPR: “processing is necessary for the purposes of pursuing the legitimate interests of the controller or a third party, provided that the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail, in particular if the data subject is a child”; The legal basis underlying the processing under (b) of this point is: Art. n°6 par.1 lett. b) GDPR: “processing is necessary for the performance of a contract to which the Data Subject is party or the implementation of pre-contractual measures taken at the request of the same”
- PROCESSING METHODS The personal data being processed are collected directly by the Data Controller or by third parties expressly authorized by the latter, or communicated by the Data Controller to such third parties for the pursuit of the purposes set out in point 2. The processing of personal data shall be carried out mainly with the aid of computerized tools by persons inside and outside the Data Controller’s organisation who are duly authorized and instructed for this purpose in accordance with the methods and with the means suitable to guarantee the security and confidentiality of the data, in compliance with the provisions of the GDPR. The Data Controller carries out periodic checks to ensure that no personal data are processed, collected, filed or stored that are not necessary in relation to the processing operations and related purposes as indicated in point 2 of this information notice.
- RECIPIENTS OF PERSONAL DATA The personal data processed for the purposes referred to in point 2 of this information notice may be communicated to · to internal subjects of the Data Controller’s structure, duly authorized for the parts of processing falling within their respective competences; · to external subjects such as: – information and computer assistance companies – suppliers of IT infrastructures and solutions – suppliers of web services; – consultants, to the extent necessary for the performance of their professional duties. Communication concerns the categories of personal data whose transmission to the aforementioned third parties is necessary for the performance of the activities and for the purposes set out in this statement. The updated list of the External Managers and of the subjects authorized to process data is kept at the Data Controller’s head office and is available to the interested party upon request by e-mail to firstname.lastname@example.org. The processing in question does not require the consent of the data subject, since it is carried out in order to fulfil the obligations arising from the data subject’s request. In no case will your personal data be communicated to other categories of third parties (in addition to those mentioned above) and will not be subject to dissemination operations.
- EXTRA EU/SEAS TRANSFER The Data Controller does not transfer the personal data of the Data Subject abroad (foreign countries being all countries not belonging to the European Economic Area). The management and storage of personal data shall take place on the servers of the Data Controller and/or of third party companies duly appointed as External Data Controllers, located within the European Union.
- RETENTION PERIOD/DATA RETENTION The personal data concerning you will be processed by the Data Controller for the entire duration of the relationship with the Data Controller and for the time necessary to achieve the purposes for which they were collected as set out in point 2 of this policy. Once the above-mentioned terms have been reached, the Data Controller will delete the data concerning you. Longer retention periods may be applied in the presence of specific legal obligations or in the event that the Data Controller receives requests from public authorities or for further needs to protect the rights of the Data Controller or the Data Subject.
- RIGHTS OF THE DATA SUBJECT Pursuant to EU Reg. 2016/679 the Data Subject has the right to: – obtain confirmation of the processing carried out by the Data Controller on the personal data concerning him/her; – access his/her personal data and know their origin (when the data are not obtained directly from the Data Subject), the purposes of the processing, the data of the persons to whom they are communicated (recipients), the period of data retention or, failing that, the criteria for determining it; – obtain the rectification of their personal data – obtain the deletion of their personal data from the Data Controller’s databases if they are no longer necessary for the purposes for which they were collected or if the processing is unlawful and in the other cases referred to in Article 17 GDPR; – limit the processing of their personal data, for example, where their accuracy is contested, for the period necessary for the Data Controller to verify their accuracy and in all other cases referred to in Article 18 GDPR; – obtain their personal data in electronic format, also in order to be able to communicate them to another Data Controller (portability). The Data Subject may assert his/her rights by contacting the Data Controller in writing at email@example.com. The Data Controller shall do so without delay and, in any case, no later than one month after receipt of the request. The term may be extended by two months, in which case the Data Controller will inform the Data Subject within thirty days of the reasons for the extension.
- COMPLAINT The Data Subject has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data. In the event that the Data Subject resides in a different member state or the breach of personal data protection laws occurs in another EU country than the country where the Data Controller is based, the Data Subject shall lodge a complaint with the Authority in charge of monitoring the compliance with the personal data protection laws of that country. The lodging of a complaint does not prejudice the Data Subject’s right to take any other legal action.