Luxfabrica - Privacy Policy

PURSUANT TO ART. 13 EU REGULATION 2016/679 (GDPR) and subsequent amendments
Mod. Information for Website Users dated 22/10/2024

Dear Interested Party,
with this document the Data Controller provides information regarding the processing of personal data carried out through the LUXFABRICA website www.luxfabrica.eu and through social pages.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER.
The Data Controller is LUXFABRICA di Zappella Paolo (hereinafter also “Controller” and/or “Company”) with registered office in Via Bergamo 33 – Cividate al Piano (BG) Fiscal Code ZPPPLA93A21A794S VAT number 04649840164 contactable, in addition to the aforementioned registered office, at the following addresses:
mail: info@luxfabrica.eu, info.luxfabrica@gmail.com,
Pec: lux.paolozappella@pec.it

2. TYPE OF DATA SUBJECT TO PROCESSING
Following navigation of the Site, we inform you that LUXFABRICA di Zappella Paolo will process your personal data which may consist of an identifier such as the name, an identification number, an online identifier or one or more characteristic elements of your physical, economic, cultural or social identity suitable to make the interested party identified or identifiable. Reference is made to navigation data, cookies, and data voluntarily provided by the user as specified below.

a. Navigation data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the Site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties: except for this eventuality, at present the data on web contacts do not persist for more than seven days. The legal basis for such processing is the legitimate interest of the Data Controller in the technical management relating to the functionality and security of the site.

b. Cookies
Cookies are strings of text that the websites visited by users (so-called Publisher, or “first parties”) or different sites or web servers (so-called “third parties”) place and store within the user’s terminal device, so that they can then be retransmitted to the same sites on the next visit. For more information on cookies, the User is invited to visit the specific pages within the website of the Guarantor Authority https://www.garanteprivacy.it/temi/cookie.
At the moment this site does not use any type of Cookie, neither proprietary nor third-party service providers and, for this reason, this site does not need to have the so-called cookie banner.

c. Data provided voluntarily by the interested party and, specifically:
1) Sending e-mails to the addresses indicated on the site: the optional, explicit and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender's address, necessary to respond to requests as well as any other personal data included in the message. Such data will be processed exclusively to provide a response to the user's request. The legal basis of the processing is represented by the execution of a contract or pre-contractual measures.

2) Interaction with Social Users within the Data Controller's social pages. The personal data of Social Users who interact with the pages of the Data Controller may be processed for the management of user requests sent by the user himself through social networks. The platforms definable as "social" used by the Data Controller by creating accounts to which dedicated pages are associated are, to date, present on Facebook, Instagram, Linkedin. These channels operate through the application of their own privacy policies to which the user accesses and reads them with acceptance. In this sense, the management of potentially acquirable and processable data takes place directly from the platforms and the user, in which case the Data Controller uses it in the manner and for the purposes explained in this section. The contents reported are to be understood as an implementation of the privacy policies applied by the social network platforms towards which the Company holds its own account used only and exclusively for the presentation of its activities and for the purposes explained.
In this sense, the Data Controller, as a legal entity with its own privacy management body in accordance with and pursuant to EU Reg. 2016/679 and Legislative Decree 101/2018, is relieved of any actions carried out by the managers of social network platforms that do not comply with the reference legislation and that may potentially harm the freedom of natural persons. The references are therefore provided, which can be consulted at any time and are continuously updated, regarding the privacy policies applied by the social network platforms mentioned:
Facebook: https://it-it.facebook.com/privacy/explanation
Instagram: https://about.instagram.com/it-it/safety/privacy
Linkedin: https://privacy.linkedin.com/it-it

3. DEFINITION OF TREATMENT
Pursuant to art. 4 (2) of the GDPR for “Processing” means “any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction”.

4. PURPOSE OF DATA PROCESSING, LEGITIMATE BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING
The data processing that we intend to carry out may have the following purposes:
a. to allow the provision of the Services requested by the User such as the generic or specific request for information through the website or through the Company's Social pages. The legal basis for the processing of Personal Data for the purposes indicated above is art. 6.1.b) (i.e. the execution of a contract to which the data subject is party or execution of pre-contractual measures adopted at the request of the data subject) of the Regulation as the processing is necessary for the provision of the Services or to respond to requests from the data subject. The provision of personal data for these purposes is optional but failure to provide them would make it impossible to activate the Services provided by the Site.

b. fulfill any legal obligations. This purpose represents a processing of personal data carried out pursuant to art. 6.1.c) of the Regulation, to fulfill a legal obligation. Once the personal data has been provided, the processing is indeed necessary to fulfill a legal obligation to which the Data Controller is subject.

c. assert or defend rights in court, in the event of abuse in the use of the Site and/or the Services offered. The processing would be carried out pursuant to art. 6.1.f) of the Regulation (legitimate interest of the owner)

5. DATA PROCESSING METHODS.
The data processing may be carried out using electronic, telematic or otherwise automated tools, in compliance with the technical and organizational security measures referred to in art. 32 of the EU Regulation, by persons authorized to process and duly instructed and trained, in compliance with the provisions of art. 29 of the aforementioned Regulation

6. STORAGE PERIOD.
The personal data processed for the purposes referred to in section 4 (a-c) will be retained for the time strictly necessary to achieve those same purposes in compliance with the principles of minimization and limitation of storage pursuant to art. 5.1.e) of the Regulation.

7. RECIPIENTS OF PERSONAL DATA.
The personal data may be shared, for the purposes referred to in section 4 above, with:
a. persons who typically act as data controllers pursuant to art. 28 of the Regulation, namely

1) persons, companies or professional firms that provide assistance and consultancy to the Data Controller in relation to the provision of the Services;

2) subjects with whom it is necessary to interact for the provision of the Services (for example, hosting providers)

3) or subjects delegated to carry out technical maintenance activities (for example, maintenance of network equipment and electronic communication networks); (collectively “Recipients”);

the list of data controllers who process data can be requested from the Data Controller.

b. subjects, bodies or authorities, independent data controllers, to whom it is mandatory to communicate your personal data by virtue of provisions of law or orders of the authorities;

8. DISSEMINATION OF DATA.
Unless you specifically request in writing, or a specific order of the AG/regulatory obligation, the personal data you provide will not be subject to dissemination.

9. TRANSFER OF DATA ABROAD.
The data collected will not be transferred to third countries or international organizations.
Some personal data of the interested parties are shared with recipients who may be located outside the European Economic Area. In the event that this occurs and it becomes necessary to transfer the data provided to servers located in non-EU countries, the Data Controller ensures that the transfer and processing take place in compliance with the applicable legislation, i.e. the transfers are carried out through adequate guarantees, such as adequacy decisions, standard contractual clauses approved by the European Commission or other legal instruments.

10. RIGHTS OF THE INTERESTED PARTY.
The legislation grants the interested party the exercise of specific rights listed in articles. from 15 to 22 of the GDPR, including that of obtaining from the Data Controller confirmation, or otherwise, of the existence of their personal data (or access), their provision in an intelligible form, as well as the rectification, or cancellation of the same, or to limit in whole or in part the processing or to oppose for legitimate reasons to the same and/or to withdraw consent to the processing at any time (without prejudice to the consequences indicated), or to request the portability of their data with regard to the data subject to specific consent, or even the updating.
The interested party has the right to have knowledge of the origin of the data, the purpose and methods of processing, the logic applied to the processing, the identification details of the owner and the subjects to whom the data may be communicated.
The interested party also has the right to request the transformation into anonymous form, the limitation or blocking of data processed in violation of the law; may also lodge a complaint regarding the unauthorized processing of data provided to the Guarantor for the Protection of Personal Data in the manner published on the website of said authority (http://www.garanteprivacy.it/).
Requests relating to the exercise of the aforementioned rights may be addressed to the Data Controller, at the contact details indicated above, without formalities or, alternatively, using the form provided by the Guarantor for the Protection of Personal Data available on the website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

11. COMPLAINT TO THE GUARANTOR FOR THE PROTECTION OF PERSONAL DATA
The interested party may lodge a complaint in the manner and within the terms indicated on the website www.garanteprivacy.it

12. CHANGES TO THIS INFORMATION
This information (or privacy policy) is effective from 23/11/2024
LUXFABRICA di Zappella Paolo reserves the right to modify or simply update its content, in part or completely, also in function of the activation of new services or following updates to the applicable legislation. The Data Controller will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Site. The Company therefore invites you to visit this section regularly to take note of the most recent and updated version of the privacy policy in order to always be updated on the data collected and the use made of it.
This information refers exclusively to the website www.luxfabrica.eu and not to other sites that may be reached through the site, for which the User is referred to read the specific information contained therein.