The purpose of this document is to inform the natural person (hereinafter " Interested ") regarding the processing of his personal data (hereinafter " Personal Data ") collected by the data controller, Orchidea Srl, with registered office in Corsico (MI) Via Leonardo da Vinci 32, e-mail address email@example.com (hereinafter “ Owner ”), via the website www.orchideamilano.it (hereinafter “ Application ”).
1) Categories of Personal Data processed
The Data Controller processes the following types of Personal Data provided voluntarily by the Interested Party:
- Contact data : name, surname, address, e-mail, telephone, images, authentication credentials, any further information sent by the interested party, etc.
- Tax and payment data : tax code, VAT number, credit card details, bank account details, etc.
The Data Controller processes the following types of Personal Data collected automatically:
- Technical data : Personal data produced by the devices, applications, tools and protocols used, such as, for example, information on the device used, IP addresses, browser type, type of Internet provider (ISP). Such Personal Data may leave traces which, in particular when combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons
- Navigation and use data of the Application : such as, for example, pages visited, number of clicks, actions performed, duration of sessions, etc.
Failure by the interested party to provide the Personal Data for which there is a legal or contractual obligation or if they constitute a necessary requirement for the conclusion of the contract with the Data Controller, will make it impossible for the Data Controller to establish or continue the relationship with the Data Controller. Interested.
The interested party who communicates the Personal Data of third parties to the Owner is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
2) Cookies and similar technologies
3) Legal basis and purpose of the processing
The processing of Personal Data is necessary:
- for the execution of the contract with the interested party and more precisely for:
- fulfillment of any obligation deriving from the pre-contractual or contractual relationship with the interested party
- registration and authentication of the interested party: to allow the interested party to register on the Application, access and be identified also via external platforms
- support and contact with the interested party : to respond to the interested party's requests
- payment management : to manage payments via credit card, bank transfer or other tools
- by legal obligation and more precisely for:
- the fulfillment of any obligation provided for by current regulations , laws and regulations, in particular, in tax and fiscal matters
- on the basis of the legitimate interest of the Data Controller, for:
- marketing purposes via email of the owner's products and/or services to directly sell the owner's products or services using the email provided by the interested party in the context of the sale of a product or service similar to the one being sold
- management, optimization and monitoring of the technical infrastructure : to identify and resolve any technical problems, to improve the performance of the Application, to manage and organize information in an IT system (e.g. server, database, etc.)
- security and anti-fraud : to guarantee the security of the Owner's assets, infrastructures and networks
- on the basis of the consent of the interested party, for:
- profiling of the interested party for marketing purposes : to provide the interested party with information on the Data Controller's products and/or services through automated processing aimed at collecting personal information with the aim of predicting or evaluating his preferences or behaviors
- marketing purposes of the Owner's products and/or services : to send information or commercial and/or promotional materials, to carry out direct sales activities of the Owner's products and/or services or to carry out market research using automated and traditional methods
The Personal Data of the interested party may also be used by the Data Controller to protect himself in court before the competent judicial offices.
4) Processing methods and recipients of Personal Data
The processing of Personal Data is carried out using paper and IT tools with organizational methods and logic strictly related to the purposes indicated and through the adoption of adequate security measures.
Personal Data is processed exclusively by:
- persons authorized by the Data Controller of Personal Data who are committed to confidentiality or have an adequate legal obligation of confidentiality;
- subjects who operate independently as separate data controllers or by subjects designated as data controllers by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes referred to in this information (for example, commercial partners, consultants, IT companies , service providers, hosting providers);
- subjects or bodies to whom it is mandatory to communicate Personal Data by legal obligation or by order of the authorities.
The subjects listed above are required to use appropriate safeguards to protect Personal Data and may only access those necessary to perform the tasks assigned to them.
Personal Data will not be disclosed indiscriminately in any way.
Personal Data will not be subject to any transfer outside the territory of the European Economic Area (EEA).
6) Personal Data retention period
Personal Data will be retained for the period of time necessary to fulfill the purposes for which they were collected, in particular:
- for purposes relating to the execution of the contract between the Owner and the Interested Party, they will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years. In the case of judicial litigation, for the entire duration of the same, until the deadlines for appeals have been exhausted
- for purposes relating to the legitimate interest of the Data Controller, will be retained until such interest is fulfilled
- for the fulfillment of a legal obligation, by order of an authority and for protection in court, they will be kept in compliance with the deadlines established by said obligations, regulations and in any case until the expiry of the limitation period established by the regulations in force
- for purposes based on the consent of the interested party, they will be kept until the consent is revoked
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the interested party.
7) Rights of the interested party
Interested parties can exercise certain rights with reference to the Personal Data processed by the Owner. In particular, the interested party has the right to:
- be informed about the processing of your Personal Data
- revoke your consent at any time
- limit the processing of your Personal Data
- object to the processing of your Personal Data
- access your Personal Data
- verify and request rectification of your Personal Data
- obtain the limitation of the processing of your Personal Data
- obtain the deletion of their Personal Data
- transfer your Personal Data to another owner
- lodge a complaint with the supervisory authority for the protection of your Personal Data and/or take legal action.
To exercise their rights, interested parties can send a request to the following email address firstname.lastname@example.org
Requests will be taken care of by the Data Controller immediately and processed as quickly as possible, in any case within 30 days.
Last update: 11/09/2023