Information pursuant to art. 13 of the GDPR
The individual company The Wood Alchemist, VAT number 15541161004, Via Marco Aurelio 19, 00184 Rome RM, pursuant to art. 13 of the European regulation (EU) 2016/679 of 27 April 2016 (hereinafter GDPR) and in relation to the personal data that the company will become available for the fulfillment of the obligations that will be requested, informs customers of the following information.
Holder of the treatment
The data controller is Mr. Simone Castelli, as the owner of the same name of the aforementioned sole proprietorship, hereinafter referred to as the owner, who can be contacted by telephone at (+39) 333 603 9231, through the website www.thewoodalchemist.com, by email at info @ thewoodalchemist.com.
The complete list of data processors is available at the company headquarters and can be requested by certified email at the address indicated above.
What are cookies and what are they used for
A cookie is a text file that a website visited by the user sends to his terminal where it is stored before being re-transmitted to that site on a subsequent visit.
Cookies are distinguished:
Based on the person who installs them on the user’s terminal depending on whether it is the same site manager that the user is visiting (so-called “first-party cookies”) or a different site, which installs cookies through of the first site (so-called “third-party cookies”);
According to the purpose of each cookie: some cookies allow the website that installed them to remember, for example, the preferences expressed by the user during navigation or to make a purchase or to authenticate (so-called “technical cookies”), others cookies allow the site that installed them to monitor the user’s navigation also for the purpose of sending advertising or offering services in line with the preferences expressed by the user while surfing the net (so-called “profiling cookies”). Only profiling cookies require the user’s prior consent to use them
First-party technical cookies and third-party profiling cookies are installed on the site, as described below.
Purpose of data processing
The data processing is aimed at the correct fulfillment of the contractual services conferred, as well as in order to fulfill the obligations envisaged in the tax and accounting fields and those of a different nature imposed on the company, as required by current legislation.
Personal data may be processed by means of both paper and computer archives, including portable devices, and with methods strictly necessary to meet the purposes indicated above.
Legal basis of the processing
Pursuant to art. 6 of the GDPR, the processing takes place only in the following hypotheses:
– the interested party has consented to the processing of their personal data for the precise purpose indicated by the same in the contract;
– The processing is necessary for the execution of a contract of which the interested party is a party or for the execution of measures taken at the request of the interested party before entering into a contract;
– The processing is necessary to fulfill a legal obligation to which the data controller is subject;
– the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties.
Consequences of failure to communicate personal data
With regard to personal data relating to the execution of the contract or relating to the fulfillment of a regulatory obligation (for example, the obligations related to the keeping of accounting and tax records), failure to communicate personal data prevents the contractual relationship from being perfected.
Data retention
The personal data, processed for the purposes indicated above, will be kept for the duration of the relationship and, subsequently, for the time in which the company is subject to conservation obligations for tax purposes or for other purposes provided for by regulations. of law or regulation.
Data communication
Personal data may be disclosed to:
1. professionals who provide functional services for the purposes indicated above;
2. banking and insurance institutions that provide functional services for the purposes indicated above;
3. subjects who process data in execution of specific legal obligations;
4. Judicial or administrative authorities, for the fulfillment of legal obligations.
Rights of the interested party
The rights recognized to data subjects by the GDPR include those to request the data controller:
– access to personal data and information relating to them;
– the correction of inaccurate data or the integration of incomplete ones;
– the cancellation of personal data (upon the occurrence of one of the conditions indicated in art. 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article);
– the limitation of the processing of personal data (in the event of one of the hypotheses indicated in art. 18, paragraph 1 of the GDPR);
– in the hypothesis in which the legal basis of the processing is the contract or consent, and the same is carried out by automated means, the delivery of personal data in a structured and readable format by automatic device, also in order to communicate such data to a other data controller.
The interested party may also:
– oppose the processing of personal data at any time in the event of particular situations;
– withdraw consent at any time, limited to cases in which the processing is based on consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data provided from art. 9 of the GDPR.
The treatment based on consent and carried out prior to the revocation of the same retains, however, its lawfulness;
– lodge a complaint with the Guarantor Authority for the protection of personal data.
