The Data Controller: The data controller of personal data collected through the website http://pnp-firenze.com/ is Assisport srl (Tax Code and VAT Registration Number 03726590486) with registered office in Italy, Florence, Via del Proconsolo no. 1 / N, certified email address: firstname.lastname@example.org, email email@example.com, tel +39 055 2801179 registered at the Florence Chamber of Commerce under no. 384621 of the Register of Companies.
Purposes of data processing: The provision of data and consent to its processing is voluntary and is necessary to complete the on-line purchase and to allow the Data Controller to fulfil the obligations deriving from the contractual relationship, as well as the statutory and administrative obligations connected to it. Furthermore, this data is collected for statistical and historical purposes and to send communications, including promotional and commercial ones, to customers. Failure to register the requested data will result in the inability to proceed with the purchase or to receive the newsletter, depending on the purpose for which it is requested.
Type of data collected: The personal data collected for the purpose of subscribing to the newsletter is as follows: e-mail address.
The personal data collected for online purchases are as follows: forename, surname, tax code, residential address, shipping address, e-mail address and telephone number.
In the case of online purchases, the payment information is not displayed or stored by the seller:
– If the payment is made by credit card, the data entered (for example, card number, expiry date and CCV code (card security code)) is not processed by PN/P but only by the payment service provider. PN/P only receives a trace of such data in the payment authorisation notification issued by the latter;
– If the payment is made through PayPal, the data is not processed by PN/P which only receives a notification of payment;
– If the payment is made through a bank transfer, PN/P only receives a payment receipt.
Methods of data processing: The Data Controller processes the personal data provided by the User adopting all the security measures necessary to avoid changes, disclosures and uses of the data not specifically authorised by the User. All personal data collected will not exceed the purpose of the services for which it is collected. In addition to the Data Controller, personal data may also be processed by parties involved in the organisation of the website (e.g. administrative, secretarial, or commercial staff) or even external parties (such as UPS courier, hosting provider, consultants, accountants and lawyers who provide services that are functional to the purposes of the processing). Such persons will be entrusted exclusively to the Data Controller. The list of Data Processors can always be requested from the Data Controller.
Retention period: The personal data will be stored for a period of time no longer than required for the purposes for which it was provided. However, its removal will be done securely.
The billing data will be kept for ten years from the billing date.
The data relating to the subscription to the newsletter will be kept until the user asks for the cancellation.
In addition, while browsing, third-party cookies can be found and in particular Facebook, Youtube, Google Analytics and ShareThis (“Share” button for socialnetwork).
Rights of the data subject:In accordance with the provisions of the Regulation 679/2016, the user has the right to ask the Data Controller to access personal data and to correct or delete it or limit the processing that concerns them or to object to it being processed, in addition to the excising the right of data portability.
The aforementioned requests must be sent to the following certified e-mail address: firstname.lastname@example.org or by email to email@example.com.
The user also has the right to file a complaint with the supervisory authority (Autorità Garante per la protezione dei dati personali – the Italian Data Protection Authority – www.garanteprivacy.it).
In case of a personal data breach, the Data Controller will notify the competent authority as foreseen by art. 33 of Regulation 679/2016 and in those cases where such breach is likely to present a high risk for the rights and freedoms of the individual will it communicate the breach without delay to the data subject as foreseen by art. 34 of Regulation 679/2016.