Legal & Privacy
Privacy Policy
This Application collects some Personal Data of its Users.
DATA CONTROLLER
PICCOLI SMALTI
Piccoli Smalti
Via Vivaio, 23
Milan (MI), 20122
VAT number 12391950966
Email address of the Controller: info@piccolismalti.com
TYPES OF DATA COLLECTED
Among the Personal Data collected by this Application, either independently or through third parties, are: first name, last name, phone number, CV, email, various types of Data, Cookies, and Usage Data.
Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific informative texts displayed before the collection of the data themselves.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application.
Unless otherwise specified, all data requested by this Application are mandatory. If the User refuses to provide them, it may be impossible for this Application to provide the Service. In cases where this Application indicates certain Data as optional, Users are free to refrain from communicating such Data, without any consequence on the availability of the Service or its operation.
Users who have doubts about which Data are mandatory are encouraged to contact the Controller.
The possible use of Cookies—or other tracking tools—by this Application or the owners of third-party services used by this Application, unless otherwise specified, is aimed at providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.
The User is responsible for the Personal Data of third parties obtained, published, or shared through this Application and guarantees that they have the right to communicate or disseminate them, releasing the Controller from any liability towards third parties.
METHODS AND LOCATION OF DATA PROCESSING COLLECTED
PROCESSING METHODS
The Controller adopts appropriate security measures aimed at preventing unauthorized access, disclosure, modification, or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated. In addition to the Controller, in some cases, other parties involved in the organization of this Application (administrative, commercial, marketing staff, legal representatives, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may also have access to the Data, appointed as Data Processors by the Controller, if necessary. An updated list of Data Processors can always be requested from the Data Controller.
LEGAL BASIS FOR PROCESSING
The Controller processes Personal Data related to the User if one of the following conditions is met:
The User has given consent for one or more specific purposes;
Note: In some jurisdictions, the Controller may be authorized to process Personal Data without the User’s consent or another legal basis specified below, until the User objects (“opt-out”) to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on data protection;
The processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual measures;
The processing is necessary to fulfill a legal obligation to which the Controller is subject;
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
The processing is necessary for the pursuit of the legitimate interests of the Controller or third parties.
Users can always request the Controller to clarify the specific legal basis for each processing, particularly to specify whether the processing is based on law, provided for by a contract, or necessary for the conclusion of a contract.
LOCATION
Data is processed at the operational offices of the Controller and at any other location where the parties involved in the processing are situated. For further information, please contact the Controller.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information about the location of processing, the User may refer to the section concerning details on the processing of Personal Data.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization governed by public international law or established by two or more countries, such as the UN, as well as regarding the security measures adopted by the Controller to protect the Data.
If any of the aforementioned transfers take place, the User may refer to the respective sections of this document or request information from the Controller by contacting them using the details provided at the beginning.
DATA RETENTION PERIOD
Data is processed and retained for the time required to fulfill the purposes for which it was collected.
Therefore:
Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the execution of that contract is completed.
Personal Data collected for purposes related to the legitimate interests of the Controller will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When processing is based on the User’s consent, the Controller may retain Personal Data for a longer period until that consent is revoked. Additionally, the Controller may be required to retain Personal Data for a longer period to comply with a legal obligation or at the request of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon the expiration of this term, the right of access, deletion, rectification, and the right to data portability can no longer be exercised.
PURPOSES OF DATA PROCESSING
User Data is collected to allow the Controller to provide its Services, as well as for the following purposes: Contacting the User, Statistics, Displaying content from external platforms, and Interaction with social networks and external platforms.
For detailed information on the purposes of processing and the Personal Data specifically relevant to each purpose, the User may refer to the respective sections of this document.
DETAILS ON THE PROCESSING OF PERSONAL DATA
Personal Data is collected for the following purposes and using the following services:
CONTACTING THE USER
CONTACT FORM (THIS APPLICATION)
By filling out the contact form with their Data, the User consents to their use to respond to requests for information, quotes, or any other nature indicated in the header of the form.
Personal Data collected: surname, email, first name, phone number, CV, and various types of Data.
MAILCHIMP
Any information you provide will be handled with the utmost care. We will use the information provided lawfully and will contact you by email in the future only if directly relevant to a request or if you have subscribed to our newsletter.
We use the Mailchimp platform to collect email addresses and send newsletters to subscribers. Mailchimp is an email address management and messaging service provided by Mailchimp Inc. We collect only the data provided directly by users on our website; this service may also collect data regarding the date and time a newsletter message was viewed by the user, as well as when the user interacted with it, such as clicking on the links included in the newsletter.
You can modify your data or unsubscribe at any time by clicking the link in the footer of our newsletters. For information on how your data is used and stored by Mailchimp, please visit this link.
INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
This type of service enables interactions with social networks or other external platforms directly from the pages of this Application.
Interactions and information acquired through this Application are subject to the User’s privacy settings related to each social network.
If a service for interacting with social networks is installed, it may collect traffic data related to the pages where it is installed, even if Users do not utilize the service.
Personal Data collected: Cookies and Usage Data.
STATISTICS
The services contained in this section allow the Data Controller to monitor and analyze traffic data and keep track of User behavior.
GOOGLE ANALYTICS WITH ANONYMIZED IP (GOOGLE INC.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application, compile reports, and share them with other services developed by Google.
Google may use Personal Data to contextualize and personalize the ads of its advertising network.
This integration of Google Analytics anonymizes your IP address. Anonymization works by shortening the User’s IP address within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google servers and shortened within the United States.
Personal Data collected: Cookies and Usage Data.
Location of processing: United States – Privacy Policy – Opt Out. Participant in the Privacy Shield.
VIEWING CONTENT FROM EXTERNAL PLATFORMS
This type of service allows viewing content hosted on external platforms directly from the pages of this Application and interacting with it.
If a service of this type is installed, it may collect traffic data related to the pages where it is installed, even if Users do not utilize the service.
GOOGLE FONTS (GOOGLE INC.)
Google Fonts is a font style visualization service managed by Google Inc. that allows this Application to integrate such content within its pages.
Personal Data collected: Usage Data and various types of Data as specified by the service’s privacy policy.
Location of processing: United States – Privacy Policy. Participant in the Privacy Shield.
GOOGLE MAPS WIDGET (GOOGLE INC.)
Google Maps is a map visualization service managed by Google Inc. that allows this Application to integrate such content within its pages.
Personal Data collected: Cookies and Usage Data.
Location of processing: United States – Privacy Policy. Participant in the Privacy Shield.
USER RIGHTS
Users can exercise certain rights regarding the Data processed by the Data Controller.
In particular, the User has the right to:
Withdraw consent at any time. The User can withdraw consent for the processing of their Personal Data previously expressed.
Object to the processing of their Data. The User can object to the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are provided in the section below.
Access their Data. The User has the right to obtain information about the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the Data processed.
Verify and request rectification. The User can verify the accuracy of their Data and request its update or correction.
Obtain the limitation of processing. When certain conditions apply, the User can request the limitation of processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than their storage.
Obtain deletion or removal of their Personal Data. When certain conditions apply, the User can request deletion of their Data by the Data Controller.
Receive their Data or have them transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to obtain the transfer without hindrance to another controller. This provision applies when the Data is processed by automated tools and the processing is based on the User’s consent, a contract to which the User is a party, or related contractual measures.
Lodge a complaint. The User can lodge a complaint with the competent data protection authority or take legal action.