Privacy notice on the processing activity of personal data

Art. 13 Regulation (EU) 2016/679 of the European Parliament and of the European Council

KOSMOPEA SRLS P.I. 03941821203 Via E. Fermi, 13 – 25020 Poncarale (BS) Italy (hereinafter the “Company” or the “Data Controller”), Data Controller of the processing activity of personal data, provides below the privacy policy pursuant to art. 13 of Regulation (EU) 2016/679 (hereafter “GDPR”), to the data subjects (hereinafter “Data Subjects”).

The Company, as the Data Controller, undertakes to protect the confidentiality and the rights of the Data Subject and, according to the principles established by the aforementioned regulations, the processing activity of the data provided will be based on principles of correctness, lawfulness and transparency.

1. PURPOSES OF THE PROCESSING ACTIVITY

The privacy notice is provided only for the Company’s website and not for other websites that may be consulted by the Data Subject through links. The Data Subject may voluntarily provide his personal data that will be processed and used by the Company for the purposes related to the requested service indicated by specific privacy notice reported or displayed on the pages of the website for particular services or requests.

The personal data of the Data Subjects will be processed by the Company for the purposes relating and/or connected to the provision by the Company of services for the navigation of the website, and specifically to provide the services requested by the Data Subjects when navigating the website, including the collection, storage and elaboration of data for the purposes of delivering the services and their subsequent operational and technical management.

This data – which is required to deliver the service – will also be processed electronically, stored in specific databases, and used strictly and exclusively in relation to navigating the website.

Given that providing the personal data for these purposes is necessary to maintain and deliver all the services connected to navigating the website, failure to provide such data will make it impossible to provide the specific services in question.

The Data Controller may also process the personal data without the consent of the Data Subjects in the following circumstances:

1. a) for the aggregate and anonymous analysis of the use of the services accessed, to identify user habits and propensities, to improve the services provided and to meet specific Data Subjects requirements, or to prepare initiatives for improving the services provided.
2. b) comply with the provisions of laws and regulations, national and foreign, or execute an order of the judicial authority or other authorities to whom the Data Controller is subject;
3. c) exercise the rights of the Data Controller with particular reference to the right to defense in court.

The processing activity is lawful as it is carried out for the compliance with the provisions of laws and regulations and the exercise of the rights of the Data Controller.

2. METHODOLOGY OF THE PROCESSING ACTIVITY

Data processing is carried out electronically and / or on paper, by recording, processing, archiving and transmission of data, even with the support of IT tools.

Tools and media used in carrying out the processing activities are appropriate to ensure the security and confidentiality of data.

In carrying out the processing activities, the Company undertakes to:

    ensure the accuracy and updating of the data processed, and promptly acknowledge any adjustments and / or additions requested by the Data Subject;

    adopt security measures to ensure adequate data protection, because of the potential impact that the processing involves the rights and freedoms of the data subject;

    notify the data subject, in the times and in the cases provided for by the binding legislation, of any violation of personal data;

    guarantee the compliance of processing operations with the applicable provisions of the law.

3. COMMUNICATION AND DISCLOSURE OF INFORMATION

Without prejudice to the communications made in fulfillment of legal obligations, the personal data of the data subject may be known, in addition to the Data Controller, by:

    Employees and collaborators of the Data Controller as authorized data processing personnel;

    national and foreign companies belonging to the same group to which the Data Controller belongs;

    authorities in general, administrations, public bodies and organizations, both national and foreign;

    service providers

exclusively for the purposes listed above according to any consent provided by the data subject. Personal data are not subject to disclosure.

4. TRANSFERS ABROAD

Personal data will be stored and processed within the European Union.

In the event of any processing of personal data outside the European Union, the same will only occur after the adoption of adequate guarantees, as required by the binding legislation.

5. DATA RETENTION POLICY

The Company keeps personal data in its systems in a form that allows identification of data subjects according to the following criteria:

    for a period of time not exceeding the achievement of the purposes for which they are processed, unless otherwise required by regulatory or contractual obligations;

    to comply with specific regulatory or contractual obligations;

    if applicable and legitimate, up to any request for cancellation by the data subject.

6. RIGHTS OF THE DATA SUBJECT

The data subject can assert his rights, recognized by the binding legislation and in particular by the articles from 15 to 22 of the GDPR, such as:

    Right of access: the right to obtain from the Data Controller confirmation that personal data is being processed and, in this case, to obtain access to personal data and to further information on the origin, purpose, categories of data processed, recipients of communication and / or data transfer, etc.

    Right of rectification: right to obtain from the Data Controller the correction of incorrect personal data without undue delay, as well as the integration of incomplete personal data, also by providing an additional declaration.

    Right to erasure: right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that:

     personal data are no longer necessary with respect to the purposes of the processing;

    the consent on which the processing activity is based has been revoked and there is no other legal basis for the processing activity;

    personal data have been processed unlawfully;

    personal data must be deleted to fulfill a legal obligation.

    Right to oppose the processing activity: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Data Controller.

    Right to restriction of processing: the right to obtain from the Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the data subject has objected to the processing, if the personal data are necessary to the data subject for the assessment, exercise or defense of a right in court, if as a result of opposition to the processing activity the data subject is awaiting verification of the prevalence or otherwise of the legitimate interest of the Data Controller.

    Data portability right: the right to receive personal data in a structured, commonly and automatically readable format, and to transmit such data to another data controller, only for cases where the processing is based on consent or on a contract and only for data processed by electronic means.

    Right not to be subject to a decision based on automated processing: the right to obtain from the Data Processor not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that affect the data subject or that significantly affect his person, except that such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the data subject.

    Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial appeal, the data subject who considers that the processing activity concerning him / her is in violation of the GDPR has the right to lodge a complaint with a supervisory authority.

In order to exercise the rights provided by the GDPR, the data subject may:

(i) forward your requests to the Data Controller, at the website https://dayaneandyou.com/en/contact/

(ii) or as an alternative you should contact the Data Controller at the following address:

KOSMOPEA SRLS P.I. 03941821203

Via E. Fermi, 13 – 25020 Poncarale (BS) Italy

indicating in the subject “Privacy”.

COOKIES POLICY

Privacy notice. This website uses cookies, including third parties, to send you advertising and services according to your preferences. If you want to find out more or revoke the consent of all or some cookies, click on “show details”.

By closing this banner, or scrolling through this page or by clicking any of its elements, you consent to use our cookies.

Cookies are pieces of data sent by the website to the user’s web browser while the user is browsing the website. Cookies are used for different purposes and they have different characteristics such as to support critical functionality as well as track usage information that lets us improve behavior.

The data controller for cookies installed by the same is KOSMOPEA SRLS P.I. 03941821203 Via E. Fermi, 13 – 25020 Poncarale (BS) Italy. For the identification of the data controllers regarding cookies installed by third parties, please consult the links below to the information on third-party sites or connect to the website: http://www.youronlinechoices.com. The personal data provided by you through the authorization of the use of cookies may be processed with the support of computerized means for the performance of the activities envisaged by this information.

The authorization to use cookies is optional. However, failure to provide it will make it impossible to carry out the activities indicated below.

The data provided by authorizing the use of cookies will not be disclose or communicate to third parties by the data controller. However, they may be made aware of the persons in charge of processing personal data (employees and / or collaborators of the owner) whose owner uses the services to provide the updated list of which is available at the data controller’s office of treatment.

Finally, we remind you that in relation to the aforementioned treatment, you may exercise the rights referred to in Articles from 15 to 22 of the GDPR, such as:

    Right of access: the right to obtain from the Data Controller confirmation that personal data is being processed and, in this case, to obtain access to personal data and to further information on the origin, purpose, categories of data processed, recipients of communication and / or data transfer, etc.

    Right of rectification: right to obtain from the Data Controller the correction of incorrect personal data without undue delay, as well as the integration of incomplete personal data, also by providing an additional declaration.

    Right to erasure: right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that:

    personal data are no longer necessary with respect to the purposes of the processing;

    the consent on which the treatment is based has been revoked and there is no other legal basis for the treatment;

    personal data have been processed unlawfully;

    personal data must be deleted to fulfill a legal obligation.

    Right to oppose treatment: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Owner.

    Right to restriction of processing: the right to obtain from the Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the interested party has objected to the processing, if the personal data are necessary to the interested party for the assessment, exercise or defense of a right in court, if as a result of opposition to the treatment the interested party is awaiting verification of the prevalence or otherwise of the legitimate interest of the Owner.

    Right to data portability: the right to receive personal data in a structured, commonly and automatically readable form, and to transmit such data to another data controller, only for cases where the processing is based on consent or on a contract and only for data processed by electronic means.

    Right not to be subject to a decision based on automated processing: the right to obtain from the Data Processor not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that affect the interested party or that significantly affect his person, except that such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the interested party.

    Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial appeal, the interested party who considers that the treatment concerning him / her is in violation of the GDPR has the right to lodge a complaint with a supervisory authority.

You can exercise these rights by writing to KOSMOPEA SRLS P.I. 03941821203 Via E. Fermi, 13 – 25020 Poncarale (BS) Italy, or by connecting to the site www.dayaneandyou.com, to the “Contacts” area.

Your consent is applicable to this website.