Information pursuant to Art. 13 of EU Regulation 2016/679 | GDPR
Hereby Do Different S.r.l. with registered office in Milan (MI), Via Roberto Bracco n. 6, C.F. 04312120233, legal representative of the data controller is Mr. Mauro Grandotto, dedicated email: email@example.com, intends to inform you, pursuant to art. 13 of the EU Regulation 2016/679 (hereinafter referred to as “Regulation” or “Applicable Legislation” or “GDPR” for brevity) that it assumes the status of data controller of the personal data that you will provide and that it will proceed to process them for the purposes and in the manner set out below.
It should be noted at the outset that this information is provided only for the site www.differentfactory.it (“Site“), while it does not apply to other websites that may be consulted via external links and is to be understood as information provided pursuant to Article 13 of the Regulation to those who interact with the Site linked to it.
Pursuant to Art. 12 of the Applicable Regulations, we wish to inform you that the personal data that you communicate to us will be recorded, processed and stored in our archives, on paper and electronically, in compliance with the appropriate technical and organisational measures set out in Art. 32 of the GDPR. Personal data will be processed using instruments and procedures that guarantee security and confidentiality.
1 – Type of data
Do Different S.r.l. may collect, even partially, the following data
- Company name, Name and Surname, Address, Telephone, Fax, E-mail;
- navigation data.
It is hereby specified that should you confer the personal data of third parties (and therefore not directly related to you) to Do Different S.r.l., you will act as autonomous data controller, assuming all the obligations and responsibilities provided for by law. In this sense, you grant Do Different S.r.l. the widest possible indemnity in respect of any dispute, claim, request for compensation for damage caused by processing, etc., that may be received by Do Different S.r.l. from third parties whose personal data have been processed through your spontaneous submission in violation of the applicable data protection regulations. In any case, should you provide or otherwise process personal data of third parties, you guarantee as of now – assuming all related responsibility – that this particular processing hypothesis is based on an appropriate legal basis pursuant to art. 6 of the Regulation that legitimises the processing of the information in question.
2 – Purpose and legal basis of the processing. Processing that does NOT require the CONSENT of the data subject
Your data will be processed for the following purposes:
- to respond to your requests for contact and possibly define meetings for the establishment of a professional relationship;
- to answer your questions.
The processing referred to in letters a) and b) above is necessary in order to respond to your requests with the consequence that Do Different S.r.l. is not obliged to acquire your specific consent to the processing of your data as the legal basis for the processing of your personal data for the purposes indicated above is art. 6(1)(b) of the Regulation (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”) and Art. 6(1)(c) of the Regulation (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject”).
3 – Possible recipients of personal data
Personal data may be communicated, within the limits of what is necessary, to authorised personnel, adequately instructed and trained by the Data Controller, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality.
Do Different S.r.l. will not divulge your data indiscriminately, or in other words, will not give knowledge of it to unspecified subjects even by making it available or consulting it.
4 – Data transfer to third countries
Personal data provided through the website will not be transferred to non-EU countries and Do Different S.r.l. will not carry out any profiling activities on the data collected.
5 – Data retention period
Personal data will be kept for the period of time strictly necessary for the pursuit of the specific purposes of processing and in any case for a period not exceeding 6 months. Afterwards they will be deleted or destroyed.
6 – Obligation/obligation to provide personal data
Do Different S.r.l. specifies that the communication of data for the purposes referred to in point 2 letter a) and b) above is necessary in order to respond to your requests and that in the event of failure to provide such data Do Different S.r.l. will not be able to proceed with the execution of your request.
7 – Method of processing
The processing of your personal data may consist of any operation or set of operations among those indicated in Article 4, paragraph 1, point 2 of the GDPR.
Personal data shall be processed using instruments and procedures suitable to guarantee their security and confidentiality and may be carried out, directly and/or through delegated third parties, either manually by means of paper supports, or with the aid of computerised or electronic means. For the purposes of the proper management of the relationship and the fulfilment of legal obligations, the data may be included in the Controller’s own internal documentation and, if necessary, in the records and registers required by law.
8 – Rights of the data subject
Pursuant to Articles 15 et seq. of the Regulation, the interested party has the right to ask Do Different S.r.l., at any time, for access to his personal data, to rectify or cancel them or to oppose their processing in the cases provided for by Article 21 of the Regulation, he has the right to request the restriction of processing in the cases provided for by Article 18 of the Regulation, and to obtain in a structured, commonly used and machine-readable format the data concerning him in the cases provided for by Article 20 of the Regulation.
The aforementioned rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated at the beginning of this notice.
Requests relating to the exercise of your rights will be processed without undue delay and, in any event, within one month of the request; only in cases of particular complexity and number of requests may this period be extended by a further 2 (two) months.
In any case, you always have the right to lodge a complaint with the competent supervisory authority (personal data protection guarantor) pursuant to Article 77 of the Regulation if you consider that the processing of your personal data is contrary to the legislation in force.