Pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”), Twenty-Nine S.r.l. informs that the personal data communicated through the “newsletter” section available on the website will be processed according to the purposes and methods specified below.
The Data Controller is Twenty-Nine S.r.l., with registered office in Via Paderno 15/F – 25050 Rodengo Saiano (BS), e-mail: privacy@twenty-nine.eu, PEC: twenty-nine@pec.it.
The personal data subject to processing is the e-mail address of the Data Subject. Such data constitute common personal data pursuant to Article 4(1) of the GDPR.
The personal data collected are processed for the purpose of sending informational and promotional communications relating to products, services, initiatives, events and news of Twenty-Nine S.r.l.
The legal basis for the processing is the consent of the data subject, pursuant to Article 6(1)(a) of Regulation (EU) 2016/679, expressed through the specific selection (checkbox) at the time of subscription to the newsletter.
The provision of consent is optional, but necessary in order to receive promotional and informational communications. Failure to provide consent will result in the impossibility for the Company to send updates, offers or other promotional or informational communications.
Consent may be withdrawn at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal, by writing to the contacts indicated in point 1 of this notice, or by using the unsubscribe link included in each communication.
The processing of personal data is carried out by means of manual, IT and telematic tools, with logic strictly related to the purposes indicated above and with security measures, technical and organizational, suitable to guarantee the confidentiality, integrity and availability of the data themselves, in compliance with Article 32 of the GDPR. The personal data collected will not be disseminated nor communicated to third parties for purposes other than those indicated. Data may be communicated to subjects providing technical assistance, hosting or IT support services and to subjects (consultants/suppliers) performing outsourcing activities on behalf of the Data Controller. Such subjects operate as Data Processors pursuant to Article 28 GDPR.
Personal data are processed within the European Economic Area (EEA). Should it become necessary, for technical or operational needs connected to the provision of IT services, hosting, system maintenance or technical assistance, to transfer data to Countries located outside the European Union, such transfer will take place exclusively in compliance with Articles 44 et seq. of Regulation (EU) 2016/679.
Personal data will be retained for a maximum period of 24 months from the date of acquisition of consent, unless revoked earlier by the data subject.
If, before the expiry of the indicated term, the data subject clearly expresses the intention to continue the communicative relationship with the Data Controller, including through positive and conclusive behaviors such as, by way of example, opening the communications received, interacting with promotional content or participating in the initiatives indicated, the retention period may be extended for a further period of equal duration.
In any case, the right of the data subject to object at any time to processing for marketing purposes and to request deletion of his or her data remains unaffected, through the methods indicated in point 3 of this notice.
Pursuant to Articles 15 to 22 of the GDPR, the data subject has the right to:
– obtain confirmation of the existence or not of personal data concerning him or her and to access them (right of access);
– request rectification or updating of inaccurate data and integration of incomplete data (right to rectification);
– obtain erasure of personal data in the cases provided for by law (right to be forgotten);
– obtain restriction of processing in the presence of the conditions set out in Article 18 of the GDPR (right to restriction);
– receive personal data in a structured, commonly used and machine-readable format, and to transmit them to another data controller (right to data portability);
– object at any time, for reasons related to his or her particular situation, to the processing of personal data carried out on the basis of the legitimate interest of the Data Controller (right to object);
– withdraw consent at any time, without prejudice to the lawfulness of processing based on consent before withdrawal (right to withdraw consent);
– lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or bring proceedings before the competent judicial authorities if he or she considers that his or her rights have been violated.
Requests may be sent to the e-mail address privacy@twenty-nine.eu or via PEC to twenty-nine@pec.it.
The provision of data through the newsletter form is optional; however, failure to provide the data makes it impossible to receive newsletters.