Application of GDPR679/2016
GDPR is the acronym for "General Data Protection Regulation." The regulation came into force in 2016 and is applicable from May 25, 2018.
Data controller
The data controller is SA.DI.CA. srl with registered office in Via Aurelio Saffi, 6/A – 40131 – Bologna Italy. The company can be contacted at info@fotofantoni.com, 051553776.
Purpose of data processing
The processing of your data is aimed at:
- Ensure correct navigation on the www.fotofantoni.com website
- Complete purchases on the website www.fotofantoni.com
- Complete the registration in order to make purchases on the site
- Comply with all obligations incumbent on the owner and the processing provided for by current legislation
- Defend a right in court or before judicial authorities exercising judicial functions
Legal basis for data processing
The treatment is based on:
- Consent: for sending communications and for using the contact form
- Legal obligation: to comply with regulatory obligations
- Legitimate interest: for the defense of the owner's rights
Data processing methods
Your data will be processed using methods strictly necessary to fulfill the purposes for which it is processed. The data entered into the forms is managed via a secure connection with a Let's Encrypt certificate issued by a certified certification body (Let's Encrypt Authority X3). All operations will be carried out using electronic, telematic, and paper-based means.
Data provision
Providing your data is optional, but mandatory in order to:
- Make purchases on the website www.fotofantoni.com
- Correct functioning of the contact form and contact form from services
- Correct navigation on the www.fotofantoni.com website
Consent to data processing is accepted when you click the checkbox under the customer registration form, purchase completion form, or contact form.
Data retention
Your personal data will be processed and retained for the entire period necessary for proper navigation on this website, as well as for the period necessary to defend your rights in court or before judicial authorities. In any case, personal data will be processed and retained for the period necessary to properly fulfill retention obligations for tax purposes or for other purposes required by laws or regulations to which the data controller is subject. Your data entered via the contact form will be retained exclusively for the period necessary to exchange information between you and the Data Controller.
Data security
We implement technical and organizational security measures to protect your personal data. These measures include data encryption, data access limited to authorized personnel, and backup procedures to ensure data integrity and availability.
Data communication
Your personal data may be communicated to or otherwise read by:
- Authorized subjects for processing
- Data controllers and other authorized parties such as: those responsible for maintaining fotofantoni.com, IT service providers and their collaborators or support providers, all parties properly trained in data processing.
- Manager of data collected by the web analysis tool
- Judicial or administrative authorities for the fulfillment of legal obligations
- Entities that process data in compliance with specific legal obligations
Transfer of data abroad
Your data will not be transferred abroad because:
- The site is hosted in Italy with datacenters within the national borders.
- Data collection is carried out using specific software installed on the server
Web analytics tools
To monitor and improve site performance, we use Umami, an open-source web analytics solution. The data collected by Umami is anonymous and does not allow us to identify site visitors. Profiling cookies are not used. The analytics service is managed by a data processor appointed by the owner, and the data is stored on servers located in Germany (European Union). No information is shared with third parties for commercial purposes. The use of Umami complies with EU Regulation 2016/679 (GDPR) and is used exclusively for statistical purposes and to improve the site.
External links to the site
The site may contain hyperlinks to other websites that are in no way connected to it. The owner does not control or monitor the cookies of these websites and therefore does not guarantee their content or data management in any way. Users should therefore carefully read the Terms of Use of the third-party sites visited and their respective Privacy Policies, as this Cookie policy and Privacy Policy refer only to this site.
Rights of the interested party
Pursuant to Articles 15-18 and 20-21 of EU Regulation 2016/679, you have the right to obtain:
- Confirmation of the existence or otherwise of data concerning you, even if not yet registered
- Updating, rectification, integration of registered data
- Indication:
- of the origin of personal data
- of the purposes and methods of processing
- of the logic applied in case of processing carried out with the aid of electronic instruments
- of the identifying details of the owner and any responsible persons
- of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as managers or persons in charge
You have the right to object in whole or in part:
- For legitimate reasons for the processing of collected data
- To the processing of personal data for the sending of advertising material and/or market research
You have the right to withdraw, at any time, the consent you have provided, in relation to the processing activities for which it represents the legal basis, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
You have the right to data portability, meaning to receive your personal data in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance. You also have the right to lodge a complaint with a supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali: www.garanteprivacy.it). You can exercise your rights by sending a written request to the data controller at the addresses (registered office or email) indicated above.