This document has been specifically drafted in order to inform you about the processing of your personal data by Mr. Salvatore Zito, whose data are specified below. In accordance with European Regulation 2016/679 (hereinafter referred to as “GDPR”), the following information are provided to you.
The Data Controller – as defined under article 4, paragraph 1, no. 7) of the GDPR – is
Mr. Salvatore Zito, domiciled in Turin, Via Luigi des Ambrois no. 7, 10123, Italy, C.F. ZTISVT60C18H403P (hereinafter referred to as “Data Controller”).
- INTRODUCTIONARY INFORMATIONS
For easy reading, below there are some definitions directly contained in the provisions of the GDPR.
In accordance with Art. 4, para. 1 of the GDPR,
«personal data» means any information concerning an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his/her physical, physiological, genetic, psychic, economic, cultural or social identity;
«processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
«data controller» means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
«data subject’s consent» means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- CATEGORIES OF DATA PROCESSED
By browsing this website the following categories of personal data may be processed:
- common personal data as defined pursuant to Art. 4, para. 1 of GDPR. This category includes both personal information such as, by way of example and without limitation, name, surname, date of birth, address of residence, tax code, and contact information such as fixed and/or mobile phone number and e-mail address;
- PURPOSE AND LEGAL BASIS OF THE PROCESSING
The personal data provided by you are processed by the Data Controller for the following purposes:
- communications relating to the artworks featured on this website, also in order to satisfy any requests made by you through the appropriate communication channels made available by the Data Controller;
- if you wish, sending commercial communications (newsletters), by filling in the appropriate form;
- browsing this web site;
- compliance with obligations imposed by laws or regulations.
The legal basis of the processing for the purposes described above:
– is Art. 6, par. 1, letter a) of GDPR, according to which the data subject has expressed consent to the processing of his/her personal data for one or more specific purposes.
– is Art. 6, para. 1, letter c), according to which the processing is necessary for the fulfilment of a legal obligation to which the Data Controller is subject;
The provision of personal data is:
– mandatory in relation to the obligations provided for by laws, regulations and/or Community legislation as well as provisions issued by the authorities legitimated to do so and by supervisory and control bodies.
- TREATMENT METHOD AND STORAGE TIME
Please note that the processing of your data is performed in compliance with the GDPR and the current regulations on the processing of personal data.
The processing is based on the principles set forth in Article 5 of the GDPR, with particular reference to the principles of correctness, lawfulness, transparency and protection of confidentiality and rights of the person whose data is processed.
The processing of your personal data will be conducted by means of paper, computer and telematic means, with methods suitable to guarantee its security and confidentiality in accordance with the provisions of Article 32 of the GDPR.
Your personal data will be stored by the Data Controller for the period strictly necessary to achieve the purposes for which it was collected, and in any case in compliance with the principle of minimisation referred to in Article 5, paragraph 1, letter c) of the GDPR as well as the obligations provided for by law.
- COMMUNICATION OF YOUR PERSONAL DATA
Please be informed that your personal data are not subject to disclosure to unspecified subjects, in any form, including by providing them or making them available for consultation.
The only exception is the event that the disclosure is requested to the Data Controller, in compliance with legislative provisions, by public authorities, judicial authorities, supervisory and control bodies, information and security bodies or other subjects and/or public bodies for purposes of defence and state security, prevention and detection or repression of crimes.
To achieve the purposes described in point 3 above, the Data Controller may need to communicate your personal data to the following categories of third parties:
- subjects authorised by the Data Controller to process personal data pursuant to and for the purposes of Art. 29 of the GDPR in the performance of their work duties;
- subjects who have been appointed by the Data Controller pursuant to Article 28 of GDPR as data processors, i.e. the natural or legal person who processes personal data on behalf of the Data Controller;
- subjects providing services for the management of the digital and non-digital communication system.
- TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION
Please note that your personal data will be processed by the Data Controller exclusively within the Italian territory. The data provided by you will therefore not be transferred by the Data Controller to third countries within or outside the European Union and/or international organisations.
- RIGHTS OF THE INTERESTED PARTY
By submitting your request directly to the domicile of the Data Controller indicated above or by using the following e-mail address: firstname.lastname@example.org You may exercise your right at any time, pursuant to articles 15 to 22 of the GDPR:
- to ask for confirmation of the existence or not of your personal data;
- to obtain information on the processing purposes, the categories of personal data, the recipients or categories of recipients to whom your personal data have been or will be communicated and, when possible, the period of storage;
- to obtain the correction and deletion of your personal data;
- to obtain the limitation of the processing of your data;
- to obtain the portability of data, i.e. to receive them from a data controller, in a structured format, in common use and readable by automatic device, and to transmit them to another data controller without hindrance;
- to oppose the processing at any time and also in the case of processing for direct marketing purposes;
- to oppose an automated decision-making process relating to individuals;
- to ask the Data Controller the access to the data and the rectification or cancellation of the same or the limitation of the processing or to oppose their processing, as well as the right to the portability of the data;
- to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
- to lodge a complaint with a supervisory authority.