Privacy Policy

Privacy Policy

The purpose of this privacy policy is to provide all information about the processing of personal data carried out by the Data Owner when the User browses the Site and contacts the Data Owner through the dedicated section (as better indicated below).

  1. INTRODUCTION – WHO ARE WE?

Carlo Bozzelli, with registered office in Via Pereta 23 – Casale Marittimo, Pisa, VAT No. 04122670161 (hereinafter, “Owner”), owner of the website https://tarocchi.com (hereinafter, the “Site”), as the Data Controller of the personal data of users browsing the Site (hereinafter, “Users”) hereby provides the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of April 27, 2016 (hereinafter, “Regulation”, or “Applicable Legislation”).

  1. HOW TO CONTACT US?

The Owner holds in the highest regard the right to privacy and protection of personal data of its Users.

For any information in relation to this privacy policy, Users may contact the Owner at any time using the following methods:

  • By sending a registered letter with return receipt to the registered office of the Owner: Via Pereta 23, 56040 Casale Marittimo – Pisa
  • By sending an e-mail message to: info@tarocchi.com

The Owner has not identified a Data Protection Officer (DPO or DPO), as it is not subject to the designation requirement under art. 37 of the Regulation.

  1. WHAT DO WE DO? – PURPOSE OF PROCESSING

Through browsing the Site, the User can contact the Owner regarding the services offered through the Site, through the appropriate form.

In connection with activities that may be carried out through the Site, the Owner collects personal data about Users.

In particular, Users’ personal data will be lawfully processed for the following processing purposes:

  1. Fulfilling the User’s Request and Providing the Service: Users’ personal data are collected and processed by the Data Controller to enable navigation of the Site and fulfill any contact request. User data collected by the Owner for this purpose include:
  • personal data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses used by users who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, log files and other parameters relating to the User’s operating system and computer environment.
  • User data collected by the Owner for the purpose of any contact or request for information, which includes: first name, last name, e-mail address, as well as any personal information of the User that may have been eventually and voluntarily communicated to the Owner in the “Subject” and “Message” boxes. The provision of personal data for the above-mentioned purpose of processing is optional but necessary, as failure to provide it will result in the impossibility for the User to make his/her request to the Owner.

Personal data that are necessary for the pursuit of the processing purposes described in this paragraph are indicated with an asterisk within the request form.

The User’s personal data will be used by the Data Owner for the sole purpose of ascertaining the User’s identity (including by validating the email address), thus avoiding possible fraud or abuse, and contacting the User for service purposes only (e.g., responding to the User regarding his/her request). Notwithstanding the provisions elsewhere in this privacy policy, under no circumstances will the Owner make Users’ personal data accessible to other Users and/or third parties.

  1. legal obligations, i.e., to fulfill obligations required by law, authority, regulation or European legislation.
  1. LEGAL BASIS

Processing of the User’s request and provision of the service (as described in par. 3, lett. a): the legal basis consists of art. 6, para. 1, lett. b) of the Regulations, insofar as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures taken at the request of the User.

Legal obligations (as described by Sec. 3(b) above). (b)): the legal basis consists of art. 6, para. 1, lett. (c) of the Regulations, as the processing is necessary to fulfill a legal obligation to which the Data Owner is subject.

  1. DATA PROCESSING METHODS AND RETENTION TIMES

The Data Owner will process Users’ personal data using manual and computerized tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data.

Personal data of Users will be kept for the time strictly necessary to fulfill the primary purposes (as described in paragraph 3 above), or otherwise as necessary for the protection in civil law of the interests of the Owner and Users.

  1. SCOPE OF DATA COMMUNICATION AND DISSEMINATION

The personal data of Users may come to the attention of the employees and/or collaborators of the Owner in charge of managing the Site and Users’ requests. Such individuals, who have been instructed to do so by the Owner pursuant to art. 29 of the Regulations, will process Users’ data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Regulations.

Third parties who may process personal data on behalf of the Data Owner as Data Processors pursuant to art. 28 of the Regulations, such as, but not limited to, IT and logistics service providers functional to the operation of the Controller’s Site, outsourcing or cloud computing service providers, professionals and consultants.

The User has the right to obtain a list of any data processors appointed by the Owner by making a request to the Owner in the manner indicated in paragraph 7 below.

  1. RIGHTS OF INTERESTED PARTIES

The User may exercise the rights guaranteed by the Applicable Regulations at any time by contacting the Owner in the following ways:

  • By sending a registered letter with return receipt to the registered office of the Owner: Via Pereta 23 – 56040 Casale Marittimo, Pisa.
  • By sending an e-mail message to: info@tarocchi.com

The Owner has not identified a Data Protection Officer (DPO or DPO), as it is not subject to the designation requirement under art. 37 of the Regulation.

Pursuant to the Applicable Regulations, the User has the right to obtain the indication (i) Of the origin of personal data; (ii) Of the purposes and methods of processing; (iii) of the logic applied in case of processing carried out with the aid of electronic tools; (iv) of the identification details of the owner and responsible parties; (v) of the individuals or categories of individuals to whom the personal data may be communicated or who may become aware of them in their capacity as managers or appointees.

In addition, the User has the right to obtain:

  1. (a) access, updating, rectification or, when you have an interest, integration of data;
  2. b) the cancellation, the transformation into anonymous form or the limitation of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  3. (c) certification that the transactions referred to in subparagraphs. a) e (b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected.

As well as:

  1. (a) the right to withdraw consent at any time if the processing is based on your consent;
  2. (b) (where applicable) the right to data portability (the right to receive all personal data concerning him or her in a structured, commonly used, machine-readable format);
  3. c) the right to object:
  4. (i) in whole or in part, for legitimate reasons to the processing of personal data concerning him/her, even if relevant to the purpose of collection;
  5. ii) in whole or in part, to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;

(iii) where personal data are processed for direct marketing purposes, at any time, to the processing of the data carried out for that purpose, including profiling insofar as it relates to such direct marketing.

  1. d) if he/she believes that the processing concerning him/her is in violation of the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where he/she normally resides, in the Member State where he/she works, or in the Member State where the alleged violation occurred). The Italian supervisory authority is the Garante per la protezione dei dati personali, based at Piazza Venezia, no. 11, 00187 – Roma (RM) (http://www.garanteprivacy.it/).

_____________

The Owner is not responsible for updating all links viewable in this Policy, therefore, whenever a link is not working and/or updated, the User acknowledges and agrees that he/she should always refer to the document and/or section of the websites referred to by that link.