The purpose of this document is to inform the natural person (hereinafter the “Interested Party“) regarding the processing of their personal data (hereinafter “Personal Data”) collected by the data controller, Guido Gobino Srl, with registered office in Via Cagliari 15/B, 10153 Turin, Tax ID/VAT no. 02646140018, email address email@example.com, (hereinafter the “Data Controller“), through the website www.guidogobino.com (hereinafter the “Application“).
- Categories of Personal Data processed
The Data Controller processes the following types of Personal Data voluntarily provided by the Interested Party:
- Contact details: name, surname, address, email, telephone, images, authentication credentials, any additional information sent by the Interested Party, etc.
- Fiscal and payment data: tax code, VAT number, credit card data, bank account details, etc.
- Employment-related data: data entered in the curriculum vitae, data related to the spouse or children, social security data, etc.
- Judicial data: Personal Data relating to criminal convictions, offences or security measures, collected with the consent of the Interested Party. The Interested Party may revoke their consent at any time.
The Data Controller processes the following types of Personal Data collected automatically:
- Navigation and usage data of the Application: such as, for example, pages visited, number of clicks, actions taken, duration of sessions, etc.
- Data relating to the exact location of the Interested Party: for example, geolocation data that precisely identifies the location of the Interested Party, which can be collected through satellite networks (e.g. GPS) and other means, collected with the consent of the Interested Party. The Interested Party may revoke their consent at any time.
Failure to provide the Personal Data for which there is a legal or contractual obligation or which are a necessary requirement for the conclusion of the contract with the Data Controller will make it impossible for the Data Controller to establish or continue the relationship with the Interested Party.
The Interested Party who communicates Personal Data of third parties to the Data Controller is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
- Cookies and similar technologies
- Legal basis and purposes of the processing
The processing of Personal Data is necessary:
- for the performance of the contract with the Interested Party and specifically:
- fulfilment of any obligation arising from the pre-contractual or contractual relationship with the Interested Party
- Registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, access and be identified also through external platforms
- Support and contact with the Data Subject: to respond to the Data Subject’s requests
- Payment management: to manage payments by credit card, bank transfer or other means
- due to legal obligation and specifically:
- compliance with any obligation provided for by current legislation, laws and regulations, in particular, tax and fiscal matters
- based on the legitimate interest of the Controller, for:
- email marketing purposes of the Controller’s products and/or services to directly sell the Controller’s products or services using the email provided by the Data Subject in the context of the sale of a product or service similar to the one subject of the sale
- management, optimization and monitoring of the technical infrastructure: to identify and solve any technical problems, to improve the performance of the Application, to manage and organize information in an IT system (e.g. server, database, etc.)
- security and anti-fraud: to ensure the security of the assets, infrastructure, and networks of the Controller
- anonymous statistical purposes: to carry out statistical analyses on aggregated and anonymous data to analyze the behavior of the Data Subject, to improve the products and/or services provided by the Controller and better meet the expectations of the Data Subject
- based on the consent of the Data Subject, for:
- profiling of the Data Subject for marketing purposes: to provide the Data Subject with information on the products and/or services of the Controller through an automated processing aimed at collecting personal information in order to predict or evaluate their preferences or behavior
- retargeting and remarketing: to reach the Data Subject who has already visited or shown interest in the products and/or services offered by the Application through a personalized advertising message using their Personal Data. The Data Subject can opt-out by visiting the Network Advertising Initiative page
- marketing purposes of the Controller’s products and/or services: to send commercial and/or promotional information or materials, to carry out direct sales activities of the Controller’s products and/or services, or to carry out market research with automated and traditional methods
The Data Subject’s Personal Data may also be used by the Controller to protect itself in legal proceedings before competent courts.
- Methods of processing and recipients of Personal Data
The processing of Personal Data is carried out by means of paper and computer tools with organizational methods and logic strictly related to the indicated purposes and by adopting adequate security measures.
Personal Data is processed exclusively by:
- persons authorized by the Data Controller who have committed to confidentiality or have an adequate legal obligation of confidentiality;
- entities that operate independently as distinct data controllers or that are designated as data processors by the Data Controller in order to carry out all processing activities necessary to pursue the purposes of this information notice (e.g., commercial partners, consultants, IT companies, service providers, hosting providers);
- subjects or entities to whom Personal Data must be communicated due to a legal obligation or an order from authorities.
The above-mentioned subjects are required to use appropriate safeguards to protect Personal Data and may only access the data necessary to perform their assigned tasks.
Personal Data will not be indiscriminately disseminated in any way.
Personal Data will not be transferred outside the territory of the European Economic Area (EEA).
- Retention period of Personal Data
Personal Data will be kept for the period of time necessary to fulfill the purposes for which they were collected, in particular:
- for purposes related to the execution of the contract between the Data Controller and the Data Subject, they will be kept for the entire duration of the contractual relationship and, after termination, for the ordinary prescription period of 10 years. In the case of judicial litigation, they will be kept for the entire duration of the litigation, until the expiration of the terms for challenging the decisions
- for purposes related to the legitimate interests of the Data Controller, they will be kept until such interests are completed
- for compliance with a legal obligation, an order of an authority and for the protection of legal claims, they will be kept in compliance with the timing provided by said obligations, regulations and in any case until the expiry of the prescription term provided by the current laws
- for purposes based on the consent of the Data Subject, they will be kept until the revocation of the consent
At the end of the retention period, all Personal Data will be deleted or kept in a form that does not allow the identification of the Data Subject.
- Data Subject’s Rights
Data Subjects can exercise certain rights with regard to the Personal Data processed by the Controller. In particular, the Data Subject has the right to:
- be informed about the processing of their Personal Data
- revoke consent at any time
- limit the processing of their Personal Data
- object to the processing of their Personal Data
- access their Personal Data
- verify and request the rectification of their Personal Data
- obtain the limitation of the processing of their Personal Data
- obtain the erasure of their Personal Data
- transfer their Personal Data to another data controller
- submit a complaint to the supervisory authority for the protection of their Personal Data and/or take legal action.
To exercise their rights, Data Subjects can send a request to the following email address: firstname.lastname@example.org. Requests will be immediately processed by the Controller and fulfilled as soon as possible, in any case within 30 days.
Last updated: 28/10/2022