Information on the protection of personal data updated to the New EU Regulation No. 679/2016 (GDPR) (and subsequent provisions of legislative adaptation to the Italian Law 196/2003 as per Legislative Decree 101/2018)

The Data Controller processes:
-personal, identification data (for example, name, surname, company name, address, telephone, e-mail, bank and payment references) hereinafter, “personal data”.
– the “particular data” communicated by you on the occasion of the conclusion of contracts for the services of the Owner and as recipient of such data in reference to all the communications made and received in the relationships with the entities and subjects involved in the professional activity of the Owner and the Responsible of the treatment. 

Purposes of the treatment

Your personal data are processed: Pursuant to art 6 EU Regulation No. 679/2016 (and subsequent legislative adaptation provisions Legislative Decree 101/2018) (GDPR). lett. b), e) GDPR), for the following Service Purposes: A)-conclude contracts for the Controller’s services:
-fulfill pre-contractual, contractual and tax obligations arising from existing relationships with You in particular;
for the realization, production and sale of Flowise’s products;
for the insertion in the company’s computer databases; for the issue of invoices and credit notes; for the issuance of quotes and quotations to active and/or potential customers;
for the maintenance of ordinary accounting and VAT;
for the management of receipts and payments;
B)-comply with the obligations provided for by law, by a regulation, by the community legislation or by an order of the Authority (such as, for example, anti-money laundering);
C)-exercise the rights of the Owner, for example the right of defence in court;
D)-Subject to your specific consent, in writing, unequivocal and unconditional, inform and promote commercially the products of Flowise themselves; the legal basis for processing is consent.
E)-Subject to your specific consent, in writing, unequivocal and unconditional, to carry out a form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to your individual, in particular to analyze or predict aspects relating only to personal preferences, interests, reliability, behavior, location or movements of that individual for the sole purpose of the exclusive realization of personalized jewelry products of Flowise themselves; the legal basis of the treatment is consent;

Nature of data conferment and consequences of refusal to answer

We inform you that, taking into account the purposes of the treatment referred to in points A), B) and C) as illustrated above, the provision of data necessary for the purposes is free but their failure, partial or incorrect conferment may have as a consequence the inability to carry out the activities and pre-contractual and contractual obligations as provided by the contract of sale and / or supply of products. Where the person giving the data is under 13 years of age, such treatment is lawful only if and to the extent that, such consent is given or authorized by the holder of parental responsibility for which the identification data and copies of identification documents are acquired.

Treatment modalities

The processing of your personal data is carried out by means of the following operations: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The treatment will be carried out both with manual and/or computer and telematic tools with logics of organization and elaboration strictly related to the purposes and in any case in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the organizational, physical and logical measures provided for by articles 24 and 25 and 32 of the GDPR. The processing of personal data carried out for the sole purpose referred to in point E paragraph 2 (purpose of processing) of this statement will be carried out in automated form and also on an online platform and consists of the use of such personal data to assess certain personal aspects relating to your natural person, in particular to analyze or predict aspects relating only to personal preferences, interests, reliability, behavior, location of the said natural person for the sole purpose the legal basis for processing is consent;

Access to data by employees in charge of data processing

Your data may be made accessible for the exclusive purposes of art. 2.A) and 2.B) of this statement: -to employees and collaborators of the Data Controller, the auxiliaries and third party employees companies and supply companies and in an outsourcing relationship with the Data Controller in their capacity as persons authorized to process and/or internal data processors and/or system administrators; -to third party companies or other subjects (by way of example, credit institutions, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Owner, in their capacity as external data processors. Data communication Without the need for express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) EU Regulation n.679/2016 (and subsequent provisions of legislative adaptation D.Lgs 101/2018) (GDPR)., the Owner may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the fulfillment of the said purposes. These subjects will treat the data in their quality of autonomous holders of the treatment. Your data will not be disclosed.

Data storage and transfer

Personal data are stored on servers located in Milan, within the European Union and precisely outside the headquarters of the owner and in full compliance with the provisions and requirements necessary for the security and proper location of data storage units (Data centers). The aforementioned location and storage modalities of the data centers may be disclosed exclusively to the interested party whose data is being processed and to the Control Authorities for reasons of national security, public security, defense in court, for the prevention, detection and prosecution of crimes, for the protection of the interests and freedoms of others, for the execution of civil actions and for relevant objectives of public and economic interest. Whereas the Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no longer than 5 years from the termination of the relationship for the Purposes of Billing Service and corporate accounting;Whereas the Data Controller will process “special” personal data referred to in Article 9 GDPR Regulation EU n.679 /2016 for the time necessary to fulfill the purposes referred to above and in any case for no longer than the termination of the relationship for the precontractual Purposes inherent in the phase of mere contractual proposal for the conclusion of the contract of sale of the product; Personal data are stored for the duration of the relationship of association and / or mandate and, in the case of revocation and / or other termination of the relationship.

Transfer of data to Third Countries and International Organizations

It should be noted that the owner does not process data that involves the transfer of personal data and special data to third countries or international organizations. Rights of the interested party Right of access to data in accordance with articles 15-23 GDPR EU Regulation n.679/2016 (and subsequent provisions of legislative adaptation D.Lgs 101/2018)

Rights of the interested party

Right of access to data

In your capacity as data subject, you are the holder of the rights under Art. 15 GDPR: -to obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form; -to obtain indication: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identity of the owner, managers and the representative of the owner and the persons authorized to process designated e) the subjects or categories of persons to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or authorized to process;

Right to rectification of data

In your capacity as data subject, you are the holder of the rights referred to in art. 16 GDPR and precisely the rights to: a) updating, rectification or, when interested, integration of data; 

Right of cancellation of data

In your capacity as data subject, you are entitled to the rights set forth in art. 17 GDPR and precisely the rights of: b) cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

Right to limitation of processing:

In your capacity as data subject, you are the holder of the rights referred to in Art. 18 GDPR and precisely the rights to: request the limitation of the use of the data for reasons of public interest only, exclusively and carried out with the consent of the data subject and for the establishment or defense of a right, in cases where the data subject contests the accuracy of the data and the processing, in the case of exercising the right to object to the processing pursuant to art. 21 GDPR and in the other cases provided for in art.18 GDPR 

Right to portability:

In your capacity as data subject, you are the holder of the rights referred to in ‘art. 20 GDPR EU Regulation n.679/2016 (and subsequent provisions of legislative adaptation Legislative Decree 101/2018) and precisely the rights to:mandate and, in the case of revocation and / or other termination of the relationship. -receive the personal data provided to the Data Controller in a structural format or on computer support of common use, intelligible and accessible for any operating system (USB or ZIP file duly encrypted), -to move without constraints, the information and data concerning you from the present owner to another owner chosen by you according to your purposes and in full compliance with the principles of transparency, lawfulness and proportionality of the treatment. The right to data portability is without prejudice to other rights.

Right to object to processing:

In your capacity as a data subject, you are entitled to the rights set forth in Art. 21 GDPR -oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for any other purpose not relevant to the processing. 

Right of opposition and limitation to the processing carried out by means of profiling for the exclusive purposes referred to in point E) of paragraph 2 of this notice pursuant to art.22 GDPR.

It is mentioned that you, in your capacity as a data subject, have the right not to be subjected to a decision based solely on profiling (purposes referred to in point E), paragraph 2 of this information notice), which significantly affects your person unless such processing is based on your explicit, unequivocal and unconditional consent, exercised in writing and separate from other specific requests for consent. In addition, in the event of the provision of explicit, unambiguous and unconditional consent, exercised in writing to the aforementioned profiling processing (purposes referred to in point E), paragraph 2 of this policy), the data controller shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention by the data controller, to express his or her opinion and to contest the decision, including in the event that the data controller should eventually become aware of data referred to in art.9 GDPR (special data) 

Right to withdraw consent:

In your capacity as a data subject, you are the holder of the rights referred to in Art. 7 GDPR and precisely the right to revoke consent, where applicable and at any time. Withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal; 

Limitations to the obligations of data controllers and data processors under Art. 23 GDPR

The obligations on the part of the Data Controller and the Data Processor to make this disclosure pursuant to Art. 12 GDPR, not to submit to an automated procedure pursuant to Art.22 GDPR, and to make the communications referred to in Art. 34 GDPR may be waived exclusively upon your consent or for the need to communicate to the Supervisory Authorities for reasons of national security, public safety, defense in court, for the prevention, detection and prosecution of crimes, for the protection of the interests and freedoms of others, for the independence of the judiciary, for the execution of civil actions and for relevant objectives of public and economic interest.

Right to complain to the Guarantor Authority of Privacy:

In your capacity as a data subject, you are the holder of the rights referred to in Article 13 GDPR, namely the right to lodge a complaint with the supervisory authority. 

How to exercise your rights

You may exercise your rights at any time by sending a request by email to info@flowise.it – PEC info@pec.flowise.it and you may also exercise your rights by contacting the Privacy Guarantor, headquarter, Piazza Venezia n. 11 – 00187 Rome, Telephone: (+39) 06.696771, Fax: (+39) 06.69677.3785. For general information it is possible to send an e-mail to: garante@gpdp.it