Information for the processing of personal data according to EU Regulation no. 2016/679 (GDPR).

This page describes the methods of management of the site in relation to the processing of personal data of users who consult it. This information is provided pursuant to articles 13 and 14 of EU Regulation no. 2016/679 on data protection (GDPR) to those who interact with the website. The information is not to be considered valid for other websites that may be consulted via links on the Internet sites in the domain of the owner, who is not to be considered in any way responsible for the websites of third parties.

I Tesori di Santa Caterina Srl, with headquarters in Via Campo la Vigna S.n.c. 84010 Scala (SA) Italy – Email: itesoridisantacaterina@gmail.com (hereinafter, “Owner”), as data controller, informs you pursuant to art. 13 Legislative Decree 30.06.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter, “GDPR”) that your data will be processed in compliance with the principles of lawfulness, correctness and transparency towards the interested party, with the methods and for the purposes described on this page.

  1. Object of the processing

The Data Controller processes personal, identifying and non-sensitive data (for example but not limited to: name, surname, address, telephone, e-mail – hereinafter, “personal data” or also “data”) communicated by you when filling out electronic forms via the Site and from online purchases.

  1. Categories of data subject to processing and purposes

2.1 Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Through the website, information is also transmitted that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.

 

2.2 Data provided voluntarily by the user and purpose of processing

The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site or the completion of contact forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. The data is collected through our website and stored in our offices, partially on paper and partially electronically, for the explicit and legitimate purposes indicated below:

  • respond to requests for information sent by the user via electronic form on the site;
  • process purchases made on the site
  • offer assistance and advice;
  • fulfill the obligations established by the Law, by a regulation, by community legislation or by an order of the Authority or upon requests of the Italian or foreign government or of the Italian Chamber of Commerce;
  • exercise the rights of the Owner, for example the right to exercise a right in court.

The provision of data and consent to the processing of your data by the user are optional, and necessary to ensure the purposes just described. Consent to the processing of personal data is given by the user by selecting the appropriate fields reported on the electronic forms on the site.

 

  1. Methods of processing and data retention period

The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Your personal data are subjected to both paper and electronic and/or automated processing, through the use of a website hosted on the data controller’s server or on external company websites that allow the data controller to offer its services (such as offering online assistance or storing files for the customer by providing their email and name for downloading). The Data Controller will process the personal data for the time necessary to fulfill the purposes set out above and in any case for no more than 10 years from the termination of the relationship for service purposes and for no more than 2 years from the collection of data for other purposes. In compliance with the provisions of art. 5 paragraph 1 letter e) of EU Regulation 2016/679, the personal data collected will in any case be stored in a form that allows the identification of the interested parties for a period of time not exceeding the achievement of the purposes for which the personal data are processed.

  1. Security

The Data Controller has adopted a wide variety of security measures to protect your data against the risk of loss, abuse or alteration. In particular: it has adopted the measures referred to in articles 32-34 of the Privacy Code and art. 32 of the GDPR. It uses, where necessary for more secure communications, the data encryption technology established by the AES Standards (BCrypt) and the protected data transmission protocols known as HL7 and HTTPS.

  1. Access to data

Your data may be made accessible for the purposes described to:

  • employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
  • third-party companies or other entities (web domain providers, web hosting providers, web agencies, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data controllers.
  1. Communication of data

Without your express consent (pursuant to art. 24 letter a), b), d) Privacy Code and art. 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2 to Supervisory Bodies and Judicial Authorities, as well as to all other entities to whom communication is mandatory by law. In any case, it is ensured that your personal data will never be made public on the Data Controller’s website.

  1. Data transfer

The management and storage of personal data will take place in Europe, on servers located in Europe of the Data Controller and/or third-party companies, including abroad, appointed as Data Processors for the use of the requested services. The personal data provided may be transferred abroad within and outside the European Union, within the limits and under the conditions set out in Articles 44 et seq. of EU Regulation 2016/679, in order to comply with purposes related to the transfer itself.

  1. Nature of the provision of data and consequences of refusal to respond

The provision of data for the purposes set out in Article 2 is necessary to guarantee you the Services of Article 2.2. You may decide not to provide any data or to subsequently deny the possibility of processing data already provided. The provision by the user of the personal data requested when filling out the forms, as well as consent to the related processing, although left to the exclusive and autonomous will of the user, are necessary to allow the Data Controller to process the requests of the same. Therefore, failure to provide this data will prevent any request made by the user from being processed.

 

  1. Rights of the interested party

In your capacity as interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 of the GDPR and specifically the rights to:

 

  • I) obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
  • II) obtain the indication:
  1. a) of the origin of the personal data;
  2. b) of the purposes and methods of processing;
  3. c) of the logic applied in the event of processing carried out with the aid of electronic instruments;
  4. d) of the identification details of the owner, managers and designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR;
  5. e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or persons in charge;
  • III) obtain:
  1. a) the updating, rectification or, when you have an interest, the integration of the data;
  2. b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  3. c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data were communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected;
  • IV) to object, in whole or in part:
  1. a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
  2. b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. Please note that the right of opposition of the interested party, set out in the previous point b), for direct marketing purposes by automated methods extends to traditional methods and that in any case the possibility for the interested party to exercise the right of opposition even only in part remains intact. Therefore, the interested party can decide to receive only communications by traditional methods or only automated communications, or neither of the two types of communication.

Where applicable, you also have the rights referred to in articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Guarantor Authority.

  1. Revocation of consent and deletion of data

To exercise your rights, to revoke your consent and to completely delete your data, you can send a communication by sending a registered letter to the headquarters of the business, with the address stated in the incipit and/or an e-mail to the address itesoridisantacaterina@gmail.com

  1. Minors

This Site and the Data Controller’s Services are not intended for minors under 18 years of age and the Data Controller does not intentionally collect personal information relating to minors. In the event that information on minors is inadvertently recorded, the Data Controller will delete it promptly, upon request of users.

  1. Owner, responsible party and persons in charge

The Data Controller / Processor (pursuant to articles 4, 24, 28 of EU Reg. 2016/679) is I Tesori di Santa Caterina Srl, with registered office in Via Campo la Vigna S.n.c. 84010 Scala (SA) Italy EMAIL: itesoridisantacaterina@gmail.com PEC: itesoridisantacaterina@legalmail.it.

External data controller (as a web agency) is: E26 Srls with headquarters in Naples, Via Enzo Tortora 11 – 80125, TEL: 081.2451030 mail: info@e26.studio

The updated list of data controllers and processors is kept at the Data Controller’s headquarters.

  1. Data Protection Officer

The Data Protection Officer is not appointed as it is not a mandatory figure in the case of this activity since the processing of personal data is NOT carried out by an authority or a public body, furthermore the main activities of the organization do NOT consist of processing that requires “regular and systematic monitoring” of the data subjects and the main activities of the organization do NOT consist of “large-scale” processing of “sensitive” (rectius, “special categories of data”) or “judicial” (rectius, “personal data relating to criminal convictions and offences”) data.

  1. Changes to this Policy

This Policy may change from time to time. We therefore recommend that you check this Policy regularly and refer to the most up-to-date version.

For more information on advertising based on online behavior and on the possibility of opting out of advertising and tracking via cookies, visit the page www.youronlinechoices.eu

 

Privacy Policy

© 2025  I Tesori di Santa Caterina Srl  VAT CODE: 06120250656
itesoridisantacaterina@legalmail.it
Web agency E26