PERSONAL DATA PROCESSING NOTICE

This document lists the methods and purposes of the personal data processing undertaken by The Dressing Screen S.r.l., in its data controller capacity (hereinafter, also the “Controller” or the “TDS”) and any other additional information required by law, including information on the data subject’s rights and the exercise of those rights.

The Regulation (EU) 2016/679 on the protection of personal data (hereinafter, the “Regulation”) sets rules concerning the protection of natural persons with regard to the processing of persona data, and on the free moment of such data and it protects the rights and fundamental freedoms of the natural persons, particularly with regard to the protection of personal data.

Art. 4, no. 1 of the Regulation defines “Personal Data” as any information relating to an identified or identifiable natural person (hereinafter, “Data Subject”).

On the other hand, “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (art. 4, no. 2, Regulation).

Additionally, pursuant to articles 12 et seq. of the Regulation, the Data Subject is to be provided the appropriate information concerning (i) the Processing activities carried out by the Controller and (ii) the rights of the Data Subject.

1.         PURPOSES OF THE PROCESSING AND LEGAL BASIS

The purposes of the processing are the following:

(i)    Fulfillment of the obligations deriving from the contract entered into by TDS with the data subject,

(ii)   Delivery of promotional material, by means of e-mail, to data subjects regarding products or services similar to those already purchased, provided that the Data Subject may request TDS to not receive the above mentioned messages,

(iii)  Fulfillment of obligation set forth by law, regulation or EU legislation, in particular related to the civil, fiscal and accounting legislation, as well as for comply to orders of Authorities authorized to do so by law or by supervisory and control bodies.

Considering that the processing of Personal Data, other than sensitive data, for the purposes set out at the above mentioned points (i) and (iii) is needed for the fulfilment of contractual or legal obligation, the consent of Data Subjects is not required. The processing of Personal Data for the purposes set out at point (ii) is deemed allowed pursuant to the resolution of the Italian Data Protection Authority dated 4 July 2013 no. 330.

(iv) Delivery via email, from the Controller, of communications related to promotional and marketing initiatives of TDS and for carrying out market researches, subject to the consent of the Data Subject.

2.         PROCESSING METHOS AND STORAGE

Pursuant to art. 5 of the Regulation, the Personal Data subject to the Processing are:
(i)  Processed lawfully, fairly and in a transparent manner in relation to the Data Subject;
(ii)  Collected and recorded for specified, explicit and legitimate purposes and further processed in a manner compatible with those purposes;
(iii)Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(iv)Accurate and, where necessary, kept up to date;
(v)Processed in a manner that ensures appropriate security;
(vi)Kept in a form that permits identification of the Data Subject for no longer than is necessary for the purposes for which the personal data are processed.

The Personal Data will be processed by the Controller with automated and non-automated means; the electronic storage of Personal Data occurs in secure servers located in controlled access areas and with restricted access.
Specific security measures are observed to prevent data loss, unlawful or inaccurate uses and unauthorized accesses.

3.         PROVISION OF PERSONAL DATA
3.1     Provision of Personal Data is mandatory for the purposes under point (i) and (ii), paragraph 1 and, accordingly, the Data Subject’s refusal to provide Personal Data determines the impossibility for TDS to accurately comply with its own contractual obligation and to fulfill del specific obligations required by law.

3.2     The provision of Personal Data for the purposes listed under point (iii), paragraph 1, are optional and the failure to provide them and the withdrawal of consent determines the impossibility for TDS to submit updates or legal information materials to the Data Subject and information relating to TDS’s activities.

3.3     Provision of Personal Data for the purposes under point (iv) is optional and failure to provide them determines the impossibility for TDS delivery communications related to promotional and marketing initiatives of TDS and for carrying out market researches.

4.         RETENTION OF PERSONAL DATA
Personal Data are retained for the time strictly necessary to fulfill the purposes for which they were collected and processed. With regards to the purposes set out at point (i) and (ii) of paragraph 1, the Personal Data shall be retained for processing the orders and for fulfilling to the obligations provided for by the Terms of use. With respect to the purposes set out at point (iii) of paragraph 1, the Personal Data shall be processed until the Data Subject will not have exercised the right of opposition or will not have revoked its consent to the processing. With respect to the purposes set out at point (iii) of paragraph 1, the Personal Data shall be processed for the maximum period of 24 months.
However, it is understood that once the purposes of the processing have been satisfied or in case of in case the consent has been revoked, the Controller shall nevertheless be obliged and/or have the right to further retain the Personal Data, in whole or in part, for certain purposes, as expressly required by specific law provisions or to exercise or defend a right in a proceeding against the Customer.

5.         DISCLOSURE OF PERSONAL DATA
Personal Data shall be accessible to those mandated to the Processing and external collaborators.

6.         DISSEMINATION OF PERSONAL DATA
The Personal Data are not subject to dissemination.

7.         TRANSFER OF PERSONAL DATA ABROAD
The Personal Data shall not be transferred outside European Union member States.

8.         RIGHTS OF THE DATA SUBJECT
The Data Subject will have the right to access at any moment the Personal Data for the purpose of correcting, deleting them and, in general, to exercise the rights expressly granted by the applicable laws on the protection of Personal Data, and specifically: the right to obtain confirmation of the existence of the Personal Data and their communication in an intelligible manner, to know their source, the purposes and the methods of the Processing; the right to obtain the contact information of the Controller, of the data processors and of the individual or the categories of individuals the Persona Data may be disclosed to; the right to verify the accuracy of the Personal Data and to have them completed, updated or rectified; the right to ask for erasure, conversion in anonymous form or to block the Personal Data processed in violation of the law, and their limitation pursuant to the law and, in any case, the right to object, in whole or in part, for legitimate reasons to their Processing; the right to the Personal Data portability, and the right to lodge a complaint, reporting or submit a claim before the Italian Data Protection Authority, where appropriate. Moreover, the applicable law recognizes the right of the Data Subjects to object to the Personal Data processing for the purposes set forth in paragraph 1, points (iii) and (iv) of this notice, and the right to withdraw their own consent to the Personal Data Processing at any moment, without affecting, however, the lawfulness of the Processing carried out by the Controller based on consent before its withdrawal.

9.         DATA CONTROLLER AND DATA PROCESSOR
The Controller is The Dressing Screen S.r.l., place of business in Bologna, Via Massimo d’Azeglio n. 51, Bologna.

10.      COMMUNICATIONS AND EXERCISES OF THE DATA SUBJECT’S RIGHTS
To exercise the rights listed under paragraph 8, the Data Subject may contact in any moment by sending an email to info@thedressingscreen.com.

CONSENT TO PERSONAL DATA PROCESSING
The undersigned, having read and understood the notice on the processing of personal data above, hereby grants its consent for the delivery from The Dressing Screen S.r.l. of communications related to its promotional and marketing initiatives and for carrying out market researches.