CUSTOMER SERVICE INFORMATION NOTICE

Pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016, on the protection of natural persons with regard to the processing of personal data (in short “GDPR”)

PhotoSì S.p.A Unipersonale (hereinafter referred to as “PhotoSì”), in the person of its legal representative pro-tempore, in his capacity as Data Controller of the personal data collected directly from the person concerned, provides you with this information notice in accordance with Article 13, GDPR (in short “Information notice”).  

In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be ensured by taking all the necessary suitable technical and organizational measures to ensure their security.

A) Data Controller’s identity and contact details

PhotoSì S.p.A

Registered office in via Carpegna 22,

Riccione (47838 - RN)

Tax code and VAT number 03550860401

Tel 0541/609903 – privacy@photosi.com

B) Purposes of personal data processing and legal basis

Your personal data will be processed without your mandatory consent for the purpose of sending newsletters by email - automatically and for free - following a request by entering the email address in the form on the website. The legal basis for such processing is the fulfilment of a request by the interested party – condition of lawfulness Article 6, letter b) GDPR – and the legitimate interest aimed at favouring the knowledge of the Company – condition of lawfulness Article 6, letter f) GDPR.

C) Categories of recipients of personal data

For the purposes referred to in the previous paragraph, the personal data you have provided may be transferred or made accessible to: 1. employees and collaborators of the Data Controller, in their capacity as authorized data processing staff (or the so called “individuals in charge of processing”); 2. third parties who carry out outsourcing activities on behalf of the Data Controller, in their capacity as Data Processors (including third parties in charge of sending newsletters, providers of services to manage the information system and telecommunications networks, as well as the company in charge of the e-commerce management, providers of services to manage the filing of paper and/or computerized documentation, providers of services to manage commercial communication activities) The complete updated list of the Data Processors is available upon written request to the address privacy@photosi.com.

D) Storage and transfer of personal data abroad

The management and storage of personal data occur on Cloud and on servers located inside and outside the European Union owned by and/or available for the Data Controller and/or third-party companies in charge of that, duly appointed as Data Processors.  

The transfer of data abroad to non-EU countries occurs exclusively in the context of the management of information systems for requirements strictly related to the performance of business activities and, in any case, in compliance with the provisions contained in Chapter V, GDPR.

Your personal data will not be disclosed.

E) Storage period for personal data

Personal data collected for the purposes indicated in the previous paragraph (c), section (i) will be processed and stored for the entire duration of any contractual relationship established.

From the date of termination of this relationship, for any reason or cause, the data will be stored for the duration of the limitation period applicable ex lege, that is 10 years.

While pictures and photographs are processed for the period of time necessary for their processing and stored for the period of 1 month, after which they are automatically deleted and destroyed, unless otherwise specified (for example by storing a project in your reserved area).  

The personal data collected for the purposes indicated in the previous paragraph (c), section (ii) will be processed and stored for the time necessary to fulfill such purposes and, in any case, for a period of no more than 24 months for marketing and no more than 12 months for profiling from the date in which we will receive your consent.

After this storage period, the data will be destroyed or anonymised.

F) Exercisable rights

In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights indicated therein, and more specifically:

• Right of access - To obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following information: the purposes of the processing, the categories of personal data concerned and the storage period, the recipients to whom these can be disclosed (Article 15, GDPR).
• Right to rectification - To obtain, without undue delay, the rectification of inaccurate personal data concerning you and have incomplete personal data completed (Article 16, GDPR).
• Right to erasure - To obtain, without undue delay, the erasure of the personal data concerning you, in the cases provided for by the GDPR (Article 17, GDPR).
• Right to restriction of processing - To obtain restriction of processing in the cases provided for by the GDPR (Article 18, GDPR).
• Right to data portability - To receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in the cases provided for by the GDPR (Article 18, GDPR).
• Right to object - To object to processing of personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing (Article 21, GDPR)
• Right to lodge a complaint with a supervisory authority - To lodge a complaint with the Authority for the protection of personal data, Piazza di Montecitorio 121, 00186, Rome (RM).

If you want to stop receive the newsletter, you can follow the cancellation procedure at the bottom of each email.