DATA PROCESSING INFORMATION
(Drafted pursuant to art. 13 EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016)
The data controller is SC CRONOS DIET SRL, with registered office in Bacau registered at the Register of Companies of Bacau at no. J04 / 302/2012, tax code no. RO30021692 represented by Constantin Stan, as sole director.
Identity of the treatment
The collection and processing of data is carried out by SC CRONOS DIET SRL for the activities and services connected to the website.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, where required.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
Session cookies are essential in order to distinguish between connected users, and are useful to prevent a requested functionality from being provided to the wrong user, as well as for security purposes to prevent cyber attacks on the site.
Session cookies do not contain personal data and last only for the current session, i.e. until the browser is closed.
The data will be processed – by the persons in charge of processing – with manual, IT and telematic tools within the scope and for the purposes specified above and, in any case, always respecting the security and confidentiality of the same, also in compliance with the law and the provisions of the Guarantor for the protection of personal data.
In particular, it is guaranteed to keep and control the personal data being processed, also in relation to the knowledge acquired on the basis of the technical process, the nature of the data and the specific characteristics of the processing, in order to minimize, by adopting of suitable security measures, the risks of destruction or loss, even accidental, of the data, of unauthorized access to processing or not allowed or not in accordance with the purposes of the collection.
Responsible for data processing
The data processing manager: Dr. Popa Andreea.
The designated managers constitute the contact point for interested parties who wish to receive information on the processing of their data and / or for the Supervisory Authority; they can be contacted at the e-mail address: email@example.com
Persons in charge of processing
The persons in charge are the physical persons who, under the direct authority of the data owner or of the subjects appointed by him, carry out the processing operations of personal data.
The company guarantees that it has nominated in writing its appointees and that it takes care to provide the above-mentioned subjects with detailed written instructions on the methods of processing, in compliance with the provisions of the law.
In the event of changes in the attributions of the individual appointees, the latter will be communicated in writing.
Duty of supervision and control
The company guarantees to carry out training activities for its personnel involved in the processing operations, based on their respective duties, diversifying the level of detail and operating instructions based on the types of data processed by the persons in charge during their activity.
Therefore, by virtue of this deed, it is guaranteed to supervise the work of its data processors.
Purpose and legal basis of data processing
The data collected and processed will be used exclusively for: COMMERCIAL purposes.
The processing of personal data – including any sensitive data (“special categories of data” art. 9 GDPR) and relating to criminal convictions or offenses (“judicial” art. 10GDPR) for which it is necessary
ario your consent to be expressed at the bottom of this information – collected, takes place for the management purposes identified above.
All data collected is therefore processed exclusively for obligations related to the activity of the Data Controller, whose legal basis can be found upon acceptance and signing of the casting procedure.
In the absence of a written document, the data processing will be carried out with the explicit consent of the interested party and considered as a condition of lawfulness pursuant to and for the purposes of art. 6 of the EU Regulation.
The services / products offered by the owner are reserved for subjects legally able, on the basis of the relevant national legislation, to conclude obligations
Nature of the provision of data
The provision of personal data and the consequent processing by the Data Controller, for the aforementioned purposes, are necessary for the establishment, for the continuation and for the correct management of the relationship between the Data Controller and the Data Subject or must be understood as mandatory based on law, regulation or community legislation; any refusal to provide the personal data requested may cause the impossibility, in whole or in part, to perfect and manage the relationship in place or in progress.
The provision of personal data and the consequent processing by the Data Controller for the purposes referred to in point 6) is optional and failure to provide it, even partial, will not entail any consequences.
Right of access and data portability
The right concerns the data “provided” by the interested party and is limited only to personal data in a broad sense or it also extends to personal data generated (observed) by the activities of the interested party (eg location data, history of searches, navigation).
The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in an intelligible form.
On the other hand, the data generated by the owner on the basis of the analysis of the data provided or collected by the interested party (inferred and derived data, eg credit score), nor obviously the data obtained by third parties are not included.
The right to data portability does not imply any obligation to keep data beyond the period established by the regulations for the sole purpose of guaranteeing the exercise of portability.
The interested party has the right to receive, free of charge, the data in a structured and readable form by a data processor (therefore absolutely not in paper format), in a commonly used format (“structured format, commonly used and readable by an automatic device” ).
In compliance with article 20, the interested party has the right to transmit personal data from one owner to another “without obstacles”.
The data must be provided “without undue delay and, in any case, at the latest within one month of receiving the request” (Article 12.3 GDPR).
Data portability will be guaranteed only in the event that the processing of data is based on consent or contractual necessity, and in any case only if the processing is based on electronic processing (therefore not on paper), in all other cases it does not apply.
Categories of subjects to whom the data may be communicated:
The processing of personal data will be carried out by means of subjects expressly and specifically designated as specifically trained appointees; these subjects will process the data in accordance with the instructions received from the Data Controller, according to operational profiles assigned to them in relation to the functions performed.
The data may also be processed by third parties (outsourcers), which are used for the provision of services related to the purposes pursued, which our organization evaluates from time to time, to ensure greater protection, if to appoint as external managers of the treatments from these places in place.
In all cases, these subjects will process the data in accordance with the instructions received from the Data Controller, according to operational profiles attributed to them in relation to the functions performed, limited to what is necessary and instrumental for the execution of specific operations within the requested services and exclusively for the achievement of the purposes indicated in this information.
The data will not be subject to disclosure.
Data retention period
The data collected will be kept for a period of time not exceeding that necessary for the purposes for which they were collected, to fulfill contractual or pre-contractual, legal and / or regulatory obligations (without prejudice to the statutory and statutory limitations, in the respect for rights and in compliance with consequent obligations).
In particular, the criteria used to determine the retention period are established by specific laws governing the activity of the Data Controller
the processing or specific provisions of the Guarantor for the protection of personal data that have regulated the processing activity and the purposes pursued by the Data Controller; finally, it is specified that your personal data may also be kept up to the time permitted by Italian law.
Modification and withdrawal of consent to data processing
The interested party has the right to:
obtain the cancellation or transformation into anonymous form or the blocking of data processed in violation of the law;
obtain the updating, correction and integration of data;
obtain certification that these operations have been brought to the attention of those to whom the data are communicated;
oppose for legitimate reasons the processing of data or any automated decision-making process (including profiling);
obtain the limitation of the processing or the portability to another holder.
To this end, it will be necessary to send the request, through specific communication by e-mail addressed to firstname.lastname@example.org (specifying “Privacy” in the subject).
In communicating personal data, it must be ensured that you are at least 16 years old, pursuant to art. 8. On this point, it should be noted that the aforementioned article does not refer to any online data processing, nor any information society service to which minors can access.
The rule applies only to services subject to direct offer, and in the context of which the data processing is legitimate only if based on the informed consent of the interested party.
Complaint to the Authorities
If the interested party identifies possible violations in the processing of data, he has the right to lodge a complaint with the competent authorities.
Having read the information, I consent to the processing of my personal data for the achievement of the aforementioned purposes.
For informed consent, please read the additional note attached to the site.