Dear Visitor, pursuant to Articles 12 and following of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, “Regulation” or “GDPR”), and in general in compliance with the principle of transparency provided for in the Regulation itself, the following information is provided regarding the processing of personal data (i.e., any information relating to an identified or identifiable natural person: “Data Subject”) carried out in connection with browsing the website “https://www.vivarini.it” (“Site”) and user interaction with it (please note that this policy does not apply to other websites that the user may consult via links on the Site, including links to social networks, for which reference is made to their respective policies).
This notice supplements any other notices that may be relevant for other specific data processing activities (for example, those concerning relationships with customers or suppliers, or the one in the “Work with us” section of the Site), which are provided in connection with such processing.
The Data Controller (i.e., the entity that determines the purposes and means of processing personal data) is Vetreria Artistica Vivarini srl – Fondamenta Serenella, 5/6 – 30141 Murano Italy, VAT no. 01971510274, phone +39 041736077, email info@vivarini.it. For contacts specifically relating to data protection, including the exercise of rights, the following email address is indicated: info@vivarini.it, which you are kindly requested to use for any inquiries.
DATA PROCESSING ACTIVITIES
| Processed Data | Purpose | Legal Basis | Retention Period | Data Subject Rights and Extra-EU Data Transfer |
| browsing data | website operation | legitimate interest | non-persistent data deleted at the end of the session | access – rectification – erasure – restriction – objection |
| cookies | website operation, statistics, and profiling | legitimate interest (necessary) and consent (non-technical cookies) | see specific policy |
access – rectification – erasure – restriction – objection – portability – withdrawal of consent
for third-party cookies, refer to the specific policy |
| provided in contact requests | management of contacts at the user’s request | management of pre-contractual and contractual relationships and/or legal obligations; legitimate interest for the protection of rights | period required to handle the request or execute the contract, including the protection of rights | access – rectification – erasure – restriction – objection – portability – withdrawal of consent |
User browsing data
The computer systems and software used to operate the Site collect certain personal data, the transmission of which is implicit in the use of Internet communication protocols (e.g., IP addresses or domain names of the computers used by users who connect to the Site, URI -Uniform Resource Identifier- addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response from the server – successful, error, etc. – and other parameters related to the user’s operating system and IT environment). Although this information is not collected to be associated with identified data subjects, it could, by its very nature and through processing and associations with data held by third parties, allow users to be identified.
This data is used solely for the purpose of obtaining statistical information that is not associated with any user’s identifying data regarding the use of the Site and to ensure its proper functioning, and, except in the case of unlawful activity against the Site, is deleted immediately after processing. The data could be used to ascertain responsibility in the event of computer crimes against the Site.
The legal basis for processing is therefore the Data Controller’s legitimate interest in the operation and security of the site and the protection of its rights, as well as compliance with legal requirements.
Cookies
The Site uses cookies, as detailed in the specific policy.
Data voluntarily provided by the user
No personal data is required from the user to browse the Site.
However, any contact with the Controller, including by phone, or the voluntary, explicit, and spontaneous sending of messages, whether by email or traditional mail, to the addresses indicated on the Site, and/or use of the contact form in the “Contact” section of the Site, involves the subsequent acquisition of the sender’s address, including email or phone number, necessary to respond to requests, as well as any other personal data included in the registration forms and communications submitted. This data will be used solely to fulfill the user’s request and may be disclosed to third parties only if necessary for this purpose.
Processing of data for these purposes does not require the data subject’s consent, as the processing is necessary for the performance of a contract to which the data subject is party or, in the case of a request for a quote, for the execution of pre-contractual measures at the request of the data subject (Art. 6(1)(b) of the Regulation), and, where applicable, to comply with a legal obligation (Art. 6(1)(a) of the Regulation). The Controller may also process the personal data mentioned above in pursuit of its legitimate interest – constituting the legal basis – in protecting its rights.
The processing of personal data will be carried out by personnel trained and authorized by the Controller using procedures and technical and IT tools appropriate to ensure confidentiality and security.
Such personal data is stored only for the time strictly necessary to respond to the user’s requests and during the validity of the quote/service, unless longer retention is required by law. If a contract is later signed, for example to use a specific service, the relevant privacy notice will be promptly provided. Personal data will not be disseminated.
In carrying out its activities and for the purposes outlined above, the Controller may use services provided by third parties operating either as independent controllers or on behalf of the Controller and according to its instructions, as data processors. These are entities providing processing or support services.
A complete and updated list of data processors can be requested by contacting the Controller using the details provided below.
It is not the Controller’s intention to transfer personal data to non-EU countries (except as indicated below regarding the newsletter), but note that the use of social networks – also accessible via links on this page – involves interaction with independent Data Controllers, to whose respective privacy policies reference is made.
Data Subject Rights
The GDPR grants the data subject the right to exercise the following rights regarding their personal data (the descriptions below are indicative; for a complete statement of the rights, including limitations, please refer to the Regulation, particularly Articles 15–22), which apply to at least one of the types of processing and related legal bases described in this notice:
– Access to personal data (the data subject has the right to obtain free information on the personal data held by the Controller concerning them and how it is processed, as well as to receive a copy in an accessible format);
– Rectification of personal data (upon the data subject’s request, the correction or update of inaccurate or incomplete personal data – not including evaluative elements);
– Erasure of personal data (right to be forgotten) (e.g., data is no longer necessary for the purposes for which it was collected or processed; processed unlawfully; must be erased to comply with a legal obligation; the data subject has withdrawn consent and no other legal basis exists; the data subject objects to the processing, and the conditions are met);
– Restriction of processing (in certain cases – e.g., contesting the accuracy of the data while verification is pending; unlawful processing and opposition to deletion; data needed for legal claims but not for processing; objection pending verification – data will be stored in a way that allows it to be restored, but will not be used unless to verify the validity of the restriction request, with the user’s consent, or for legal purposes or public interest);
– Objection, in whole or in part, for reasons related to the data subject’s particular situation, to processing carried out on the basis of legitimate interest (and under certain conditions, the data subject may object to processing of personal data even without justification: if data is processed for direct marketing purposes, the data subject may object at any time, including profiling related to such marketing. However, please note that in this case, the newsletter is sent based on the data subject’s consent, and therefore revoking consent is sufficient to stop the processing);
– Data portability (if the processing is based on consent or a contract and is carried out by automated means, the data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance from the original Controller, and, where technically feasible, to have it transmitted directly between controllers).
Furthermore, if the processing is based on the data subject’s consent, they may withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
The data subject also has the right to lodge a complaint with the Data Protection Authority if they believe that processing of their data violates the data protection regulations; the Authority can be contacted using the contact details provided on its website “www.garanteprivacy.it”. Nonetheless, we would appreciate the opportunity to address any concerns beforehand, and users can contact us at info@vivarini.it or via the other contact details of the Controller provided above for any clarification regarding their personal data processing and to exercise their rights, including withdrawal of consent.