Privacy Policy

Clients

Information for clients regarding the protection of personal data pursuant to art. 13 of the eu
regulation 2016/679

 

Dear Clients,
In compliance with the provisions of art. 13 of the EU Regulation 2016/679 (the “GDPR”) and by way of applying the principles set out in the GDPR itself, we are sending you this information to make you aware of the characteristics and processing methods (the “Treatment”) we use for any information you have given us about the relationships set up or established between us and/or that concern a natural person (the “Interested Party”) who is either expressly identified or identifiable from these data (“Personal Data”), including your employees and collaborators. In accordance with art. 4.1. of the GDPR, “an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

1. Data Controller (the “Data Controller”).

The Data Controller responsible for processing the personal data is Pelletterie Bianchi e Nardi S.p.A. (with Tax Code and VAT number 00385830484), having its registered office in Scandicci (FI), Via delle Fonti no. 2, and email info@bianchienardi.it, in the person of its legal representative pro tempore, Mr Gabriele Bianchi (hereinafter referred to as the “Data Controller”).

Any communications about processing, also pursuant to the following articles, must be sent by you and/or by the data subject, by registered letter with a return receipt, registered PEC or e-mail to the addresses indicated above.

2. Purpose of the Treatment (the “Purposes”) and legal basis.

Personal Data, whether collected from the Data Subject (article 13 GDPR) or not (article 14 GDPR), will be used exclusively for the purposes of: fulfilling pre-contractual and contractual obligations relating to you; fulfilling and demanding the fulfilment of specific obligations deriving from laws and regula-tions sending business offers for the purpose of selling products and/or services similar to those already purchased (soft-spam); to send the newsletter; to carry out the activities of marketing (by paper mail, calls with operators, calls without operators, e-mails, faxes, MMS, SMS) and market research; carry out profiling activities in accordance with art. 4.4. GDPR;

The legal basis for this Treatment arises: from the need for us to execute a contract, to which the interested party is a party, or for precontractual measures adopted at the request of that party; from our need to fulfil a legal obligation; from the legitimate interests of the Controller (Article 6 letter f) GDPR); only for points (iv) et seq., with the express consent that will be freely given by the interested party (article 7 of the GDPR), also by sending e-mails, compilations of an appropriate form and the affixing of the flag required.

With reference to point (v), the Data Controller specifies that in the context of the sale of a product or service, the e-mail details of the interested party may be used by the Data Controller, without prior consent from the Data Subject, for the purpose of offering and selling services similar to those that have already been sold (Article 130, 4 Legislative Decree 196/2003). The interested party may object to this treatment at any time, free of charge, by making a simple written request to the addresses indicated above.

With reference to point (vii), the Data Controller specifies that the interested party may at any time indicate a preferred mode of contact from those listed above, and may object to receiving promotional communications through all or only some of these communication channels.

3. Mandatory/voluntary provision of Personal Data

Communication of your personal data by you is optional, but necessary, because if you refuse to consent, as well as risking the data being communicated incorrectly, it could make it impossible for the Controller to establish the relationship, or to implement the various purposes for which personal data have been collected.

For the same reasons, as well as to properly manage the existing relationship, we also ask you to in-form us about any changes to the Personal Data we have already collected, as soon as they arise.

4. Disclosure of Personal Data

Personal data are processed internally by people who are authorised to process the data (the “Authorised”), under the responsibility of the Data Controller, for the purposes indicated above.

Personal data may be disclosed to external personnel, who are responsible for the completion of instrumental and/or accessory functions in the performance of our business activities, who will process said data on our behalf. These people will be appointed by us as External Processing Managers (the “External Managers”), in accordance with the provisions of art. 28 GDPR. An updated list of External Processing Managers is available at the registered office of the Data Controller, and will be provided to the interested party on written request to the aforementioned addresses.

Apart from the aforementioned cases, Personal Data can also be disclosed to additional recipients and/or categories of recipients (the “Recipients” and the “Recipients Categories”), only for performing activities related to a pre-contractual and/or contractual relationship between us and/or to fulfill legal obligations and/or on the orders of the Authorities; this will always be in compliance with the assurances in the GDPR and Italian Authority guidelines, as well as the Commission guidelines established to comply with the aforementioned GDPR.

Without prejudice to the foregoing, Personal Data will never be disclosed and/or communicated to third parties, unless the interested party specifically agrees to it, and only when necessary for the fulfilment of the Purposes.

5. Processing of “particular categories of personal data” and “personal data related to criminal convictions and offences”.

If, as part of the processing, the Data Controller becomes aware of Personal Data relating: (i) to “particular categories” pursuant to art. 9 GDPR (or those ” that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as treating genetic data, biometric data intended uniquely to identify a physical person, data related to health or sex life or to the sexual orientation of the person”), said data should only be processed exclusively for the purposes indicated above with the prior consent of the interested party or, in all cases, only as far as the processing is necessary to fulfil the obligations and exercise the specific rights of the Data Controller or the interested party work and social security and social protection, to the extent that it is authorised by law in the European Union or its Member States or by a collective agreement under the law of the Member States, in the presence of appropriate guarantees for the basic human rights and interests of the interested party; (ii) to “criminal convictions and offences or related security measures”, pursuant to art. 10 GDPR, the Processing will only take place under the control of a Public Authority or, if the Processing is authorised by the laws of the European Union or those of the Member States which provide appropriate guarantees of the rights and freedoms of Data Subjects. Any comprehensive register of criminal convictions will only be kept under the control of the public authority.

6. Processing methods.

Processing is performed with the aid of electronic and/or paper tools and, in all cases, by adopting procedures, organisational and IT measures that are suitable to protect the security, confidentiality, relevance and non-excessiveness of the data.

7. Territorial scope.

Personal Data will be processed within the territories of the European Union. If, for technical and/or operational reasons, it is necessary to use bodies that are located outside of this territory, they will be appointed as External Managers, and transfers of Personal Data to them, limited to performing specific processing activities, will be regulated in compliance with the provisions of the GDPR, with all the necessary precautions taken to ensure total protection of the personal data and by basing this transfer on an evaluation of appropriate guarantees (including, for example, decisions about the adequacy of third country recipients expressed by the European Commission, adequate guarantees expressed by the third party recipient pursuant to Article 46 of the GDPR, etc.).

In all cases, the Data Subject may request more details from the Data Controller if Personal Data have been processed outside the European Union, and ask for evidence of the specific guarantees adopted.

8. Retention period.

Personal Data will be retained by the Owner for the period strictly necessary for pursuing the Purposes, and in particular, until the pre-contractual and contractual relations between us are terminated, subject to any further retention period that may be imposed by law.

In relation to marketing purposes, the data will be stored, subject to revocation of consent, for the period needed to achieve the purposes and, in all cases, for a period not exceeding 24 months, or for a different maximum period indicated by the Authority for the protection of personal data. Where consent is given with reference to profiling Purposes, the data will be stored, subject to revocation of consent, for the period needed to achieve those Purposes and, in any case, for a period not exceeding 12 months, or for a different maximum period indicated by the Authority for the protection of personal data.

To handle any disputes or contentions, and in any case for the assessment, exercise or defence of a legal case in a court, the Personal Data may be kept for a further period, equal to that of the statute of limitations.

9. Methods of issuing information.

In compliance with the principle of proportionality, in view of the evident difficulty, and the excessive burden for the Data Controller to deal with issuing this information directly to every interested party who collaborates or performs activities for your benefit, including your employees and collaborators, we invite you to send this information to the parties involved and, in any event, to inform them it is available on our corporate website can be sent by making a written request to the ad-dresses indicated above.

10. Rights of the interested party and methods of operation.

The interested party can, at any time, exercise the rights recognised by the GDPR (the “Rights of the interested party”), and in particular:

Art. 15 – Right of access of the interested party: the interested party has the right to access their data and related Processes. This right is substantiated by the possibility of obtaining confirmation of whether or not a Personal Data Processing is being performed, or the possibility of requesting and receiving a copy of the data being processed;

Art. 16 – Right of rectification: the interested party has the right to have inaccurate personal data concerning him rectified by the Data Controller without undue delay. Taking into account the purposes of processing, the data subject will have the right to have incomplete personal data made complete, including by means of providing a supplementary statement.

Art. 17 – Right to deletion (“right to be forgotten”): the Data Subject has the right to ask the Da-ta Controller to delete Personal Data about him/her, and in some cases, where there is an end, to have it deleted without unjustified delay when the purpose of the Treatment has expired, or when consent has been revoked, opposition has been made to it being processed or where the processing of their personal data is not otherwise compliant with the GDPR;

Art. 18 – Right to limit processing: the interested party has the right to limit the processing of his/her personal data where there are inaccuracies or disputes, or as an alternative measure to having it deleted;

Art. 20 – Right to data portability: the interested party, with the exception of situations in which the data are archived by means of non-automated processing (e.g. in paper format), has the right to receive personal data in a structured format, that is commonly used and can be read using an automatic device, when the data refers to him/her, where reference is made to data supplied directly by the interested party, with express consent or on a contractual basis, and to request that these data be transmitted to another data controller, if technically feasible;

– Art. 21 – Right to object: the interested party has the right to object, at any time, for reasons related to his/her particular situation, the processing of personal data about him/her.
If the interested party wishes to exercise one of the rights listed above, he/she must address the request directly to the Data Controller at the addresses indicated above, apart from the right to lodge a complaint, which should be sent to the Guarantor Authority or by filing an appeal before the competent Court Authority.

The period for replying to the Interested party by the Owner is, for all of the rights (including the right of access) and also in case of denial, 1 month, which can be extended by up to 3 months in particularly complex cases.

In any event, by applying art. 12 GDPR.

11. Withdrawal of consent.

In cases where processing should only take place after the consent of the interested party, and where the latter has provided it, he/she has the right to revoke the consent they have given at any time, by sending a written request to the Holder at the addresses indicated above.

Withdrawal of consent will not affect the lawfulness of any processing based on that consent before it was withdrawn.

12. Right to object.

The interested party has the right to object at any time to the processing of their personal data for the purpose of direct marketing including profiling, in so far as it is related to direct marketing, by sending a written request to the addresses indicated above.

Effective from 25/05/2018

Privacy cookies

 

Informativa ai clienti. In materia di protezione dei dati personali.
Ai sensi dell’art. 13 del regolamento u.E. 2016/679

 

Gentili Utenti,
in osservanza a quanto previsto dall’art. 13 del Regolamento U.E. 2016/679 (il “GDPR”) ed in applicazione dei principi posti dal GDPR medesimo, Vi invitiamo, prima di intraprendere la navigazione del nostro sito web (il “Sito web”), a prendere visione della presente informativa sul trattamento dei dati personali, al fine di renderVi consapevoli delle caratteristiche e delle modalità del trattamento (il “Trattamento”) che andremo ad operare rispetto a qualsiasi informazione da noi acquisita a seguito della navigazione da parte di qualsiasi soggetto (l’“Utente”) sul Sito web, nonché da esso fornitaci attraverso il Sito web medesimo e riguardanti una persona fisica (l’“Interessato”) identificata o identificabile (i “Dati personali”. A norma dell’art. 4.1. GDPR, “si considera identificabile la persona fisica che può essere identificata, direttamente o indirettamente, con particolare riferimento a un identificativo come il nome, un numero di identificazione, dati relativi all’ubicazione, un identificativo online o a uno o più elementi caratteristici della sua identità fisica, fisiologica, genetica, psichica, economica, culturale o sociale”.

1. Titolare del Trattamento (il “Titolare”).

Il Titolare del Trattamento è la società Pelletterie Bianchi e Nardi SpA (C.F. e P.IVA 00385830484) , con sede legale in Scandicci (FI), Via delle Fonti n. 2, e-mail info@bianchienardi.it, in persona del Suo rappresentante legale pro-tempore, Sig. Gabriele Bianchi (di seguito il “Titolare”).
Ogni comunicazione inerente il Trattamento, anche ai sensi degli articoli successivi, dovrà essere inviata, da Voi e/o dall’Interessato, tramite raccomandata a/r, PEC o email ai recapiti sopra indicati.

2. Finalità del Trattamento (le “Finalità”) e base giuridica.

I Dati personali raccolti, presso l’Interessato (art. 13 GDPR) o meno (art. 14 GDPR), saranno da noi utilizzati esclusivamente al fine di:

  1. permettere la fruizione del Sito web;
  2. rispondere alle richieste dell’Utente (ivi incluse, a titolo esemplificativo, richieste di preventivo e candidature spontanee);
  3. adempiere agli obblighi precontrattuali e contrattuali nei Vostri confronti;
  4. adempiere ed esigere l’adempimento di specifici obblighi derivanti da leggi e regolamenti;

La base giuridica del Trattamento è costituita:

  • dalla necessità da parte nostra di dare esecuzione ad un contratto di cui l’Interessato è parte ovvero a misure precontrattuali adottate su richiesta dello stesso;
  • dalla necessità da parte nostra di adempiere un obbligo legale;
  • interesse legittimo del Titolare (art. 6 lett. f) GDPR);

3. Natura obbligatoria o facoltativa del conferimento dei Dati personali.

La comunicazione da parte Vostra – anche mediante invio di e-mail, compilazione di appositi form e apposizione dei flag richiesti – dei Dati personali è facoltativa, ma necessaria, in quanto l’eventuale rifiuto al rilascio, così come l’errata comunicazione dei dati medesimi, comporta l’impossibilità per il Titolare di instaurare il rapporto o di dare attuazione alle varie Finalità per cui i Dati personali sono raccolti.
Per le stesse ragioni, oltre che al fine di una corretta gestione del rapporto in essere, Vi chiediamo, altresì, di comunicarci eventuali variazioni dei Dati personali già raccolti, non appena le stesse si siano verificate.

4. Comunicazione dei Dati personali.

I Dati personali sono trattati al nostro interno da soggetti autorizzati al Trattamento (gli “Autorizzati”) sotto la responsabilità del Titolare per le Finalità sopra riportate.
I Dati personali potranno essere comunicati a soggetti a noi esterni, incaricati del compimento di funzioni strumentali e/o accessorie allo svolgimento della nostra attività aziendale, i quali tratteranno detti dati per nostro conto. Tali soggetti saranno da noi nominati Responsabili esterni del Trattamento (i “Responsabili Esterni”), conformemente a quanto disposto dall’art. 28 GDPR. Presso la sede legale del Titolare è disponibile un elenco aggiornato dei Responsabili Esterni, che sarà fornito all’Interessato previa richiesta scritta ai suddetti recapiti.
Al di fuori dei casi che precedono, i Dati personali potranno, altresì, essere comunicati ad ulteriori destinatari e/o categorie di destinatari (i “Destinatari” e le “Categorie di Destinatari”), solo per l’espletamento delle attività inerenti al rapporto precontrattuale e/o contrattuale tra noi instaurato e/o per adempiere ad obblighi di legge e/o ad ordini delle Autorità, e comunque sempre nel rispetto delle garanzie previste dal GDPR e dalle linee guida dell’Autorità Garante italiana, nonché dalla Commissione istituita in ottemperanza al predetto GDPR.
Fatto salvo quanto precede, i Dati personali non saranno in alcun caso oggetto di diffusione e/o comunicazione a terzi, salvo consenso specifico dell’Interessato e comunque sempre solo ove necessario per l’espletamento delle Finalità.

5. Trattamento di “categorie particolari di dati personali” e di “dati personali relativi a condanne penali e reati”.

Qualora, nell’ambito del Trattamento, il Titolare venga a conoscenza di Dati personali appartenenti:
(i) a “categorie particolari” ai sensi dell’art. 9 GDPR (ovvero quelli “che rivelino l’origine razziale o etnica, le opinioni politiche, le convinzioni religiose o filosofiche, o l’appartenenza sindacale, nonché trattare dati genetici, dati biometrici intesi a identificare in modo univoco una persona fisica, dati relativi alla salute o alla vita sessuale o all’orientamento sessuale della persona”), detti dati saranno trattati, sempre esclusivamente per le Finalità indicate, solo previo consenso dell’Interessato o, comunque, in quanto il Trattamento risulti necessario per assolvere gli obblighi ed esercitare i diritti specifici del Titolare o dell’Interessato in materia di diritto del lavoro e della sicurezza sociale e protezione sociale, nella misura in cui sia autorizzato dal diritto dell’Unione Europea o degli Stati membri o da un contratto collettivo ai sensi del diritto degli Stati membri, in presenza di garanzie appropriate per i diritti fondamentali e gli interessi dell’Interessato;
(ii) a “condanne penali e reati o a connesse misure di sicurezza” ai sensi dell’art. 10 GDPR, il Trattamento avverrà soltanto sotto il controllo dell’Autorità pubblica o se il Trattamento sia autorizzato dal diritto dell’Unione Europea o degli Stati membri che preveda garanzie appropriate per i diritti e le libertà degli Interessati. Un eventuale registro completo delle condanne penali deve essere tenuto soltanto sotto il controllo dell’Autorità pubblica.

6. Modalità del Trattamento.

Il Trattamento avviene con l’ausilio di strumenti elettronici e/o cartacei e, comunque, adottando procedure e misure organizzative e informatiche idonee a tutelarne la sicurezza, la riservatezza, la pertinenza e la non eccedenza.

7. Ambito territoriale.

I Dati personali saranno trattati all’interno del territorio dell’Unione Europea.
Qualora, per questioni di natura tecnica e/o operativa, si renda necessario avvalersi di soggetti ubicati al di fuori di detto territorio, essi saranno nominati Responsabili Esterni ed il trasferimento dei Dati personali ai medesimi, limitatamente allo svolgimento di specifiche attività di Trattamento, sarà regolato in conformità con quanto previsto dal GDPR, adottando tutte le cautele necessarie al fine di garantire la totale protezione dei Dati personali e basando tale trasferimento sulla valutazione di opportune garanzie (tra le quali, a titolo esemplificativo, decisioni di adeguatezza dei Paesi terzi destinatari espresse dalla Commissione Europea, garanzie adeguate espresse dal soggetto terzo destinatario ai sensi dell’articolo 46 GDPR, etc.).
In ogni caso, l’Interessato potrà richiedere maggiori dettagli al Titolare qualora i Dati personali siano stati trattati al di fuori dell’Unione Europea, richiedendo evidenza delle specifiche garanzie adottate.

8. Periodo di conservazione.

I Dati personali verranno conservati dal Titolare per il periodo strettamente necessario al perseguimento delle Finalità, ed in particolare fino alla cessazione dei rapporti precontrattuali e contrattuali tra noi in essere, fatto salvo l’ulteriore periodo di conservazione che potrà essere imposto da norme di legge.
Per quanto concerne i CV spontaneamente trasmessi, essi saranno conservati per un periodo non superiore a 3 anni dall’invio, ovvero il diverso periodo massimo indicato dall’Autorità Garante per la protezione dei dati personali.
Al fine di gestire eventuali contestazioni o contenziosi, e comunque per l’accertamento, l’esercizio o la difesa di un diritto in sede giudiziaria, i Dati personali potranno essere conservati per un ulteriore periodo, pari a quello di prescrizione del diritto medesimo.

9. Modalità di rilascio dell’informativa e sue successive modifiche.

La presente informativa è resa esclusivamente con riferimento al Sito web e non anche con riguardo altri siti web eventualmente consultati dall’Utente tramite link o ai quali si accede mediante social button presenti sul Sito web, rispetto ai quali il Titolare non assume alcuna responsabilità.
Qualsiasi modifica o aggiornamento alla presente informativa sarà disponibile per gli Utenti nella apposita sezione del Sito web e si applicherà a far data dalla relativa pubblicazione. Qualora l’Interessato non intenda accettare le eventuali modifiche, potrà interrompere l’utilizzo del Sito web. Si invitano, pertanto, gli Interessati a consultare periodicamente la predetta sezione.

10. Diritti dell’Interessato e modalità di esercizio.

L’Interessato, in ogni momento, potrà esercitare i diritti riconosciutigli dal GDPR (i “Diritti dell’Interessato”), ed in particolare:

  • Art. 15 – Diritto di accesso dell’interessato: l’Interessato ha il diritto di accedere ai propri dati e ai relativi Trattamenti. Tale diritto si sostanza nella possibilità di ottenere la conferma se sia o meno in corso un Trattamento dei propri Dati personali, ovvero nella possibilità di richiedere e ricevere una copia dei dati oggetto di trattamento;
  • Art. 16 – Diritto di rettifica: l’Interessato ha il diritto di ottenere dal Titolare la rettifica dei Dati personali inesatti che lo riguardano senza ingiustificato ritardo. Tenuto conto delle Finalità, l’Interessato ha il diritto di ottenere l’integrazione dei Dati personali incompleti, anche fornendo una dichiarazione integrativa;
  • Art. 17 – Diritto alla cancellazione («diritto all’oblio»): l’Interessato ha il diritto di richiedere al Titolare che siano cancellati e non più sottoposti a Trattamento i Dati personali che lo riguardano e in alcuni casi, ove ve ne siano gli estremi, di ottenere la cancellazione senza ingiustificato ritardo quando è esaurita la finalità del Trattamento, è stato revocato il consenso, è stata fatta opposizione al Trattamento o quando il Trattamento dei suoi Dati personali non sia altrimenti conforme al GDPR;
  • Art. 18 – Diritto di limitazione di trattamento: l’Interessato ha il diritto di limitare il Trattamento dei propri Dati personali in caso di inesattezze, di contestazione o come misura alternativa alla cancellazione;
  • Art. 20 – Diritto alla portabilità dei dati: l’Interessato, ad eccezione dell’ipotesi in cui i dati siano archiviati mediante trattamenti non automatizzati (es. in formato cartaceo), ha il diritto di ricevere in un formato strutturato, di uso comune e leggibile da dispositivo automatico i Dati personali che lo riguardano, ove si faccia riferimento a dati forniti direttamente dall’Interessato, con espresso consenso o sulla base di un contratto, e di richiedere che gli stessi siano trasmessi a un altro titolare del trattamento, se tecnicamente fattibile;
  • Art. 21 – Diritto di opposizione: l’Interessato ha il diritto di opporsi in qualsiasi momento, per motivi connessi alla sua situazione particolare, al Trattamento dei Dati personali che lo riguardano.

L’Interessato ove voglia esercitare uno dei diritti sopra elencati dovrà rivolgere la sua richiesta direttamente al Titolare ai recapiti sopra indicati, salvo il diritto di proporre reclamo da inviarsi all’Autorità Garante o di presentare ricorso avanti all’Autorità Giudiziaria competente.
Il termine per la risposta all’Interessato da parte del Titolare è, per tutti i diritti (compreso il diritto di accesso) ed anche in caso di diniego, 1 mese, estendibile fino a 3 mesi in casi di particolare complessità.
Trova, comunque, applicazione l’art. 12 GDPR.

11. Minori.

Il Titolare non tratta Dati personali relativi ai minori d’età. L’Utente, accedendo al Sito web ed usufruendo dei servizi, dichiara di avere compiuto la maggiore età.

12. Revoca del consenso.

Nei casi in cui il Trattamento debba avvenire solo a seguito di consenso dell’Interessato e quest’ultimo lo abbia fornito, egli ha il diritto di revocare il consenso prestato in qualsiasi momento mediante invio di richiesta scritta al Titolare ai recapiti sopra indicati.
La revoca del consenso non pregiudica la liceità del trattamento basata sul consenso prestato prima della revoca.

13. Diritto di opposizione

L’Interessato ha il diritto di opporsi in qualsiasi momento al Trattamento dei Dati personali per finalità di marketing diretto, compresa la profilazione nella misura in cui sia connessa a tale marketing diretto, mediante semplice richiesta scritta ai recapiti sopra indicati.

14. Cookies

INFORMAZIONI RACCOLTE AUTOMATICAMENTE DAL SITO – COOKIES

Informazioni raccolte automaticamente

Come tutti i siti web anche il nostro Sito fa uso di log files, nei quali vengono conservate informazioni raccolte in maniera automatizzata durante le Tue visite. I sistemi informatici e le procedure software preposte al funzionamento del Sito, infatti, acquisiscono automaticamente durante l’utilizzo alcune informazioni, la cui trasmissione è implicita nell’uso dei protocolli di comunicazione di Internet.

Le informazioni raccolte sono le seguenti:

  • indirizzo Internet Protocol (IP) o il nome a dominio del dispositivo da Te utilizzato;
  • tipo di browser e parametri del dispositivo usato per connettersi al Sito;
  • gli indirizzi in notazione URI (Uniform Resource Identifier) delle risorse richieste o il metodo utilizzato nel sottoporre la richiesta al server;
  • nome dell’internet service provider (ISP);
  • data e orario di visita;
  • pagina web di provenienza (referral) e di uscita dell’Utente;
  • eventualmente il numero di click;
  • la dimensione del file ottenuto in risposta;
  • il codice numerico indicante lo stato della risposta data dal server (buon fine, errore, ecc.);
  • altri parametri relativi al sistema operativo e all’ambiente informatico del Tuo dispositivo.

Tali informazioni sono trattate in forma automatizzata e raccolte esclusivamente in forma aggregata al fine di verificare il corretto funzionamento del Sito.

Cookies

Nel Sito vengono utilizzati cookies.

COSA SONO I COOKIES

I cookies sono files di testo registrati su supporto informatico, che permettono di registrare alcuni parametri e dati comunicati al sistema informatico, attraverso il browser da Te utilizzato. Tali strumenti consentono pertanto un’analisi delle Tue abitudini nell’utilizzo del Sito, per differenti finalità: esecuzione di autenticazioni informatiche, monitoraggio di sessioni, memorizzazione di informazioni su specifiche configurazioni riguardanti gli utenti che accedono al server, memorizzazione delle preferenze, ecc.

I cookies si distinguono in:

  • Cookies tecnici: servono ad effettuare la navigazione o a fornire un servizio da Te richiesto. Senza il ricorso a tali cookies, alcune operazioni non potrebbero essere compiute o sarebbero più complesse e/o meno sicure.
  • Cookies di profilazione: sono utilizzati per tracciare la Tua navigazione e creare dei profili sui Tuoi gusti, abitudini, scelte, ecc. In questo modo possono essere trasmessi al tuo devicemessaggi pubblicitari in linea con le Tue preferenze già manifestate nella precedente navigazione online.

Per l’installazione dei Cookies tecnici non è richiesto il Tuo consenso. Per l’installazione dei Cookies di profilazione è richiesto il Tuo consenso: nel caso in cui non desideri che il Tuo device riceva e memorizzi i Cookies di profilazione, puoi modificare le impostazioni di sicurezza del Tuo browser. Di seguito si riportano brevi istruzioni su come effettuare questa operazione nei quattro browser più diffusi:

  • Microsoft Internet Explorer: cliccare l’icona “Strumenti” nell’angolo in alto a destra e selezionare “Opzioni Internet”. Nella finestra pop up selezionare “Privacy”. Qui potrai regolare le impostazioni dei cookies.
  • Google Chrome: cliccare la chiave inglese nell’angolo in alto a destra e selezionare “Impostazioni”. A questo punto selezionare “Mostra impostazioni avanzate” e cambiare le impostazioni della “Privacy”.
  • Mozilla Firefox: dal menu a tendina nell’angolo in alto a sinistra selezionare “Opzioni”. Nella finestra di pop up selezionare “Privacy”. Qui potrai regolare le impostazioni dei cookies.
  • Safari: dal menu di impostazione a tendina nell’angolo in alto a destra selezionare “Preferenze”. Selezionare “Sicurezza” e qui potrai regolare le impostazioni dei cookies.

Si precisa, tuttavia, che disattivando l’utilizzo dei Cookies di profilazione non potrai usufruire appieno di alcune funzioni del Sito.

Visitors

 

Information for visitorsconcerning the protection of personal data.
Pursuant to art. 13 of eu regulation 2016/679

 

Dear Visitor,

in compliance with the provisions of art. 13 of EU Regulation 2016/679 (the “GDPR”) and in application of the principles set by the GDPR itself, we inform you that in order to access the premises of our company it is necessary that each visitor (the “Data Subject”) is identified and registered through the display of a valid identity document and after signing a consent to the registration of the requested data (the “Personal Data”). We hereby provide you with this information notice in order to make you aware of the characteristics and methods of processing (the “Processing”), for our part, of Personal Data

1. Data Controller (the “Data Controller”).

The Data Controller responsible for processing the personal data is Pelletterie Bianchi e Nardi S.p.A. (with Tax Code and VAT number 00385830484), having its registered office in Scandicci (FI), Via delle Fonti no. 2, and email info@bianchienardi.it, in the person of its legal representative pro tempore, Mr Gabriele Bianchi (hereinafter referred to as the “Data Controller”). Any communications about processing, also pursuant to the following articles, must be sent by you and/or by the data subject, by registered letter with a return receipt, registered PEC or e-mail to the addresses indicated above.

2. Purpose of the Processing (the “Purposes”) and legal basis.

Personal Data collected from the Data Subject (article 13 GDPR) or not (article 14 GDPR), will be used exclusively for the purpose of:
protecting the safety of the premises and of the persons present in them;
controlling and protecting the information related to the activity carried out within our premises and guaranteeing the protection of personal data of third parties;
fulfilling the pre-contractual and contractual obligations relating to you;
fulfilling and demanding the fulfilment of specific obligations deriving from laws and regulations.
The legal basis of the Processing consists of:
the need for us to execute a contract of which the data subject is a party or pre-contractual measures adopted at their request; our need to fulfil a legal obligation

3. Mandatory/voluntary provision of Personal Data.

The communication of your Personal Data is optional, but necessary, as any refusal to release, as well as the incorrect communication of these data and/or failure to show your identity document, makes it impossible for the Data Subject to access our premises.

For the same reasons, as well as for the purpose of a correct management of the existing relationship, we also ask you to inform us of any changes to the Personal Data already collected, as soon as they have occurred.

4. Disclosure of Personal Data.

Personal Data are processed internally by persons who are authorised to process the data (the “Au-thorised Parties”), under the responsibility of the Data Controller for the Purposes indicated above.
Personal Data may be disclosed to external personnel, who are responsible for the completion of instrumental and/or accessory functions in the performance of our business activities, who will process said data on our behalf. These people will be appointed by us as External Managers of the Processing (the “External Managers”), in accordance with the provisions of art. 28 GDPR. An updated list of External Managers is available at the registered office of the Data Controller, and will be provided to the Data Subject on written request to the aforementioned addresses.
Apart from the aforementioned cases, the Personal Data may also be disclosed to further recipients and/or categories of recipients (the “Recipients” and the “Categories of Recipients”), only for the performance of activities related to the pre-contractual and/or contractual relationship between us and/or to fulfill legal obligations and/or orders of the Authorities, and always in compliance with the guarantees provided by the GDPR and the guidelines of the Italian Authority, as well as by the Commission established in compliance with the aforementioned GDPR.
Without prejudice to the foregoing, Personal Data will in no case be disclosed and/or communicated to third parties, unless specifically agreed by the Data Subject and in any case always only when necessary for the fulfilment of the Purposes.

5. Processing of “particular categories of personal data” and “personal data relating to criminal
convictions and offences”.

If, as part of the Processing, the owner becomes aware of Personal Data relating:
(i) to “particular categories” pursuant to art. 9 GDPR (or those “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”), said data will be processed, always exclusively for the Purposes indicated, only with the prior consent of the Data Subject or, in any case, if the Processing is necessary to fulfil the obligations and exercise the specific rights of the Data Controller or the Data Subject with regard to work and social security and social protection, to the extent that it is authorised by European Union law or by the Member States or by a collective agreement under the law of the Member States, in the presence of appropriate guarantees for the fundamental rights and interests of the Data Subject;
(ii) to “criminal convictions and offences or related security measures” pursuant to art. 10 GDPR, the Processing will take place only under the control of the Public Authority or if the Processing is authorized by the law of the European Union or of the Member States which provides appropriate guarantees for the rights and freedoms of the Data Subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.

6. Processing methods.

Processing is carried out with the aid of electronic and/or paper instruments and, in any case, adopting procedures and organisational and IT measures suitable to protect their security, confidentiality, relevance and non-excess.

7. Territorial scope.

Personal Data will be processed within the territory of the European Union.
If, for technical and/or operational reasons, it is necessary to use entities located outside said territory, they will be appointed as External Managers and the transfer of Personal Data to them, limited to the performance of specific processing activities, will be regulated in compliance with the provisions of the GDPR, taking all the necessary precautions to ensure total protection of Personal Data and basing this transfer on the assessment of appropriate guarantees (including, for example, decisions on the adequacy of Third Country Recipients expressed by the European Commission, adequate guarantees expressed by the third party recipient pursuant to Article 46 of the GDPR, etc.).
In any case, the Data Subject may request more details from the Data Controller if the Personal Da-ta have been processed outside the European Union, requesting evidence of the specific guarantees adopted.

8. Retention period.

Personal Data will be kept by the Data Controller for the period strictly necessary for the pursuit of the Purposes and in any case within the maximum term of 1 year, without prejudice to the hypothesis in which they are necessary for the establishment of pre-contractual and/or contractual relationships, in which case said Personal Data will be retained until the termination of said relationships or for the further retention period that may be imposed by law.
With regard to the CVs spontaneously transmitted, they will be kept for a period not exceeding 3 years from the sending, or the different maximum period indicated by the Authority for the protection of personal data.
To handle any disputes or contentions, and in any case for the assessment, exercise or defence of a legal case in a court, the Personal Data may be kept for a further period, equal to that of the statute of limitations.

9. Methods of issuing information.

The Data Controller specifies to proceed with the release of the information to the data controller, by posting it on its premises.

It is, however, the case that this is available on our company website or will be sent by simple written request to the addresses indicated above.

10. Rights of the Data Subject and methods of operation.

The Data Subject can, at any time, exercise the rights recognised by the GDPR (the “Rights of the Data Subject”), and in particular:
Art. 15 – Right to access of the Data Subject: the Data Subject has the right to access their data and the related Processes. This right is substantiated by the possibility of obtaining confirmation of whether or not a Personal Data Processing is being performed, or the possibility of requesting and receiving a copy of the data being processed;
Art. 16 – Right to rectification: the Data Subject has the right to have inaccurate personal data concerning them rectified by the Data Controller without undue delay. Taking into account the Purposes of the processing, the Data Subject will have the right to have incomplete Personal Data made complete, by providing a supplementary statement.
Art. 17 – Right to deletion (“right to be forgotten”): the Data Subject has the right to ask the Data Controller to delete Personal Data about them, and in some cases, where there is an end, to have them deleted without unjustified delay when the purpose of the Processing has expired, or when consent has been revoked, opposition has been made to them being processed or where the Processing of their Personal Data is not otherwise compliant with the GDPR;
Art. 18 – Right to limit processing: the Data Subject has the right to limit the Processing of their Personal Data where there are inaccuracies or disputes, or as an alternative measure to having them deleted;
Art. 20 – Right to data portability: the Data Subject, with the exception of situations in which the data are archived by means of non-automated processing (e.g. in paper format), has the right to receive Personal Data in a structured format, that is commonly used and can be read using an automatic device, when the data refers to them, where reference is made to data supplied directly by the Data Subject, with express consent or on a contractual basis, and to request that these data be transmitted to another data controller, if technically feasible;
Art. 21 – Right to object: the Data Subject has the right to object, at any time, for reasons related to their particular situation, to the Processing of Personal Data concerning them.
If the Data Subject wants to exercise one of the rights listed above, they must address the request directly to the Data Controller at the addresses indicated above, apart from the right to lodge a complaint, which should be sent to the Guarantor Authority or by filing an appeal before the competent Court Authority.

The period for replying to the Data Subject by the Controller is, for all of the rights (including the right of access) and also in case of denial, 1 month, extendable up to 3 months in cases of particular complexity.

In any event, by applying art. 12 GDPR.

11. Withdrawal of consent.

In cases where Processing should only take place after the consent of the Data Subject, and where the latter has provided it, they have the right to revoke the consent they have given at any time, by sending a written request to the Controller at the addresses indicated above.
The withdrawal of consent will not affect the lawfulness of any processing based on that consent before it was withdrawn.

Effective from 25/05/2018

Providers

 

Information for suppliers concerning the protection of personal data.
Pursuant to art. 13 of eu regulation 2016/679

 

Dear Suppliers,
in compliance with the provisions of art. 13 of EU Regulation 2016/679 (the “GDPR”) and in application of the principles set by the GDPR itself, we transmit this information in order to make you aware of the characteristics and methods of processing (the “Processing”), on our part, of any information you have provided us with regard to the relationships established between us and/or in the process of being established which concern a natural person (the “Data Subject”) who is identified or identifiable (the “Personal Data”), expressly including your employees and collaborators . In accordance with art. 4.1. of the GDPR, “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, loca-tion data, an online identifier or to one or more factors specific to the physical, physiological, ge-netic, mental, economic, cultural or social identity of that natural person”.

1. Data Controller (the “Controller”).

The Data Controller responsible for processing the personal data is Pelletterie Bianchi e Nardi S.p.A. (with Tax Code and VAT number 00385830484), having its registered office in Scandicci (FI), Via delle Fonti no. 2, and email info@bianchienardi.it, in the person of its legal representative pro tempore, Mr Gabriele Bianchi (hereinafter referred to as the “Data Controller”). Any communications about processing, also pursuant to the following articles, must be sent by you and/or by the data subject, by registered letter with a return receipt, registered PEC or e-mail to the addresses indicated above.

2. Purpose of the Processing (the “Purposes”) and legal basis

Personal Data collected from the Data Subject (article 13 GDPR) or not (article 14 GDPR), will be used exclusively for the purpose of:
fulfilling the pre-contractual and contractual obligations relating to you; fulfilling and demanding the fulfilment of specific obligations deriving from laws and regula-tions.
The legal basis of the Processing consists of:
the need for us to execute a contract of which the Data Subject is a party or pre-contractual measures adopted at their request; our need to fulfil a legal obligation;
the legitimate interest of the Controller (Article 6 letter f) GDPR);

3. Mandatory/voluntary provision of Personal Data.

The communication on your part of Personal Data is optional, but necessary, since any refusal to release them, as well as the incorrect communication of the same data, makes it impossible for the Controller to establish the relationship or to implement the various purposes for which Personal Data are collected.

For the same reasons, as well as for the purpose of a correct management of the existing relationship, we also ask you to inform us of any changes to the Personal Data already collected, as soon as they have occurred.

4. Communication of Personal Data.

Personal Data are processed internally by persons who are authorised to process the data (the “Au-thorised Parties”), under the responsibility of the Data Controller for the purposes indicated above.
Personal data may be disclosed to external personnel, who are responsible for the completion of instrumental and/or accessory functions in the performance of our business activities, who will process said data on our behalf. These people will be appointed by us as External Managers of the Processing (the “External Managers”), in accordance with the provisions of art. 28 GDPR. An updated list of External Managers is available at the registered office of the Data Controller, and
will be provided to the Data Subject on written request to the aforementioned addresses.

Apart from the aforementioned cases, the Personal Data may also be disclosed to further recipients and/or categories of recipients (the “Recipients” and the “Categories of Recipients”), only for the performance of activities related to the pre-contractual and/or contractual relationship be-tween us and/or to fulfill legal obligations and/or orders of the Authorities, and always in compliance with the guarantees provided by the GDPR and the guidelines of the Italian Authority, as well as by the Commission established in compliance with the aforementioned GDPR.

Without prejudice to the foregoing, Personal Data will in no case be disclosed and/or communicated to third parties, unless specifically agreed by the Data Subject and in any case always only when necessary for the fulfillment of the Purposes.

5. Processing of “particular categories of personal data” and “personal data relating to criminal convictions and offenses”.

If, as part of the processing, the owner becomes aware of Personal Data relating:
(i) to “particular categories” pursuant to art. 9 GDPR (or those “revealing racial or ethnic origin, polit-ical opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data con-cerning health or data concerning a natural person’s sex life or sexual orientation”), said data will be processed, always exclusively for the purposes indicated, only with the prior consent of the Data Subject or, in any case, when the processing is necessary to fulfil the obligations and exercise the specific rights of the Data Controller or the Data Subject with regard to work and social security and social protection, to the extent that it is authorised by European Union law or by the Member States or by a collective agreement under the law of the Member States, in the presence of ap-propriate guarantees for fundamental rights and interests of the Data Subject; (ii) to “criminal convictions and offences or related security measures” pursuant to art. 10 GDPR, the Processing will take place only under the control of the Public Authority or if the Processing is au-thorised by the law of the European Union or of the Member States which provides appropriate guarantees for the rights and freedoms of the Data Subjects. Any comprehensive register of criminal convictions will only be kept under the control of the Public Authority.

6. Processing Methods.

The Processing is performed with the aid of electronic and/or paper tools and, in all cases, by adopting procedures, organisational and IT measures suitable to protect the security, confidentiality, relevance and non-excessiveness of the data.

7. Territorial scope.

The Personal Data will be processed within the territories of the European Union. If, for technical and/or operational reasons, it is necessary to use entities located outside of this territory, they will be appointed as External Managers, and transfers of Personal Data to them, limited to performing specific Processing activities, will be regulated in compliance with the provisions of the GDPR, with all the necessary precautions taken to ensure total protection of the personal data and by basing this transfer on an evaluation of appropriate guarantees (including, for example, deci-sions about the adequacy of Third Country Recipients expressed by the European Commission, ad-equate guarantees expressed by the third party recipient pursuant to Article 46 of the GDPR, etc.).
In all cases, the Data Subject may request more details from the Data Controller if Personal Data have been processed outside the European Union, and ask for evidence of the specific guarantees adopted.

8. Retention period.

The Personal Data will be retained by the Controller for the period strictly necessary for pursuing the Purposes, and in particular, until the termination of preontractual and contractual relations between us, subject to a further retention period that may be imposed by law.
Personal Data will be kept for a further period if there is a need to manage any objections or disputes, and in any case for the assessment, exercise or defence of a right in court.

9. Methods of issuing information.

In compliance with the principle of proportionality, in view of the evident difficulty, and the excessive burden for the Controller to deal with issuing this information directly to every Data Subject who collaborates or performs activities for your benefit, including your employees and collaborators, we invite you to send this information to the parties involved and, in any event, to inform them that it is available on our company website or that it can be sent by making a written request to the ad-dresses indicated above.

10. Rights of the Data Subject and methods of operation.

 

The Data Subject can, at any time, exercise the rights recognised by the GDPR (the “Rights of the Data Subject”), and in particular:
Art. 15 – Right to access of the Data Subject: the Data Subject has the right to access their data and the related Processing. This right is substantiated by the possibility of obtaining confirmation of whether or not a Personal Data Processing is being performed, or the possibility of requesting and receiving a copy of the data being processed;
Art. 16 – Right to rectification: the Data Subject has the right to have inaccurate Personal Data concerning them rectified by the Data Controller without undue delay. Taking into account the Purposes of the Processing, the Data Subject will have the right to have incomplete Personal Data made complete, by providing a supplementary statement.
Art. 17 – Right to deletion (“right to be forgotten”): the Data Subject has the right to ask the Data Controller to delete Personal Data about them, and in some cases, where there is an end, to have them deleted without unjustified delay when the purpose of the Processing has expired, or when consent has been revoked, opposition has been made to them being processed or where the Processing of their Personal Data is not otherwise compliant with the GDPR;
Art. 18 – Right to limit processing: the Data Subject has the right to limit the processing of their Personal Data where there are inaccuracies or disputes, or as an alternative measure to having them deleted;
Art. 20 – Right to data portability: the Data Subject, with the exception of situations in which the data are archived by means of non-automated processing (e.g. in paper format), has the right to receive Personal Data in a structured format, that is commonly used and can be read using an automatic device, when the data refer to them, where reference is made to data supplied directly by the Data Subject, with express consent or on a contractual basis, and to request that these data be transmitted to another data controller, if technically feasible;
Art. 21 – the Data Subject has the right to object, at any time, for reasons related to their particular situation, to the processing of Personal Data concerning them.
If the Data Subject wants to exercise one of the rights listed above, they must address the request directly to the Data Controller at the addresses indicated above, apart from the right to lodge a complaint, which should be sent to the Guarantor Authority or by filing an appeal before the competent Court Authority.

The period for replying to the Data Subject by the Controller is, for all of the rights (including the right of access) and also in case of denial, 1 month, extendable up to 3 months in cases of particular complexity.

In any event, by applying art. 12 GDPR.

11. Withdrawal of consent.
In cases where Processing should only take place after the consent of the Data Subject, and where the latter has provided it, they have the right to revoke the consent they have given at any time, by sending a written request to the Controller at the addresses indicated above.
The withdrawal of consent will not affect the lawfulness of any processing based on that consent before it was withdrawn.

Effective from 25/05/2018

 

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. By using the site, you accept the use of cookies on our part. maggiori informazioni / find out more

Questo sito utilizza i cookie per fornire la migliore esperienza di navigazione possibile. Continuando a utilizzare questo sito senza modificare le impostazioni dei cookie o cliccando su "Accetta" permetti il loro utilizzo.

Chiudi