ARTICLES 13-14 OF THE EUROPEAN REGULATION N. 679/2016
LORA S.R.L. , based in Via Marco Corner, 19/21 – 36016 – Thiene (VI) – Italy, C.F. and VAT
registration number 04024700249, in its capacity of controller, informs you that your personal data
will be processed according to articles 13-14 of the European Regulation n. 679/2016 (EU
Regulation), as follows:
PROCESSED DATA
The controller informs you that your personal data, also called simply “data” (for example name,
surname, address, telephone number, email, bank details, etc.), that have been collected directly,
verbally or through third parties, will be processed in compliance with the EU Regulation. The
controller processes your data fairly and lawfully for the performance of contracts or the
implementation of precontractual measures (for example an offer elaboration, etc.) that you may
have requested (art.6 EU Regulation). “Data processing” means any activity regarding the collection,
registration, organisation, conservation, consultation, elaboration, modification, selection,
extraction, comparison, use, interconnection, block, transmission, spread, deletion, of data.
LEGAL BASIS AND PURPOSES OF PROCESSING
Legal basis: EU Regulation n. 679/2016, your data can be processed
2A) without your express consent (art. 6, b), c), e) of EU Regulation), for the following purposes:
– fulfil the contractual, precontractual and fiscal obligations, under the deals between you and the
company;
– fulfil the obligations required by the law, regulations, Community legislation or by any order of
the Authorities (as when it comes to anti-money-laundering);
– exercise the rights of the controller, as for the right to defence in court;
– keep the accounts;
– management purposes (invoicing, document management, etc.);
– management of claims;
– statistical analysis and quality control;
– insurance management;
– technical assistance.
– general and service e-comunications
In particular, your data will be processed to fulfil the following duties, according to legal or
contractual obligations:
– technical and functional access to the site. No data will be kept after the closing the of Browser;
– Advanced navigation purposes or customized content management;
– Statistics and analysis purposes regarding navigation and users.
2B) Your personal data may also, prior your consent (art.7 EU Regualtion), be used for the following
marketing and Advertising purposes:
– sending advertisement or informative email, sms or mail about products or services offered by
the controller and/or about the collection of data regarding the level of Customer’s satisfaction on
the service provision.
– sending commercial communication and advertisement email, mail, sms or voice calls by third
parties (for example, business partners).
MEANS OF PROCESSING
The processing of your personal data is carried by following the procedures stated in art.4 n.2) of
the EU Regulation, regarding: the collection, registration, organisation, structure, storage,
adaptation or modification, extraction, consultation, use, communication, spread or any other
method of sharing, comparison or interconnection, limitation, deletion, block of data.
Your personal data are processed both manually and electronically/automatically (in any case in a
way suitable to grant the safety and privacy of your personal data).
CONSERVATION OF DATA AND OTHER INFORMATION
The Controller will process personal data for the time necessary to achieve the purposes
mentioned above, and in any case, data won’t be processed beyond the legal bounds. The
Personal data used for marketing and commercial purposes, will be kept respecting the principle
of proportionality and until the achievement of the processing purposes or until the customer’s
consent withdrawal. In particular, the data Controller will process data at the latest within 3 years
from when they are collected. The Personal data you provide, will be processed lawfully, fairly
and transparently, to guarantee your privacy and the respect of your rights.
DATA ACCESS
Your data can only be accessed to pursue the purposes mentioned above at 2.A) 2.B) by:
– partners, employees and people associated to the controller, both in Italy and abroad, in their
capacity as people in charge of and/or responsible for the data processing or the system
administration;
– third parties or other subjects who perform outsourcing operations on behalf of the Controller, in
their capacity of external responsible of the processing (as for example law firms, lawyers, data
elaboration societies, certified institutions, forensic accountants/tax advisor, and in general all the
authorities in charge of verify and control the correct implementation of the above-mentioned
commitments, credit institutions, consultants, insurance companies, financial offices, local
authorities, consultants and societies interested in the safety at the workplace. They can, in their
turn forward the data or allow their access to their partners, users and other successors in titles, for
market research purposes. Furthermore, the processed and collected data can be forwarded, both
in Italy and abroad, to subcontractors, suppliers, transport operators, customs agents and couriers).
For the sake of brevity, he full list of all the professional figures is available at your disposal in our
headquarter.
COMMUNICATION OF DATA
Without the necessity of an expressed consent, (art. 6, b)-c) of the EU regulation), the controller
can, for the purposes mentioned in point 2.A), forward your data to supervisory bodies, legal
authorities, insurance companies, as well as to those, to who the sharing of data is legally
mandatory, for the completion of the above-mentioned purposes.
Those subjects will process your data in quality of independent controllers.
During, and after browsing, your data may be forwarded to third parties, and specifically into the
cookies policy.
Your personal data won’t be disclosed in any way
DATA TRANSFER
Personal data are kept on devices located in the Controller headquarters or at providers within the
European Union. Anyway, when necessary the Controller can move the data even in extra-EU
countries, in accordance with legal requirements, after the contract terms approval and standard
verifications provided for by the European Commission.
The controller has implemented adequate technical and organisational measures to grant an
appropriate security level with due regard for what is stated in art. 32 of the EU Regulation, both for
the data stored in its devices and for data that may be collected by providers.
Navigation: your navigation data might be transferred, with regard to the abovementioned
purposes, in the following states: -EU countries, -The United States and others NOT EU countries
where servers have passing or archived data.
Cookie management: if you have any doubt about Cookies and their use, you can always block
them by modifying your browser privacy settings.
Since every browser, or different versions of the same browser, differ from each other, you will find
detailed information on the necessary procedure in your browser guide.
DATA PROVISION AND CONSEQUENCES FOR THE REFUSAL TO ANSWER
The provision of data for the purposes in 2.A) is mandatory. Without those data, we couldn’t grant
you the services stated in 2.A).
The provision of data for the purposes in 2.B) is optional. You can therefore decide, whether to
provide your data or not, or to block the access to your data at a later stage. In this case, you won’t
receive newsletter, commercial communications and advertisement from the Controller anymore.
Anyway, you will still have access to the services mentioned in 1.A).
RIGHTS OF THE DATA SUBJECT
In your role of data subject, you have the right under art.15 of the EU Regulation below, namely:
- You have the right to request information about the personal data the Controller holds on you at
any time, particularly about:
a) the purposes of the data processing;
b) the categories of personal data registered:
c) the subjects to which your personal data will be forwarded, especially if the addressee is in third-
counties or international organisations;
d) when possible, the period of time in which your personal data will be kept or, if not possible, the
criteria used to determine that period;
e) the existence of the right to request rectification of your personal data if the information is
incorrect, including the right to have your personal data erased. You also have the right to object to
the processing of your personal data or to limit it;
f) the right to file a complaint to any authority ( Personal Data Protection Authority );
g) all the information about the source of data, if they have not been provided by the user himself:
h) the existence of an automatic decision-making system, including profiling under art. 22,
paragraphs 1-4 of the EU Regulation and, at least in those situations, significant information about
the logistic methods, as well as the importance and the consequences of the processing for the
user.
2.if your personal data should be sent to a third country or an international organisation, you have
the right to be informed about the existence of adequate warranties under art.46 of the EU
Regulation concerning the transfer.
3.On your request, the Controller will provide you with a copy of your personal data processed.
In case you asked additional copies, the controller might charge you with a reasonable fee based
on administrative costs. If you make your request by electronic means, unless otherwise specified,
you will receive the information in electronic form. - the right to obtain a copy under paragraph 3, don’t have to adversely affect the rights or
freedoms of others.
Besides, where applicable, you can benefit from the rights under art. From 16 to 21 of the EU
Regulation, and you have:
– the right to correct your personal data;
– the right to erase your personal data;
– the right to restrict the data processing;
– the right of data portability;
– the right of opposition;
– the right to complain with the Competition authority.
In addition, you have the right to withdraw at any time your consent, without any prejudice to the
lawfulness of processing based on the consent you gave before the withdrawal.
PERSONAL DATA COLLECTED FROM OTHER SOURCES THAN THE DATA
SUBJECT
It may happen that the person writing is not the Controller to who you gave your personal data, but
is a controller’s partner or the external responsible for the processing, and that your data have been
transmitted to the writing person in a later moment, due to a contract that regulates parties. In this
case, the writing person will do everything in its power to make sure that you have been informed
and have given your consent to the processing. You can at any time ask the source of your data
acquisition.
THE CONTROLLER AND THE PEOPLE IN CHARGE
Here you will find some information you should be aware of, not only to comply with legal
obligations, but also because transparency and fairness towards whoever visits this website, is an
important aspect of our activity.
Controller. The controller of your personal data is LORA S.R.L. You can get in touch with
LORAPACK S.R.L. to ask any information or make your requests, at the following email
address: amministrazione@lorasrl.com
People in charge. The updated list of people in charge for the processing of your data, is kept in
the Controller’s headquarters.