Pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, related to the protection of individuals with regard to the processing of personal data (in short “GDPR”).
LAB Firenze srl (hereafter “LAB”), in the person of its legal representative
Co-owner of the personal data collected directly from the interested party, they provide you with this information pursuant to article 13, GDPR (in short, “Information”).
In any case, the logical and physical security of the data and, in general, the confidentiality of the data will be guaranteed processed personal, implementing all necessary technical and organizational measures adequate to ensure their safety.
A) Holder
Lorenzo Massacesi legal representative Lab Firenze S.r.l.
registered office in Florence (50123 – FI),
Via Garibaldi 15,
Tax Code and VAT number 06914160483
Tel +39 3713362514 – mail – info@labfirenze.it
B) Purpose of the processing for which the personal data are intended and relative legal basis
Your personal data will be processed:
(1) without obligation of consent for the following purposes: management of orders, purchases, sales and deliveries of products and related monitoring, customer service management, payment management, returns and repairs management, customer contact management, coupons and discounts management; • administrative-accounting management and related obligations (issue of receipts, invoices, preparation of payments) possible protection of credit positions and defense in court;
a) internal statistics, analysis and business economic management, as well as, in relation to contact data
provided in the contract, sending advertising of similar products with the possibility of immediate cancellation on request; The above treatments respond respectively to the following legal bases:
b) fulfillment of a contract or pre-contractual measures, satisfaction of a request of the interested party – condition of lawfulness article 6, letter b) GDPR;
c) legal obligation to which the Data Controller is subject – condition of lawfulness article 6, letter c) GDPR – or for the assessment, exercise or defense of a right in court;
d) pursuit of a legitimate interest of the Data Controller – the condition of lawfulness article 6, letter f) GDPR
– relating to the improvement of company operations and market surveys, to improvement
of the services provided to its customers, direct marketing, and customer loyalty.
The provision of data, marked in the form with (*), for the purposes referred to in the previous section
(1) it is mandatory and the lack of data and/or any express refusal to process will result
the impossibility for the Data Controller to execute the contract or pre-contractual measures, to fulfillment
of the obligation with possible non-fulfillment and responsibility of the interested party also with sanctions contemplated from the legal system.
(2) with your consent (article 7, GDPR), for the following purposes:
a) various types of marketing activities, including the promotion of products and services, the distribution of posters and information and promotional material on paper and/or digital, sending e-mail newsletters and commercial communications, invitations;
b) various types of profiling activities, including behavior analysis for promotional purposes, the
creation of lists for promotional, commercial communication and newsletter sending purposes,
the development of profiles for the provision of targeted and personalized services for the customer’s needs. the provision of data for the purposes referred to in the previous section (2) is optional, with the consequence that you can decide not to give your consent, or to revoke it at any time. For such treatments automated processes are used through the use of software that provides in any case human decision-making aimed at avoiding unwanted consequences for the data subject, always and in any case limited to the receipt of communications by the Data Controller.
C) Categories of recipients of personal data
For the purposes referred to in the previous paragraph, the personal data you provide may be communicated or made accessible:
1. to employees and collaborators of the Data Controller, in their capacity as authorized personnel for data processing (or so-called “processors”);
2. to third parties who carry out outsourcing activities on behalf of the Data Controller, in their capacity as Data Processors, including:
-suppliers of services for the management of the information system and telecommunications networks and the company in charge of management for e-commerce, suppliers of management services the archiving of paper and / or computerized documentation, service providers for management of customer support activities, including through websites (e.g. call centers, help desks, etc.), service providers for the management of commercial communication activities;
– free professionals, studies or companies in the context of assistance and consultancy relationships, also for the control of corporate organizational management;
– banks and credit and insurance institutions for carrying out economic (payments / collections) and insurance activities;
– subjects who carry out control, revision and certification of the activities carried out in place by LAB in
the interest of customers;
3. to judicial or supervisory authorities, administrations, public bodies and bodies (national and foreign);
D) Storage and transfer of personal data abroad
The management and storage of personal data takes place in the cloud and on servers located within and outside the European Union owned and / or in the availability of the Owner and / or third party companies appointed, duly appointed as Data Processors.
Chapter V, GDPR (article 46). Your personal data will not be disclosed.
E) Period of retention of personal data
Personal data collected for the purposes indicated in the previous paragraph (B), section (1) will be processed and kept for the duration of any contractual relationship established. From the date of termination of this relationship, for any reason or cause, the data will be kept for the duration of the prescription periods applicable pursuant to law, or 10 years. Personal data collected for the purposes indicated in the previous paragraph (B), section (2) will be processed and stored for the time necessary to fulfill these purposes and in any case for a period not exceeding 24 months for marketing and 12 months for profiling from the date on which we receive your consent. After this retention period, the data will be destroyed or made anonymous.
F) Exercisable rights
In accordance with the provisions of Chapter III, Section I, GDPR, you can exercise by simply sending
of a request by e-mail to customerservice@labfirenze.it the rights indicated therein and in particular:
Right of access – Obtain confirmation that personal data is being processed or not Concern you and, in this case, receive information relating, in particular, to: purposes of the processing, categories of personal data processed and retention period, recipients to whom they may be releases (article 15, GDPR),
Right of rectification – Obtain, without undue delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (article 16, GDPR),
Right to erasure – Obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for by the GDPR (article 17, GDPR),
Right of limitation – Obtain the limitation of the treatment, in the cases provided for by the GDPR
(article18, GDPR)
Right to portability – Receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you, as well as obtaining that they are transmitted toanother holder without impediments, in the cases provided for by the GDPR (article 20, GDPR)
Right to object – object to the processing of personal data concerning you, except that there are legitimate reasons for the Data Controller to continue processing (Article 21, GDPR)
Right to lodge a complaint with the supervisory authority – Propose a complaint to the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Roma (RM).