1. Data Controller
The Data Controller is Di Cecca S.r.l., with registered office at Via Atratina 80, 04024 Gaeta (LT), Italy.
- VAT no.: 02193350598
- R.E.A. (Economic and Administrative Index) no.: LT153000
- Email for privacy-related requests: info@diceccasrl.it
The Controller has not appointed a Data Protection Officer (DPO), as it is not required to do so under Article 37 GDPR. For any matter relating to the processing of personal data, the Controller may be contacted at the email address indicated above.
2. Personal data processed
Through the contact form on the website, we collect the data that the user voluntarily provides by completing the form fields, in particular:
- full name;
- company (where applicable);
- email address;
- telephone number;
- the content of the enquiry (free text) and any other personal data the user may include in the message.
Users are asked not to enter, in the enquiry field, any data falling within special categories of personal data (Article 9 GDPR, e.g. health data) or any third-party data, save where necessary and provided that the data subjects concerned have been duly informed.
3. Purposes and legal basis of the processing
| Purpose | Legal basis |
|---|---|
| To respond to enquiries submitted through the form, provide quotations and information about our services, and contact the user back | Performance of pre-contractual measures taken at the data subject's request (Article 6(1)(b) GDPR) and/or the data subject's consent (Article 6(1)(a) GDPR) given by ticking the box in the form |
| To comply with legal obligations connected with the enquiry | Legal obligation (Article 6(1)(c) GDPR) |
| To establish, exercise or defend a legal claim | Legitimate interest of the Controller (Article 6(1)(f) GDPR) |
4. Nature of the provision of data
Provision of the data marked as mandatory in the form is necessary in order to act upon the enquiry. Failure to provide such data makes it impossible for the Controller to contact the user back and to handle the enquiry. Provision of optional data (e.g. company, telephone) is voluntary and serves solely to facilitate communications.
5. Methods of processing
The data are processed by electronic and/or paper-based means, in compliance with the principles of lawfulness, fairness, transparency, data minimisation and storage limitation. The Controller adopts appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in order to prevent loss, unlawful or incorrect use of, and unauthorised access to, the data.
6. Recipients of the data
The data may be processed by the Controller's authorised personnel, duly instructed.
The data may also be disclosed to third parties carrying out instrumental activities on the Controller's behalf, appointed as Data Processors pursuant to Article 28 GDPR, including by way of example:
- the provider of website hosting and management services;
- the email services provider;
- any IT service and technical support providers.
The data may be disclosed to public authorities and supervisory bodies where required by law. The data are not subject to dissemination.
7. Transfers of data to third countries
The data are generally processed within the European Union. Where certain providers entail a transfer of data to third countries, the Controller ensures that such transfer takes place subject to appropriate safeguards under Chapter V GDPR (e.g. an adequacy decision of the European Commission or Standard Contractual Clauses).
8. Retention period
Data collected through the contact form are retained for the time strictly necessary to handle the enquiry and, in any event, for a period not exceeding 12 months from the last contact, save for any longer period required by legal obligations or by the need to establish, exercise or defend a legal claim.
9. Rights of the data subject
As a data subject, the user may exercise at any time, by writing to info@diceccasrl.it, the rights set out in Articles 15 to 22 GDPR, namely:
- the right of access to their data;
- the right to rectification;
- the right to erasure ("right to be forgotten");
- the right to restriction of processing;
- the right to data portability;
- the right to object to the processing;
- the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal.
10. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing of their data infringes the GDPR has the right to lodge a complaint with the supervisory authority, namely the Italian Data Protection Authority (Garante per la protezione dei dati personali, www.garanteprivacy.it).
11. Automated decision-making
The Controller does not carry out any automated decision-making, including profiling, within the meaning of Article 22 GDPR.
12. Changes to this policy
The Controller reserves the right to amend or update this privacy policy, including as a result of legislative changes. Updated versions will be published on this page, stating the date of the latest update.
For information on the use of cookies, please refer to the website's Cookie Policy.
← Back to home