Last update: 23/05/2018
Kimerik srl – Piazza Gramsci, 1/3 – 98066 – Patti (ME) – Italy, P.I. 02778870838 – is the Data treatment holder as owner and legal representative pursuant to art. 13 D.Lgs. 30.06.2003 n. 196 (later, Codice Privacy) and to art. 13 Regolamento UE n. 2016/679 (GDPR). The present privacy statement informs in which way we collect and use the personal data provided by you.
- Object of data protection
The personal data, provided by you, which can be collected and treated include identifiable data (such as name, surname, address, telephone numbers, e-mail addresses) and data concerning our business relationship and the way you contact Kimerik srl.
- Purpose of treatment
Your personal data are treated:
- A) without your declared consent (art. 24lett. a),b),c) Cod.Privacy and art. 6 lett. b), e) GDPR), for the following Service Purpose:
- to operate and maintain our Website;
- to process your contact requests;
- to process orders;
- to provide to requested services;
- to carry out promotional and distributional activities about books in our catalogue;
- to fulfil the obligations complying with a law, a regulation, a community normative or with an Authority’s request;
- to prevent or expose fraudulent activities or malicious activities harmful to the website;
- to exercise Kimerik srl’s rights, such as the right of defense for trial;
- B) only with your declared consent (artt. 23 e 130 Cod. Privacy and art. 7 GDPR) for the following Marketing Use:
to send you by e-mail, newsletter, commercial information and/or advertising material concerning products or services that Kimerik srl offers;
we inform you that if you are already customer of ours, we could deliver you commercial information concerning product from Kimerik srl similar to the ones you already used, unless your declared dissent (art. 130 c. 4 Cod. Privacy).
- Processing Methods
Your data are collected and recorded in a lawful and correct manner for the purposes indicated in compliance with the principles and requirements of art. 4 Codice Privacy and of art. 4 n. 2) GDPR.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Your personal data is processed both in hard copy and electronically and/or automatically through the use of a website hosted on the server managed by the company Aruba S.p.A. in Italy and through the use of software management of Kimerik srl, entirely made within the company.
The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Term and not longer than 2 years of their collection for other services.
- Security of collected information
The Data Controller uses the Hypertext transfer protocol secure (HTTPS).
- Access to data
The access to the personal data is limited for purposes as per art. 2.A) e 2.B):
for Owner’s employees and co-workers, in their role of internal people in charge for the treatment, and/or system administrators.
for third party companies or others (for information only, web site provider, cloud provider, e-payment service provider, providers, hardware and software service technicians, shippers and carriers, credit institutions, professional studios, etc.) that perform outsourcing activities on behalf of the Owner, in their capacity as data processors.
- Data communication
Without your declared consent (art. 24 lett. a),b),c) Cod. Privacy and art. 6 lett. b), e) GDPR), the personal data could be transferred (for purposes as per art. 2.A) to Supervisory Boards, Judicial Authorities as well as any entities they are legally required to disclose information for the pursuit of stated purposes. These subjects will deal the data in their quality as autonomous owners of the processing.
Your data will not be diffused.
- Transfer of personal data
The management and storage of personal data will take place on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to other non-EU countries. In this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by European Commission.
- Nature of the collection and consequences of the refusal to respond.
The provision of data for purposes as per art. 2.A) is mandatory. In their absence, we can not guarantee the services of the art. 2.A)
The provision of data for purposes as per art. 2.B) is optional. So, you can decide not to give any data or afterwards to deny the possibility to process the data already supplied: in this case, you cannot receive newsletters, commercial communications and advertising and/or anything else concerning the services offered by the Controller. However, you will continue to be entitled to the Services referred to in art. 2.A).
- Rights of the person concerned
You can exercise, at any time, the rights referred to in art. 7 Cod. Privacy and art. 15 GDPR and precisely the rights to:
obtain confirmation of the existence or not of any personal information relating to you and also to receive communication thereof in a comprehensive form.
receive information on a) the origin of these personal data; b) the purposes of processing and processing methods; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification data concerning data controller, data processors and the representative designated as per art. 5, comma 2 Cod. Privacy e art. 3, comma 1, GDPR; e) the subjects or subject categories that the personal data can be transmitted to or people who may know as responsible or in charge of data treatment in the State territory;
obtain: a) the updating of, correction of or, where this is of interest, addition to data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed, except in the case where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right;
to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication through traditional contact methods (ordinary mail or via a telephone operator) and automated (email, text messages).
Please note that the right of opposition of the person concerned, set out in point b) above, for purposes of direct marketing through automated means, extends to traditional modes and that it remains however the possibility for the person concerned to exercise the right of opposition, even if only in part. Consequently, the data subject may choose to receive only communications by traditional means or only automated communications or neither.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to the portability of contractual data and rough navigation, right of opposition), as well as the right of complaint to the Guarantor Authority.
- Modes of exercising rights
These rights may be exercised by sending:
a registered letter to Kimerik srl – Piazza Gramsci, 1/3 – 98066 – Patti (ME)
a email to redazione@kimerik.it
- Data Controller, responsible and appointed persons
The data controller is: Kimerik srl with registered office in Piazza Gramsci, 1/3 – 98066 – Patti (ME)
The updated list of responsible and appointed persons in charge of the data processing is kept at the registered office of the Data Controller.
This Privacy Information Notice may be subject to change.
It is therefore advisable to regularly check this information and refer to the latest version.