1. DATA CONTROLLER
The Data Controller is “Bordignon Srl“, with headquarters in Rossano Veneto (VI), via Volta, n. 20, tax code and VAT number is 04183480245 the Data Controller of the processing of the user’s personal data and as such is responsible for processing personal data correctly and in compliance with the laws in force.
The Data Controller’s contact details can be found on this page: http://bordignon.com/en/contacts/

2. CATEGORIES OF DATA PROCESSED AND COLLECTION METHODS
Your navigation on the site and / or the inclusion of data in certain areas of the same may involve the collection and further processing of your Personal Data by us. In fact, the computer systems and software procedures used to operate them automatically and indirectly administer and / or acquire certain information (such as, merely by way of example, the so-called “cookies” – for more information visit our dedicated page – or the data expressly specified in the collection formats, such as name, surname, e-mail address, address, telephone number, e-mail address).

3. PURPOSE OF DATA PROCESSING AND LEGAL BASIS OF PROCESSING
Your Personal Data will be processed for the following purposes exclusively with your consent to the processing, which can be revoked at any time by using the link at the bottom of each promotional email (with regard to marketing activities and the newsletter) or by sending us an email, which you can find in the contacts above.
a) Handling and responding to your specific requests by contacting us directly.
b) Receipt of the newsletter
You may decide to subscribe to the newsletter service by giving your consent. In relation to this purpose, your consent is required at the time of subscription to the newsletter service.
Moreover, even without your consent, Bordignon Trading may process your Personal Data for the following purposes:
c) Management and execution of the fulfilments required by law (accounting, administrative, fiscal nature, etc.).
d) Management of disputes and possible litigations (as legitimate interest of the Data Controller).

4. HOW WE PROCESS YOUR DATA
The processing of your Personal Data may include any type of operation including the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.
The operations can be carried out with or without the aid of electronic or automated tools.
The processing is carried out by the Data Controller and/or by the persons in charge of the processing who operate under the direct authority of the Data Controller by following the instructions given or by third parties appointed as external data processors.

5. WHERE WE PROCESS YOUR DATA
Your Personal Data is primarily processed at the Data Controller’s offices and at the locations of the data processors.
If you consent to the processing of your Personal Data for marketing and promotional purposes, some of your Personal Data (name, surname, e-mail address) will be transferred to our newsletter software partners who are based all over the world, including outside the European Union.
We inform you that we transfer your Personal Data only to entities located in countries for which there is a specific decision of the EU Commission guaranteeing their adequacy and guarantee of processing in accordance with the provisions of Reg. 679/16 (GDPR) or only after verification of the registration of the external controller under the system called “Privacy Shield”.

6. HOW LONG WE PROCESS YOUR DATA
The Data Controller will not retain your Personal Data for longer than is necessary to fulfill the purpose for which it was processed. Data will be retained for as long as permitted or required by law.
In order to ensure compliance with the principles of necessity and proportionality of processing, the Data Controller has identified different Personal Data retention times in relation to the individual purposes pursued:
a) for the purposes of managing and responding to your requests in relation to our products and initiatives, your Personal Data will be stored for the time strictly necessary to process your request;
b) for the purposes of marketing activities, i.e. for commercial communications, including by e-mail, concerning the sending of promotional and advertising material, your Personal Data will be kept until you no longer wish to be the recipient of our communications and you can unsubscribe by following the instructions on each of our communications;
c) for the purposes of managing and fulfilling legal obligations (of an accounting, administrative, fiscal nature, etc.), your Personal Data will be kept for 10 years.

7. WHO THE RECIPIENTS OF YOUR PERSONAL DATA ARE
Your Personal Data may be communicated to and processed by:
i. legal or natural persons acting as external data processors, carrying out outsourced activities, appointed by the Data Controller or by the Data Controller’s external data processors (including entities entrusted with assistance, communication, marketing, advertising, promotions and sales of products and/or services as well as advertisers, advertising concessionaires, IT service providers, Site/APP managers, electronic platform managers, partners, credit institutions, professional firms);
ii. employees and/or contractors of the Data Controller (including system administrators) who, acting under the direct authority of the Data Controller, will be authorized to process your Personal Data; and
iii. employees and/or contractors of external data processors (including system administrators) who, acting under the direct authority of the external data processors, will be authorized to process your Personal Data.
Your Personal Data will not be disclosed to third parties except where your Personal Data is disclosed by the Controller to consultants in order to protect its rights, nor will it be disseminated.

8. OBLIGATION TO PROVIDE DATA
The providing of data must be considered compulsory with regard to the processing that the organization must perform to fulfill its obligations to the person concerned on the basis of the relationship (or contract) in place, as well as obligations of law, rules, regulations.
Consent is not compulsory for all other purposes and, even if given, may be revoked at any time by the data subject.

9. REFUSAL TO PROVIDE DATA
Failure to provide the data that the data subject is obliged to communicate may make it impossible to satisfy your requests or to initiate a business relationship and contracts that may be established with the Data Controller.
In case of failure to provide non-mandatory data, the consequences will be evaluated from time to time with regard to the specific case and will presumably involve the non-performance of the service related to such data.

10. RIGHTS OF THE DATA SUBJECT:
The Privacy Law recognizes you, as data subject, numerous rights. In particular, you have the right to:

Right

Description

Right of withdrawal of consent (art. 13 paragraph II letter A and art. 9 paragraph II letter A GDPR)

You have the right to revoke your consent at any time for all those processing operations the legitimacy of which presupposes your manifestation of consent, as indicated in the table of purposes described above.

The withdrawal of consent does not affect the lawfulness of the previous treatment.

Right of access to data (art. 15)

You may request a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations; d) when possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine this period; e) the existence of your right to request from the Data Controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning you or to object to their processing; (f) your right to lodge a complaint with a supervisory authority; (g) if the data are not collected from you, all available information about their origin; (h) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4), and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for you. You have the right to request a copy of the personal data being processed.

Right to rectification (art. 16)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (art. 17)

You have the right to obtain from the Data Controller the deletion of personal data concerning you if the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if you revoke your consent, if there is no overriding legitimate reason to proceed with the processing of profiling, if the data have been processed unlawfully, if there is a legal obligation to delete them; if the data are related to web services to minors without consent. Deletion may take place unless the right to freedom of expression and information prevails, the data are retained for the performance of a legal obligation or for the performance of a task carried out in the public interest or in the exercise of public authority, for reasons of public interest in the health sector, for archiving purposes in the public interest, for scientific or historical research or statistical purposes or for the establishment, exercise or defence of a right in a court of law.

Right to restriction of processing (art. 18)

You have the right to obtain from the Data Controller the restriction of the processing when you have contested the accuracy of personal data (for the period necessary for the Data Controller to verify the accuracy of such personal data), or if the processing is unlawful and you object to the deletion of your personal data and request instead that their use be restricted, or if they are necessary for the establishment, exercise or defence of a right in a court of law, while to the Data Controller they are no longer necessary.

Right to data portability (art. 20)

You have the right to receive in a structured, commonly used and machine-readable format the personal data that concern you and that you have provided to us, and you have the right to transmit it to another if the processing was based on consent, on contract and if the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of public authority and such transmission does not infringe the right of a third party.

Right to lodge a complaint with a supervisory authority (art. 77)

Without prejudice to any other administrative or judicial remedy, if you believe that the processing of your personal data is in breach of the Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority, namely in the Member State in which you have your habitual residence, work or the place where the alleged breach has occurred.

11. WAYS OF FULFILLING RIGHTS
You may exercise these rights at any time by contacting the Data Controller at the addresses indicated above.
You may lodge a complaint with the supervisory auhtority by following the instructions provided on the Garante Italiano Privacy’s website, in the “Forms” section, under the heading “Complaint” (or by clicking on the following link.