Information and request for consent to the processing
of personal data on the website www.christiangreco.com pursuant to EU Reg. 2016/679

In compliance with the obligations laid down in EU Reg. 2016/679 and Legislative Decree 101/2018 amending and supplementing Legislative Decree 196/2003, regarding the processing of personal data, we hereby inform the Client/Visitor that Christian Greco, with registered office in Acireale, Via Torrisi No. 21, will process personal data concerning him/her that have been or will be communicated to the professional himself/herself. Personal data will be processed in compliance with the regulations in force and under the following conditions.

Premises
This data processing, pursuant to and for the purposes of EU Reg. 2016/679, is based on the principles of lawfulness, correctness and transparency and is carried out for specific, explicit and legitimate purposes.
The data for which authorisation to process is requested are always adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, in accordance with the principle of data minimisation.

.
The processing of personal data is aimed exclusively at achieving the following purposes
(a) to fulfil any type of obligation provided for by applicable laws or regulations;
b) for operational and management needs;
c) for the registration of accesses to the website of the professional and the use of the services provided with this site;
d) for the needs of monitoring the progress of relations with clients/visitors and/or the related risks, for the satisfaction of the same and to improve such relations
e) for marketing needs

2.Basis of processing
The legal basis for the processing of the Client/Visitor’s personal data is consent, where an action is required that does not give rise to the conclusion of a contract (by way of example but not limited to: request for information); the contract where the Client/Visitor has entered into an agreement of a contractual and legally binding nature with the professional.

3. Processing methods
The processing of the data may consist, in addition to their collection, in their registration and storage. At the request of the Client/Visitor, they will be modified, communicated to another Data Controller or deleted. All of the above actions will be carried out with the aid of electronic, computerised and telematic tools, according to methods and with instruments suitable to guarantee the security and confidentiality of the data.
In particular, all the technical, IT, organisational, logistical and procedural security measures provided for by EU Reg. 2016/679 will be adopted, so that the minimum level of data protection required by law is guaranteed.
It should be noted that, due to the storage methods used, access to the data is allowed only to the persons entrusted with the processing by the professional as better specified below.

4. Duration of processing
The duration of the processing of personal data is limited to the time necessary to carry out the action requested by the Client/Visitor who may, at any time, exercise the rights referred to in point 10 of this policy.
In any case, the data relating to invoicing will be stored, as required by law, for 10 years.

5. Type of data collected
The data collected by the professional, in the case of the stipulation of a contract, are those essential to the execution of the action requested by the Client/Visitor:

Name
Surname
Email
Phone
Address
E-mail address
Payment data
The data collected for the purposes of the mere request for contact and information that does not result in the conclusion of an online purchase are:

First and last name
Email address
Payment data

6.Provision of data
The provision of data is necessary for the execution of the action requested by the Customer/Visitor to the professional. The Client/Visitor has the right to refuse and/or revoke this authorisation at any time. However, such a refusal could compromise the smooth running of the relationship with the professional and, in particular, the impossibility of providing the requested services.

7.Communication and disclosure of data.
The communication to the outside world of the personal data collected for the purposes referred to in point 1 may take place only where:
(a) such communication is obligatory to ensure compliance with the requirements of the law or other binding regulations;
b) such communication is obligatory to ensure the correct establishment or continuation of the relationship established with the interested party.

The personal data collected for the achievement of the above-mentioned purposes may be communicated, as far as their specific competence is concerned, to public and private entities, natural and/or legal persons also having commercial purposes and/or management of information and/or payment systems, including external entities carrying out specific tasks on behalf of the professional.

In particular, the data may be communicated to the following categories of subjects: banking institutions and companies specialising in the management of payments, legal, consultancy and commercial firms, public authorities or administrations for compliance with the law. The data may also be disclosed, but only in aggregate, anonymous form, where it is impossible to identify the subject to whom the data belong and for statistical purposes.
The data collected will not be communicated, voluntarily and for a fee, to third parties for marketing or, more generally, commercial purposes.

8. Transfer of data abroad
The personal data communicated by the user to the professional will not be transferred abroad.

The Client/Visitor is also informed that this website contains plug-ins or other IT elements released by third parties that could transfer the data to the territory of the United States of America or, in any case, outside European territory. In this case, this transfer takes place pursuant to and for the purposes of articles 46 and 47 of EU Reg. 2016/679.

9. Rights of the data subject
Pursuant to and for the purposes of Articles 15 et seq. of EU Reg. 2016/679, the Customer/Visitor has the right to request from the data controller, as better identified in point n.12 below of this privacy policy: access to personal data concerning him/her, rectification or integration of inaccurate or incomplete data; deletion of personal data that are no longer necessary, for which consent has been revoked or for which there is no other legal basis for processing (so-called Right to be forgotten); limitation of the processing of the same, in the cases indicated by Art. 18. of the above Regulation.

The Client/Visitor also has the right to request the transmission of the data, in a commonly used and machine-readable format, to another data controller (so-called “data portability”); he/she also has the right to object, at any time and for reasons related to his/her particular situation, to the processing of his/her personal data. The Customer/Visitor’s requests, regarding his/her rights as per Art. 15 et seq. of EU Reg. 2016/679, will be met without undue delay by the Data Controller and in any case within 30 days.

The above rights may be exercised either directly or through an appointee, in the forms provided for by EU Reg. 2016/679. It should be noted in any case that the data will be processed in such a way as to ensure the security, integrity and confidentiality of the data in accordance with the organizational, physical and logical measures provided for by the provisions in force.

10. Right to file a complaint
Without prejudice to any possible administrative or jurisdictional recourse, the Customer/Visitor who considers that the processing concerning him/her violates EU Regulation 2016/679, has the right to lodge a complaint with the supervisory authority (Garante della Privacy).

11. Right to compensation and liability
Any person who suffers material or immaterial damage, caused by a breach of EU Reg. 2016/679 has the right to obtain compensation for the damage from the data controller only if it is demonstrated that the latter has not fulfilled its prescribed obligations.
The data controller shall be exempted from liability if it proves that the damaging event is in no way attributable to it.

12. Data Controller
The data controller is identified as the professional who can be contacted at the email address [email protected].

13. Consent to processing
The Client/Visitor is reminded that consent to the processing of personal data in the manner and for the purposes described above is optional.
In the event of a refusal to give consent, the professional will not be able to process the personal data, with the consequent impossibility of providing the services requested.

14. Additional information
The Client/Visitor is also informed that, through the website www.christiangreco.com, it is possible to share information and images on the social network platforms named “Facebook”, belonging to the company Facebook Inc. and “Linkedin” belonging to the company Microsoft.
For the management of privacy and personal data by the aforementioned sites, we recommend that you view their privacy policies. This site also makes use of navigation cookies.
For more information on this, we recommend that you view the relevant policy.