DATA CONTROLLER
The Data Controller is BIANCO BIANCHI S.N.C. DI Alessandro e Elisabetta Bianchi
with registered office at Via Lisbona, 4/E 50065 PONTASSIEVE (FI)
VAT/Tax Code. 02077890487
PEC: biancobianchisnc@cert.cna.it
EMAIL: bianchiscagliola@gmail.com
TEL: + 39 0558314509

PROCESSED DATA
Personal Data
Following the consultation of the website, personal data relating to identified or identifiable natural persons may be processed.
Browsing data
This category includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the response status given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
Data provided by the user
The completion and submission of forms on the Controller’s website results in the acquisition of the sender’s contact data (e.g., first and last name, business name, tax code and VAT number, address, telephone number, e-mail, etc.), necessary to respond, as well as all personal data included in the communications. The data provided by the user are necessary for the Controller to provide the services available on the website.
PURPOSE OF PROCESSING
The data are collected from the data subject for the following purposes:

• to fulfil obligations arising from a contract or a pre-contractual relationship;
• to comply with legal, regulatory, and EU law obligations;
• to be included on the Company’s website;
• for marketing activities (e.g., sending advertising materials, carrying out promotional activities, sending newsletters);
• to enable the use of functionalities of the company website following user access.

LEGAL BASIS
The legal basis for the processing is:

• contractual or pre-contractual necessity;
• legal obligations to which the company is subject;
• explicit consent for one or more specific purposes.

PROCESSING METHODS
The processing of the User’s personal data is carried out through the following operations: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of the data.
The User’s personal data are collected through direct submission to the Controller via form completion or other documents, including contractual ones, or during pre-contractual activities. The data are processed both manually in paper format and using electronic or automated tools. Collected data are recorded and stored in both digital and paper archives, and are safeguarded and controlled to minimize the risk of accidental destruction or loss, unauthorized access, or processing not compliant with the purposes of collection. Data are processed by employees or collaborators of the Controller, who are duly authorized and trained for this purpose.
Data may also be collected through tools and services provided by third parties and stored by them.

NATURE OF DATA PROVISION
Providing personal data for the purposes outlined is optional. However, failure to provide such data, in whole or in part, may result in the partial or total impossibility to establish or continue a relationship with the User, to the extent that such data are necessary for said relationship.

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The User’s personal data may be processed by:

• postal service providers or other delivery companies;
• banks and credit institutions;
• debt collection agencies;
• law firms;
• judicial authorities, police forces, private security companies;
• professionals and/or third-party companies tasked with providing services;
• IT and electronic equipment maintenance/repair companies.

The data will not be disclosed for purposes unrelated to the company’s activities. The data may be shared with employees and collaborators authorized to process them, as well as with entities acting as data processors (Art. 28 GDPR), performing technical and support tasks (legal services, maintenance and/or repair of IT equipment, etc.) on behalf of the Controller. Data may be transferred to a third country or international organization only in full compliance with the safeguards of Chapter V of the GDPR, either on the basis of an adequacy decision by the European Commission pursuant to Art. 45 GDPR or, in the absence thereof, with appropriate safeguards pursuant to Art. 46 GDPR, such as standard contractual clauses.

DATA RETENTION PERIOD
Personal data will be retained as follows:

• for clients/potential clients for marketing purposes: 2 years;
• for clients/suppliers: 10 years from the end of contractual obligations, unless interrupted by limitation periods;
• for potential clients: 3 years.

RIGHTS OF DATA SUBJECTS
As a data subject and in relation to the processing described in this privacy notice, the User has the rights outlined in Articles 7, 15 to 21, and 77 of the GDPR, specifically:

• Right to withdraw consent (Art. 7 GDPR): The User may withdraw their consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
• Right of access (Art. 15 GDPR): The right to obtain confirmation of whether personal data concerning the User are being processed, and, if so, access to such data including a copy.
• Right to rectification (Art. 16 GDPR): The right to obtain without undue delay the rectification of inaccurate personal data and/or the completion of incomplete data.
• Right to erasure (“right to be forgotten”) (Art. 17 GDPR): The right to obtain the erasure of personal data without undue delay.
• Right to restriction of processing (Art. 18 GDPR): The right to obtain the restriction of processing when:
  • the accuracy of the data is contested, for the time necessary to verify accuracy;
  • the processing is unlawful and the data subject opposes erasure and requests restriction instead;
  • the data are required for legal claims;
  • the data subject has objected to processing pending verification of overriding legitimate grounds.
• Right to data portability (Art. 20 GDPR): The right to receive personal data in a structured, commonly used, machine-readable format and to transmit them to another controller, where technically feasible and based on consent or contract, by automated means.
• Right to object (Art. 21 GDPR): The right to object, on grounds relating to their particular situation, at any time to the processing of personal data based on legitimate interest or public task, unless there are compelling legitimate grounds or for legal claims. Also, the right to object at any time to processing for direct marketing purposes.
• Right to lodge a complaint (Art. 77 GDPR): The User has the right to lodge a complaint with the Data Protection Authority or to seek judicial remedy (Art. 79 GDPR).

Data subjects have the right to obtain from the Controller, where applicable, access to personal data and the rectification or erasure of such data or restriction of processing, or to object to processing (Articles 15 and following of the GDPR). Requests should be addressed to the Controller using the contact information available on the website.