Policy on the processing of personal data PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
With this policy pursuant to Article 13 of EU Regulation no. 2016/679 on the protection of personal data (hereinafter the “GDPR” or “Regulation”), Th.Kohl S.r.l (hereinafter “Th.Kohl” or the “Data Controller “) describes how the personal data of users (hereinafter “data subjects”) who access and visit the website are processed www.thkohl.it and guarantees that their personal data shall be processed in compliance with the principles of lawfulness, correctness and transparency in accordance with the provisions of the GDPR and in accordance with the following information.
The policy is valid only for the aforementioned website and not for other links/websites that may be present on the website, such as, for example, Facebook, Twitter, LinkedIn, YouTube pages, for which users are asked to read the respective policy provided by the data controllers.
1. Data controller
The data controller is Th.Kohl S.r.l with headquarters at Viale dell’Industria, 37 37030, Badia Calavena (VR) – email: info@thkohl.it
2. Types of data processed
3. Purpose and legal basis of processing
Th.Kohl shall use your data exclusively for the purpose of:
The processing of data for marketing and profiling purposes (and possibly for the transfer of data to third parties) shall be carried out subject to your consent, as provided for in Article 6 paragraph 1 section a) of the GDPR.
The provision of data is optional. However, refusal to provide data shall make it impossible to receive the newsletter service.
We shall not use your personal data for purposes other than those described in this policy, unless we inform you in advance and, where necessary, obtain your consent.
4. Data processing methods
Personal data relating to employees shall be processed by means of archives and paper media or with the aid of computer and electronic media, whilst respecting their confidentiality.
5. Data retention time
In accordance with the principles set out in the GDPR, your personal data shall be retained from the time of their receipt/update until you withdraw your consent.
6. Communication and dissemination of data
Parties that may become aware of your personal data, within the limits strictly necessary to fulfil the aforementioned purposes, are as follows:
If the user connects to the site through an active Google account, Google LCC may obtain additional information about the user that cannot be controlled by the Data Controller.
Under no circumstances shall your personal data be disclosed, disseminated, assigned or otherwise transferred to third parties for unlawful purposes nor, in any case, without providing data subjects with appropriate information and obtaining their consent where required by law.
Personal data shall not be transferred abroad to non-EU countries or international organisations that do not guarantee an adequate level of protection, recognised under Article 45 of the GDPR, based on an adequacy decision made by the EU Commission.
In the event that it becomes necessary for the provision of services, the transfer of personal data to non-EU countries or International Organisations, for which the Commission has not adopted any adequacy decision pursuant to Article 45 of the GDPR, shall only take place if there are adequate safeguards provided for by the recipient country or Organisation, pursuant to Article 46 of the GDPR and provided that the data subjects have enforceable rights and effective remedies. In the absence of an adequacy decision by the Commission, pursuant to Article 45 of the GDPR, or adequate safeguards, pursuant to Article 46 of the GDPR, including binding corporate rules, cross-border transfers shall only take place if one of the conditions set out in Article 49 of the GDPR is met.
7. Rights of the data subject
Data subjects are entitled to the rights, in the cases and within the limits provided for by the Regulation, as set out in Articles 15 to 22. By way of example, each data subject may:
In order to ensure that the aforementioned rights are exercised by the Data Subject and not by unauthorised third parties, the Data Controller may request the Data Subject to provide any further information necessary for this purpose.
8. Exercising the rights of the data subject
The rights referred to above may be exercised by making a request to the Data Controller, either directly or via an authorised person, verbally or by sending an email to the following address: privacy@thkohl.it The request is made freely and without formality by the data subject, who has the right to receive an appropriate response within a reasonable period of time, depending on the circumstances of the case.
In order to exercise their rights, data subjects may make use of non-profit bodies, organisations or associations, the statutory objectives of which are in the public interest and which are active in the field of the protection of the rights and freedoms of data subjects as regards the protection of personal data, granting, for this purpose, an appropriate mandate. Data subjects may also be assisted by a trusted person.
To find out about your rights, file a complaint and be kept up-to-date on the legislation on the protection of persons as regards the processing of personal data, you can contact the Italian Data Protection Authority by visiting the website http://www.garanteprivacy.it/.
Viale dell’Industria, 37
37030 – Badia Calavena (VR)
+39 045 6511811
info@crown-designs.com
©Th.Kohl srl – VAT IT00231420233 | Privacy Policy – Cookies Policy