top of page
LEGAL INFORMATION

Information on the processing of personal data
pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data (in short "GDPR").

 

CATILA di Pierdomenico Mongelli in the person of its legal representative as the owner of the personal data collected directly from the interested party, provides this information pursuant to article 13, GDPR (in short, "Information").

In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be guaranteed, putting in place all the necessary technical and organizational measures to guarantee their security.

 

A) Identity and contact details of the Data Controller

CATILA BY PIERDOMENICO MONGELLI

Via Tenente Vitti, 61 / A - 70043 MONOPOLI (BA)

CF: MNGPDM77H09H096S

VAT number: 08075330723

REA code: BA - 604131

Register of Artisan Companies n.120049

with the qualification of ARTISAN ENTERPRISE (special section) with the number of craftsmen register: BA-120049

amministrazione@catila.it

 

B) Purpose of the processing for which the personal data are intended and related legal basis

Your personal data will be processed:

(i) without obligation of consent for the following purposes:

  • online account registration, order management, purchases, sales and product deliveries and related monitoring, customer service management, payment management, returns and repairs management, customer contact management, coupons and discounts management;

  • administrative-accounting management and related obligations (issuing of receipts, invoices, preparation of payments) possible protection of credit positions and defense in court;

  • internal statistics, business analysis and economic management, as well as, in relation to the contact data provided in the contract, sending advertising of similar products with the right of immediate cancellation upon request;

The above treatments respond respectively to the following legal bases:

  • fulfillment of a contract or pre-contractual measures, satisfaction of a request from the interested party - condition of lawfulness article 6, letter b) GDPR;

  • legal obligation to which the Data Controller is subject - condition of lawfulness Article 6, letter c) GDPR - or for the assessment, exercise or defense of a right in court;

  • pursuit of a legitimate interest of the Data Controller - condition of lawfulness article 6, letter f) GDPR - relating to the improvement of business operations and market surveys, the improvement of services provided to its customers, direct marketing and customer loyalty.

 

The provision of data, marked in the form with (*), for the purposes referred to in the previous section (i) is mandatory and the lack of data and / or any express refusal to process will make it impossible for the Data Controller to give execution of the contract or pre-contractual measures, the fulfillment of the obligation with possible non-fulfillment and responsibility of the interested party also to sanctions contemplated by the legal system.

 

(ii) with your consent (article 7, GDPR), for the following purposes:

  • various types of marketing activities, including the promotion of products and services, the distribution of posters and printed and / or digital information and promotional material, the sending of newsletters and commercial communications via e-mail, invitations;

  • profiling activities of various types, including the analysis of behavior for promotional purposes, the creation of lists for promotional purposes, commercial communication and sending newsletters, the development of profiles for the provision of targeted and customized services for the needs of the customer.

 

The provision of data for the purposes referred to in the previous section (ii) is optional, with the consequence that you may decide not to provide your consent, or to revoke it at any time. For these treatments, automated processes are used through the use of software which in any case provide for human decision-making aimed at avoiding undesirable consequences for the interested party, always limited to the receipt of communications from the Data Controller.

 

C) Categories of recipients of personal data

For the purposes referred to in the previous paragraph, the personal data you provide may be communicated or made accessible:

  1. to employees and collaborators of the Data Controller, in their capacity as authorized data processing personnel (or so-called "data processors");

  2. to third parties who carry out outsourced activities on behalf of the Data Controller, in their capacity as Data Processors, including:

    • service providers for the management of the information system and telecommunications networks and to the company in charge of the management of e-commerce, service providers for the management of the archiving of paper and / or computerized documentation, service providers for the management customer assistance activities, including through websites (eg call centers, help desks, etc.), service providers for the management of commercial communication activities;

    • freelancers, firms or companies in the field of assistance and consultancy relationships, also for corporate organizational management control;

    • banks and credit and insurance institutions for carrying out economic activities (payments / collections) and insurance;

  3. to judicial or supervisory authorities, administrations, public bodies and organizations (national and foreign);

 

D) Storage and transfer of personal data abroad

The management and storage of personal data takes place in the cloud and on servers located inside and outside the European Union owned and / or in the availability of the Data Controller and / or third-party companies in charge, duly appointed as Data Processors.

The transfer of data abroad to non-EU countries takes place exclusively in the context of intra-group communications for customer loyalty purposes and in any case in compliance with the provisions contained in Chapter V, GDPR (article 46).

Your personal data will not be disseminated.

 

E) Retention period of personal data

The personal data collected for the purposes indicated in the previous paragraph (B), section (i) will be processed and stored for the entire duration of any contractual relationship established.

From the date of termination of this relationship, for any reason or cause, the data will be kept for the duration of the statutory limitation periods, or 10 years.

The personal data collected for the purposes indicated in the previous paragraph (B), section (ii) will be processed and stored for the time necessary to fulfill these purposes and in any case for a period not exceeding 24 months for marketing and 12 months. for profiling from the date we receive your consent.

After this retention period, the data will be destroyed or made anonymous.

 

F) Exercisable rights

In compliance with the provisions of Chapter III, Section I, GDPR, you can exercise the rights indicated therein by simply sending a request via e-mail and in particular:

  • Right of access - Obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, receive information relating, in particular, to: purposes of the processing, categories of personal data processed and retention period, recipients to which these can be communicated (article 15, GDPR),

  • Right of rectification - Obtain, without undue delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (Article 16, GDPR),

  • Right to cancellation - Obtain, without undue delay, the cancellation of personal data concerning you, in the cases provided for by the GDPR (article 17, GDPR),

  • Right of limitation - Obtain the limitation of processing, in the cases provided for by the GDPR (article 18, GDPR)

  • Right to portability - Receive personal data concerning you in a structured format, commonly used and readable by an automatic device, as well as obtain that the same are transmitted to another holder without impediments, in the cases provided for by the GDPR (article 20, GDPR )

  • Right to object - To object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing (Article 21, GDPR)

  • Right to lodge a complaint with the supervisory authority - Propose a complaint to the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).

bottom of page