Information provided by Ambra’s s.r.l., pursuant to article 13 EU Reg. 679/2016
In compliance with Reg. EU 679/2016, we hereby provide the necessary information regarding the purposes and methods of processing personal data to those who surf – and possibly voluntarily leave their personal data in the various contact forms – on the pages of the websites owned by AMBRA’S SRL, with registered office in Via Dante n.16 – 20121 Milano (MI), Tax Code – VAT no. 06788760962, as Data Controller.
This information is to be considered valid only for websites owned by the data controller, such as www.ambras.it, and not for other websites that may be consulted via links published on this website; on such third-party websites, the data controller is not to be considered in any way responsible. Users are informed that hosting of this website is provided by the company Hosting Solutions, with registered office at the address Via de Cattani n. 224/18 a Firenze (FI-Italy), Tax Code/VAT no. 02002750483, whose servers that host the website are located in Italy.
2. TYPES OF DATA PROCESSED
Navigation data Regarding only the technical aspects and protocols, we wish to inform you that:
- The computer systems and software procedures used to operate this website may acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
- This is information that is not collected to be associated with identified interested parties but which, by its very nature, could, through processing and association with data held by third parties, allow users to be identified.
- This category of data includes IP addresses or domain names of the computers used by the Users who connect to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
Data provided voluntarily by the User.
Following consultation and navigation of the websites owned by the Data Controller, such as this website, data relating to identified or identifiable persons may be processed. In particular, it is specified that this processing may take place in relation to the personal data freely provided by the Users who send their information to the data controller through the contact details and compilation of the contact forms on the websites owned by the Data Controller (www.ambras.it ), such as: name, surname, email address, company name, CF and VAT number, place of business and sector to which it belongs.
Data processing will be carried out by Ambra’s s.r.l., as Data Controller (hereinafter referred to as the “Data Controller”), through IT, telematic tools and / or collection of paper documentation, with data organization and processing logic related to the aforementioned purposes. and in any case in order to guarantee the security and confidentiality of the data. The data are those provided by you and will be used for the purposes indicated below.
It should be noted that, in no section of the website, for access to any functionality of the website, is the assignment of “special categories of personal data” and/or “personal data relating to criminal convictions and crimes” requested, as defined by art. 9 and 10 of the EU Reg. 679/2016: if spontaneously the User sends to the data controller the information of the afore-mentioned type, the data controller will process such data in compliance with the current legislation regarding the protection of personal data (EU Reg. 679/2016 and Authority Privacy Guarantor no.146/2019) and within the limits of what is strictly necessary in relation to the requests made by the interested User.
The Data Controller, taking into account the state of the art and the implementation costs as well as the nature, scope, context and purpose of the processing, both when determining the means of processing and at the time of the processing itself (so called risk analysis – accountability), has put in place adequate technical and organisational measures aimed at effectively implementing the data protection principles and integrating the necessary guarantees in order to meet the requirements of EU Reg. 679/2016 and to protect the rights of the interested party. Data will be processed using methods and instruments suitable to guarantee security (art. 24, 25 and 32 EU Reg. 679/2016) and will be carried out through an automated process and through non-automated means (paper archives) to which all technical and organisational measures will be applied to ensure a level of security appropriate to the risk to ensure on a permanent basis its confidentiality, integrity, availability and resilience of the processing systems and services (by way of example but not limited to: controls both on the assignment of tasks to the persons responsible for data processing and on the classification of the data itself, procedures, if sustainable, of pseudonymisation and encryption, disaster recovery mechanisms, etc.).
3. PURPOSE OF THE PROCESSING
The personal data provided will be processed by the Data Controller in accordance with the legislative provisions of the privacy legislation and the confidentiality obligations provided therein, exclusively, for the fulfillment of the following purposes:
- a) provision of the service requested by the User, including the purchase of goods and / or customized products and the related management of the commercial relationship established with the owner and enrollment in school courses and tutorial courses;
- b) sending targeted information / commercial / promotional communications – through “traditional” methods (by way of non-exhaustive example, paper mail and telephone calls with operator) and / or automated (by way of non-exhaustive example, fax, email, sms, mms, etc …), to the contact details communicated by the interested party at the time of providing consent;
- c) subscription to the periodic newsletter; this newsletter will be sent to you on a monthly basis, via email, to the addresses indicated by you; the choice to give consent for the receipt of our periodic newsletter may be changed at any subsequent time, in whole or in part, by sending a specific communication to the data controller at the addresses indicated below;
- d) market / advertising analysis.
The data you have provided may also be legitimately used by the Data Controller to fulfill the legal obligations to which the Data Controller is subject or, again, in cases where the processing is necessary for the protection of the rights of the Company and / or its assignors / assignees.
4. PROVISION OF DATA – LEGAL BASIS OF THE PROCESSING
The provision of personal data is mandatory for the execution of the purposes referred to in point 3 lett. a) and their failure to provide it could make it impossible to provide the service (for example, see “mandatory fields” marked with <> within the information collection forms); the legal basis of the processing for the purposes referred to in point 3 lett. a) is based on the fulfillment of the requests made by the interested party and on the fulfillment of the services deriving from the contractual relationship established.
The provision of personal data is optional for the execution of the purposes referred to in point 3 lett. b), c) and d), without prejudice to the right of the interested party to oppose even after sending newsletters / communications / commercial and promotional information and to revoke the consent given at any time, in this case the data will no longer be processed for the aforementioned purposes without this having consequences or prejudicial effects for the interested party and for the requested services. The legal basis of the processing for the purposes described above is based on the consent given by the interested party.
5. CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
Personal data will be processed by subjects specifically appointed by the data controller as data processors and / or by anyone acting under his authority and who has access to personal data; these subjects will process your data only if necessary in relation to the purposes of the provision and only in the context of carrying out the tasks assigned to them by the data controller, undertaking to process only the data necessary for the performance of these tasks and to carry out only the operations necessary to carry out the same.
Furthermore, your personal data may be disclosed for the aforementioned purposes to:
- companies or external professionals who carry out specific tasks on behalf of the data controller (by way of non-exhaustive example, suppliers of machinery and maintenance, suppliers of management / maintenance / implementation services of company information systems, etc …) only if the communication of your personal data is necessary or in any case functional to the pursuit of the purposes referred to in paragraph 3);
- agents / consultants, brokers and collaborators / partners of the data controller only if the communication of your personal data is necessary or in any case functional to the pursuit of the purposes referred to in paragraph 3);
- parent company, subsidiaries or associates of the data controller.
In compliance with the Provision “Measures and precautions prescribed to the owners of the treatments carried out with electronic tools in relation to the attributions of the functions of system administrator – 27 November 2008” (Official Gazette no. 300 of 24 December 2008) and related additions and amendments, the owner of the data processing has appointed specific “System Administrators” who, in the performance of their functions, will be able to access, even indirectly, services or systems that process or allow the processing of personal information.
The data will not be disclosed to other third parties, except by asking you, in advance, for your express consent.
Your personal data will not be disseminated.
6. TRANSFER OF DATA TO THIRD COUNTRIES
The Data Controller may transfer personal data to a third country or an international organization; in these cases, the Data Controller undertakes to carry out the processing only in the presence of appropriate guarantees.
7. PERIOD OF CONSERVATION OF PERSONAL DATA
The data will be kept for the time necessary to achieve the aforementioned purposes, in a form that allows the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed. which, if not expressly reconfirmed by the interested party, will be destroyed, subject to their transformation into anonymous form. The data will be kept until you unsubscribe from the service, which can be easily obtained by clicking on the specially provided link in each Newsletter and in each box for sending commercial communications.
The personal data provided will not be processed in order to carry out an automated decision-making process (so-called profiling). In the event that the personal data provided must be processed for purposes other than those indicated in the Purpose of the Processing, the Data Controller will provide you with information on this different purpose and any other relevant information.
8. DATA CONTROLLER
The data controller is: AMBRA’S SRL, with registered office in Via Dante n. 16 – 20121 Milano (MI), Tax Code – VAT no. 06788760962, Tel +39 02 90.67.099, Fax +39 02 90.600.888, Website www.ambras.it, e-mail: firstname.lastname@example.org, Certificate email email@example.com (defined above and below “Data Controller”).The Data Controller has not designated the D.P.O. (Art. 37 EU REG. EU 679/2016 and WP Guidelines article 29 of 13.12.2016), as they are an unnecessary figure within the structure, given that the processing characteristics do not fall within the cases referred to in the afore-mentioned article 37.
Pursuant to art. 28 of the EU REG. 679/2016, the Data Controller may use third parties that process data on its behalf and formally appointed by it as data processors. The complete and updated list of data processors appointed is available by sending a request to the e-mail.
Pursuant to art. 29 of the EU REG. 679/2016, the Data Controller may use anyone acting under their authority and/or the appointed manager; these subjects will be duly instructed.
9. THE RIGHTS OF THE DATA SUBJECT
The interested party is granted the rights referred to in art. 15 of the GDPR. Where applicable, the interested party also has the rights referred to in Articles 16-22 of the GDPR (right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object, right not to be subjected to a decision based solely on automated processing), as well as the right to complaint to the Guarantor Authority.
The full text of the articles of the EU REG. 679/2016 related to your rights (articles 15 to 23 inclusive) is available at any time at the following link on the website of the Authority for the Protection of Personal Data:
or, alternatively, the Data Controller will provide you with it in response to your request, by sending a communication to the addresses previously indicated.
Date of last modification 17.02.2023