Privacy Policy for Users.

IDDI SRL with its registered office at Via dei Candelai, 65 – 90134 Palermo, PA – Italy, VAT no. 06625350829 (hereinafter, the “Controller“), provides the privacy policy of the website www.candelai.it (hereinafter, the “Site“), as the data controller of the personal data of users browsing and subscribed to the Site (hereinafter, the “Users“) in accordance with art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the “Regulation“, or “Applicable Law“). The Controller values ​​the right to privacy and the protection of the personal data of its Users. For any information regarding this privacy policy, Users can contact the Controller at any time using the following methods:

• • Sending a registered letter with return receipt to the Controller’s registered office;
  • Sending an email to the web address candelai@candelai.it.

1. PURPOSES OF PROCESSING

The personal data of Users will be lawfully processed by the Controller in accordance with art. 6 of the Regulation for the following processing purposes:

1. 1. Site navigation, concerning the possibility of collecting User data necessary for technical purposes, such as IP address, during site navigation.
   2. Sending informative newsletters, upon specific request by the data subject.
   3. Responding to your information requests received through the dedicated contact form. Specifically, we will request Name, Surname, Email, and Telephone to contact you and respond to your request as effectively as possible, Message where you can indicate the reason for the communication.
   4. Legal obligations, to comply with obligations provided by law, by an authority, by a regulation, or by European legislation.

The provision of personal data for the processing purposes mentioned above is optional but necessary, as failure to provide them will make it impossible for the User to browse the Sites, register on the Sites, and enjoy the services offered by the Controller on the Sites. With reference to the purposes referred to in points 1/a, 1/b, 1/c, the legal basis of the processing is indeed the performance of the services provided through the Sites and requested by you (pursuant to Article 6(1)(b) of Privacy Regulation 2016/679); with reference to the purposes referred to in point 1/d of the previous paragraph, the legal basis of the processing is to fulfill a legal obligation to which the data controller is subject (pursuant to Article 6(1)(c) of Privacy Regulation 2016/679).

2. DATA PROCESSING METHODS AND STORAGE PERIOD

The Controller will process the personal data of Users using manual and computerized tools, with logic strictly related to the purposes themselves and, in any case, in such a way as to ensure the security and confidentiality of the data. The personal data of Site Users will be stored for the time strictly necessary to fulfill the purposes outlined in the preceding paragraph 1, or as necessary for the civil protection of the interests of both Users and the Controller. With regard to the purpose referred to in point 1.b, the data will be stored until you object to the sending of the newsletter, through the appropriate link contained therein or through the exercise methods of the rights referred to in paragraph 4.

3. SCOPE OF COMMUNICATION AND DISCLOSURE OF DATA

The personal data of Users may be disclosed to employees and/or collaborators of the Controller responsible for managing the Site. These subjects, formally appointed by the Controller as “data processors,” will process the User’s data exclusively for the purposes indicated in this information and in compliance with the provisions of the Applicable Law. The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Controller as “External Data Processors”, such as, for example, providers of IT and logistical services functional to the operation of the Site, outsourcing or cloud computing service providers, professionals, and consultants. Users have the right to obtain a list of any data processors appointed by the Controller, upon request to the Controller using the methods indicated in the following paragraph 4.

4. RIGHTS OF DATA SUBJECTS

Users may exercise the rights granted to them by the Applicable Law by contacting the Controller using the following methods:

• • • Sending a registered letter with return receipt to the Controller’s registered office;
    • Sending an email to the address candelai@candelai.it;
    • Pursuant to the Applicable Law, Users may exercise the rights referred to in Articles 15 and following of the Regulation, in the manner provided for in Article 12 thereof;
    • If you believe that the processing concerning you violates the Regulation, you have the right to lodge a complaint with a supervisory authority (in the Member State where you habitually reside, work, or where the alleged violation occurred). The Italian supervisory authority is the Italian Data Protection Authority – http://www.garanteprivacy.it/ – garante@gpdp.it.