In compliance with the obligations of the EU General Data Protection Regulation/2016/679, we hereby inform you about the processing of the personal data you and/or other subjects freely provided to Czerny’s International Auction House S.r.l., in particular when:
• navigating on websites, accessing and registering in the private area, filling in forms or subscribing to the newsletter on our website https://www.czernys.com/
Personal data will be processed with due respect for the privacy laws in force following the principles of correctness, lawfulness and transparency and in accordance with the principles of relevance, completeness and non-excess.
CONTROLLER'S IDENTITY AND CONTACT DATA
The data controller, under Articles 4 and 24 of EU GDPR 2016/679, is:
Czerny’s International Auction House S.r.l (P .Iva. 01071900110)
Based in: Piazza Matteotti n. 48, Sarzana (SP),
Tel. + 39 0187 691376
1. CATEGORIES OF PERSONAL DATA AND PROCESSING METHODS
While navigating and using our website, some data may be collected and processed exclusively for security purposes and improvements on the offered service. The collected data mainly concern the interactions with other websites; only session cookies are used. Besides, some data are collected automatically (in anonymous, aggregated and pseudonymised form only) using similar cookies and technologies while browsing the website. Please refer to our “Cookies Policy” for more information.
Should you decide to participate to Czerny’s Auction House online auctions, you will be asked to register in our private area and to create your personal account (for more information, please refer to the “Terms of Sales” on our website). In this case, by way of example only, the collected information may refer to:
• Simple information (customers’ personal data, tax code number, shipping address, phone number and e-mail);
• Information referring to offers and purchases;
Once the registration is completed, to participate to the auction you will be asked further information (by way of example only) to fulfil the contract and in compliance to the current regulation, such as:
• Common and para-sensitive data (Identity card/Passport, gun license, credit card or bank account details)
2. PURPOSES OF DATA PROCESSING AND RELATED LEGAL BASIS
The requested or acquired personal data will be treated exclusively for the purposes and according to the legal basis provided below:
|1. Respond to information and contact requests, provide assistance and technical support also by phone (“Contacts” section)||The consent is required because the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (art. 6, paragraph 1.b of EU GDPR).|
|2. Carry out the activities related to the establishment, management and continuation of the contractual relationships|
|3. Carry out the brokerage activity during the purchase/selling phase of the auctioned products|
|4. Create and manage the customer profile|
|5. Logistic management and shipping of the purchased goods|
|6. Proper implementation, management, maintenance, security and improvement of the website and of the IT infrastructure.||The consent is not required because the data processing is necessary for the pursuit of the data controller’s legitimate interests, security and maintenance (in accordance with art.6.1.f of GDPR).|
|7. Send newsletters and other commercial communications||The consent is not required because such communications are related to similar services and/or products (softspam). (Art. 130, paragraph 4 of Legislative Decree 196/2003).|
|8. Fulfill any type of obligation imposed by law, regulation or Community legislation.||The consent is not required because the processing is necessary for compliance with a legal obligation to which the controller is subject (art. 6, paragraph 1 of GDPR).|
|9. Solve possible legal disputes which may arise between the parties during the relationship||The consent is not required because the processing is necessary for the purposes of the legitimate interests of the controllers to protect themselves from breaches of contract or other damages (art.6.1.f GDPR).|
In performing the service and for the purposes of fulfilling the law decree no 231/2007 on Anti-money laundering issued by the Italian Government, the controller may come to know or collect data of a judicial nature which will be processed exclusively for the purposes required by law.
The refusal, though legitimate, of providing all or some of the above-mentioned data could make the access and use of our services difficult as well as compromise the regular continuation of the relationship with our company. More specifically, the refusal of providing the personal data defined as mandatory may prevent the access and participation to the auction and lead to the impossibility for us to perform our business activities and regularly provide the required products/services.
3. PROCESSING METHODS
The processing of your personal data is carried out mainly with the help of computer systems, and may consist of the following operations: collection, recording, organization and storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, dissemination, cancellation, destruction, blocking and limitation.
In carrying out the processing operations, however, all technical, IT, organizational, logistic and procedural security measures will always be adopted, to guarantee the minimum level of data protection required by law. The above-mentioned methods applied for processing will guarantee access to data only to the subjects specified in paragraph 6.
4. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The subjects or categories of subjects who may become aware of your personal data or to whom they may be communicated are the following:
• Data Controllers, for example: consultants, IT companies and software houses, consultants and consulting companies, freelancers, self-employed workers, transport and logistics companies.
• Judicial or supervisory authorities, administrations, public bodies and authorities (domestic and foreign), but exclusively for the purpose of fulfilling legal obligations, regulations or EU legislation, auditors and auditing companies for the same tasks.
Personal data may also be disclosed, but only in aggregate form, anonymously and for statistical purposes.
5. STORAGE AND TRANSFER OF PERSONAL DATA ABROAD
The management and storage of personal data takes place on servers located inside the European Union owned by and/or available to the Controller and/or appointed third parties, duly appointed as data controllers.
6. PERIOD OF PERSONAL DATA RETENTION
Personal data will be collected and recorded only for the above-described purposes and will be stored for the time strictly necessary to fulfil them: 50 years for all personal data and identification documents as required by art. 35 Tulps (The Consolidated Act on Public Security); 10 years from the conclusion of the relationship for administrative and / or legal purposes; for purposes of sending newsletters, for the time strictly necessary to develop communication campaigns, also considered the particular activity of collecting.
7. YOUR RIGHTS
In accordance with the provisions of GDPR, you may exercise the rights set forth therein and in particular:
a) At any time, you may request from the Data Controller or the Data Protection Officer a copy of your personal data, information regarding the location where your personal data is processed and an updated list with the identification details of all Data Processors and System Administrators authorized to process your data.
b) At any time, you may freely revoke the consent given, without any charge and prejudice to the lawfulness of the processing carried out up to that time and exercise the following rights of the data subject to the Data Controller as provided by the European Privacy Regulation EU/2016/679: Access, Correction, Cancellation, Limitation, Opposition, Portability and Complaint to the Privacy Guarantor.
8. The request can be made by using the UNSUBSCRIBE option in the newsletter or by writing an email to firstname.lastname@example.org