Privacy Policy

 

Information on data collection - European Regulation 679/2016 hereinafter "GDPR"

Alchemi Lab di Vizzardi Michela Piazza Cav. Di Vittorio Veneto 18 - 25018 Montichiari (Bs) (hereinafter, "Data Controller"), as data controller, informs you pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 (hereinafter, "Privacy Code") and art. 13 EU Regulation n. 2016/679 (hereinafter, "GDPR") that your data will be processed in the manner and for the purposes described below.

 

Subject of processing

The Data Controller processes personal data, identifying and non-sensitive information (in particular, name, surname, tax code, VAT number, email, phone number - hereinafter referred to as "personal data" or "data") that you provide during registration/form completion or emails to the Data Controller's websites and/or when requesting information about products or services offered by the Data Controller.

Purposes

Your personal data is processed without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:

  • to conclude contracts for the Data Controller's services;
  • to fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;
  • to fulfill obligations provided by law, regulations, European Union law or an order from the Authority (such as in the field of anti-money laundering);
  • to exercise the Data Controller's rights, for example the right to defense in court.

Furthermore, the data will be processed for purposes related to the implementation of the following obligations, relating to legislative or contractual obligations and for additional purposes:

  • Legally mandatory compliance in the tax and accounting field;
  • Customer and supplier management;
  • Activity planning;
  • Customer and supplier billing history;
  • After-sales assistance;
  • Dispute management;
  • Debt recovery activities.

 

Methods of processing

The processing of your personal data is carried out through the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and specifically:

  • collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data;
  • Your personal data is subject to both paper and electronic and/or automated processing.

The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship for Service Purposes. All processing takes place in compliance with the methods referred to in arts. 6, 32 of the GDPR and through the adoption of adequate security measures provided. The data will be processed solely by personnel expressly authorized by the Data Controller and by external parties expressly appointed by the Data Controller for processing. Third parties who carry out processing operations on behalf of the Data Controller are expressly appointed as external Data Processors for processing within their competence.

 

Access to data

The data may be made accessible for the purposes referred to in the Processing Purposes chapter (art. 2):

  • to employees and collaborators of the Data Controller, in their capacity as internal data processors and/or controllers and/or system administrators;
  • to partners or suppliers of the Data Controller (for example, for support activities in studying the feasibility of the customer's project, for technical management of services, for storage of personal data, etc.) or to third parties (for example, providers for website management and maintenance, suppliers, credit institutions, professional firms, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

 

Communication to third parties

The data will be communicated exclusively to competent parties for the performance of services necessary for correct management of the relationship, with guarantee of protection of the data subject's rights:

  • Consulting companies in accounting, administrative and tax matters;
  • Consultants and freelance professionals, including in associated form;
  • Debt recovery companies;
  • Banks and credit institutions;
  • Other public and/or private entities for which the communication of data is mandatory or necessary in compliance with legal obligations or is in any case functional to the administration of the relationship;
  • Transport and shipping companies.

 

Dissemination

Personal data will not be disseminated in any way.
Retention time of personal data: your data will be kept in our archives or with authorized Data Processors solely for the time necessary for processing purposes, subject to compliance with retention times.

 

Data transfer

The management and storage of personal data will take place on servers located within the European Union belonging to the Data Controller and/or third-party companies appointed and duly designated as Data Processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union. However, it is understood that the Data Controller, should it become necessary, will have the option to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In such case, the Data Controller assures from now that the transfer of data outside the EU will take place in accordance with applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.

 

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and associations with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, addresses in URI notation of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the user's operating system and computer environment. This data is used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts does not persist for more than seven days.

Data provided by the user

The optional, explicit and voluntary sending of emails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services upon request.

Optional nature of data provision

The user is always free to provide the personal data requested for sending informational material, except as necessary for navigation. Failure to provide data, on the other hand, may result in the inability to obtain what is requested.

Methods of processing

Personal data is processed with automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are implemented to prevent data loss, illicit or incorrect use and unauthorized access.

 

Rights of the data subject

In your capacity as data subject, you have the rights referred to in art. 7 Privacy Code and art. 15 GDPR and specifically the rights to obtain confirmation of:

  1. the origin of personal data;
  2. the purposes and methods of processing;
  3. the logic applied in case of processing carried out with the aid of electronic tools;
  4. the identification details of the controller, processors and the representative designated pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representative in the territory of the State, as processors or persons in charge;
  1. the updating, rectification or, when there is interest, the integration of data;
  2. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data was collected or subsequently processed;
  3. certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data has been communicated or disseminated, except in cases where such compliance proves impossible or involves the use of means manifestly disproportionate to the protected right;
  1. for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection;
  2. to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated calling systems without operator intervention via email and/or through traditional marketing methods via telephone and/or postal mail. Please note that the data subject's right to object, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the data subject's possibility to exercise the right to object even only in part remains. Therefore, the data subject can decide to receive only communications through traditional methods or only automated communications or neither type of communication.

Where applicable, the data subject also has the rights referred to in arts. 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.

 

Minors

The Data Controller's sites and services are not intended for minors under 18 years of age and the Data Controller does not intentionally collect personal information relating to minors. In the event that information about minors is recorded, the Data Controller will delete it immediately upon request from users.

 

Method of exercising rights

The data subject may at any time exercise their rights:

  • by certified mail:
  • or by registered mail with return receipt to the following address: Alchemi Lab di Vizzardi Michela Piazza Cav. Di Vittorio Veneto 18 - 25018 Montichiari (Bs)

.

 

Changes to this document

This document constitutes the privacy policy of this site.

It may be subject to changes or updates. Therefore, it is advisable to regularly check this information and refer to the most updated version.

The document complies with regulatory provisions on the matter.

 

Updated on November 30, 2023.