General Privacy Policy

The company DUCKMA SRL, with registered office in (25086) Rezzato (BS), Via Naviglio, no. 17, registered at the Brescia Register of Companies R.E.A. no. BS - 543381, C.F. and P.IVA no. 03547240980, in the person of the legal representative pro tempore, Matteo Gazzurelli, as the data controller (hereinafter, the Data Controller), informs, pursuant to Art. 13 EU Regulation No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the GDPR) that the data will be processed as indicated below.

***

1. Object of Treatment

1.1 The Data Controller processes personal, identifying and non-sensitive data (first name, last name, tax code, VAT number, email, telephone number) communicated when signing contracts with the Data Controller and/or when sending inquiries made through its site (hereinafter, the Personal Data).

1.2 The Data Controller processes information obtained, including through cookies, about the data subject's use of the site, including connection times, browsing data, page visits, clicks on content, and the data subject's preferences.

2. Purpose of Treatment

2.1 Personal data are processed:

  • without express consent (Art. 6 letter b, e GDPR) for the following purposes: registering on the website;
  • operating and maintaining the website;
  • enable subscription to the newsletter service provided by the Controller;
  • fulfill pre-contractual, contractual and tax obligations arising from existing relationships;
  • fulfill obligations under the law, a regulation, EU legislation or an order of the Authority;
  • prevent or detect fraudulent activities or abuse harmful to the Website;
  • exercise the rights of the Data Controller, such as the right to defense in court;
  • with prior consent (art. 7 GDPR) for marketing purposes (sending newsletters, commercial communications and/or advertising material about products or services offered by the Owner). Individuals, who are already customers, will be able to receive commercial communications about services and products of the Controller similar to those we have already used, except in cases where we have communicated their disagreement.

2.2 With the prior consent of the data subject, the Data Controller may automatically analyze his/her behavior, preferences and interests (in particular, by examining site connection times, browsing data, content clicks, pages viewed, features used, favorite content) through profiling cookies. Data subjects will be allowed to change their cookie settings or revoke their consent in accordance with the cookie policy.

3. Modalities of Treatment

3.1 The processing of Personal Data is carried out by means of the operations indicated in Art. 4, No. 2) GDPR i.e. collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

3.2 Personal Data are subject to both paper-based and electronic and/or automated processing.

3.3 The Data Controller will process Personal Data for as long as necessary to fulfill the above purposes and in any case for no longer than 20) years after the termination of the relationship for Service Purposes and for no longer than 20) years after data collection for Marketing Purposes.

4. Data Access

4.1 Personal Data may be made accessible to employees and associates of the Data Controller, in their capacity as internal data processors and/or system administrators.

5. Data Communication

5.1 Without the express consent of the data subject pursuant to Art. 6, lett. b) and c) GDPR, the Data Controller may disclose Personal Data for the purposes referred to in Art. 21, lett. a) to Supervisory Bodies, Judicial Authorities as well as to all other entities to which the disclosure is mandatory by law for the fulfillment of the said purposes.

6. Data Transfer & Third Party Processors

6.1 The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third party companies contracted and duly appointed as Data Processors. Currently, the servers are located in Google Cloud. The data will not be transferred outside the European Union. It is in any case understood that the Data Controller, should it become necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or countries outside the EU. In this case, the Data Controller assures as of now that the transfer of the data outside the EU will take place in compliance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the contractual clauses provided for by the European Commission.


6.2 Digital Marketing Service Providers: We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

(i)               Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”

7. Nature of Data Submission and Consequences of Refusal

7.1 The provision of data for the purposes of art. 2.1, lett. a) is mandatory. In their absence, the Owner will not be able to guarantee either registration to the site or the services of art. 2.1, lett. a).

7.2 On the other hand, the provision of data for the purposes referred to in Article 2.1, letter b) is optional. It is the option of the data subject not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, the data subject will not receive newsletters, commercial communications and advertising material inherent to the Services offered by the Data Controller, but will be entitled to the services referred to in art. 2.1, lett. a).

8. Rights of the Data Subject

8.1 Pursuant to Article 15 GDPR, the data subject will have the right to:

  • obtain confirmation of the existence or otherwise of Personal Data, even if not yet registered, and their communication in intelligible form;
  • obtain an indication of i) the origin of the Personal Data; ii) the purposes and methods of the processing; iii) the logic applied in case of processing carried out with the aid of electronic instruments; iv) the identification details of the Data Controller, the data processors and the designated representative pursuant to Art. Art. 3, para. 1, GDPR; v) the subjects or categories of subjects to whom the Personal Data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processors or persons in charge of processing;
  • obtain i) the updating, rectification or, when you are interested, the integration of data; ii) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed iii) certification to the effect that the operations as per letters i) and ii) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  • object, in whole or in part, i) for legitimate reasons to the processing of Personal Data, even if pertinent to the purpose of collection; ii) to the processing of Personal Data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail. The data subject's right to object for direct marketing purposes by automated means extends to traditional marketing methods, and that in any case the data subject's right to object remains unaffected, even in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.

8.2 If the prerequisites set forth in the GDPR are met, the data subject may exercise the right to rectification, the right to be forgotten, the right to restriction of processing, the right to data portability and the right to object, as well as the right to complain to the Data Protection Authority.

9. Ways of Exercising Rights

9.1 The interested party may at any time exercise the rights by sending a registered letter with return receipt to DUCKMA SRL, Via Vittorio Emanuele II, n. 1, (25122) Brescia or a PEC to duckma@pec.it.

10. Minors

10.1 The Owner's site and services are also intended for individuals under the age of 18. The Owner will only collect personal information referring to minors with the written consent of both parents or those exercising parental authority. In the event that information about minors is recorded in the absence of the above prerequisites, the Controller will proceed to their deletion.

11. Owner, Manager and Appointees

11.1 The Data Controller is DUCKMA SRL. The updated list of data processors and data processors is kept at the offices of the Data Controller.

12. Amendments to This Notice

12.1 This Notice is subject to change. It is up to the individual concerned to check regularly for any updates.