Privacy Policy

The purpose of this document is to inform the natural person (hereinafter “ Data Subject ”) regarding the processing of his/her personal data (hereinafter “ Personal Data ”) collected by the data controller, Drecan snc, with registered office in Via Luigi Salvatore Cherubini 10, 50018 Scandicci Florence, Italy, CF/VAT number 02326890486, 02326890486, e-mail address info@marcomesseribiagiotti.com, PEC address drecan@pec.it, telephone number 3246386647, (hereinafter “ Owner ”), through the website www.marcomesseribiagiotti.com (hereinafter “ Application ”).

Changes and updates will be binding as soon as they are published on the Application. In case of non-acceptance of the changes made to the Privacy Policy, the Interested Party is required to cease using this Application and may request the Owner to delete their Personal Data.

1. Categories of Personal Data processed

The Data Controller processes the following types of Personal Data provided voluntarily by the Data Subject:

  • Contact details : name, surname, address, email, telephone, images, authentication credentials, any additional information sent by the interested party, etc.
  • Tax and payment data : tax code, VAT number, credit card details, bank account details, etc.
  • Data relating to the employment relationship : data included in the curriculum vitae, data relating to the spouse or children, social security data, etc.

The Data Controller processes the following types of Personal Data collected automatically:

  • Technical data : Personal Data produced by the devices, applications, tools and protocols used, such as, for example, information on the device used, IP addresses, browser type, type of Internet provider (ISP). Such Personal Data may leave traces that, in particular when combined with unique identifiers and other information received from the servers, can be used to create profiles of natural persons.
  • Browsing and Application usage data : such as, for example, pages visited, number of clicks, actions performed, session duration, etc.
  • Data relating to the precise location of the Data Subject : for example, geolocation data that precisely identify the position of the Data Subject that can be collected through the satellite network (e.g. GPS) and other means, collected with the prior consent of the Data Subject. The Data Subject can revoke the consent at any time.

Failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation or if they constitute a necessary requirement for the conclusion of the contract with the Data Controller, will make it impossible for the Data Controller to establish or continue the relationship with the Data Subject.

The interested party who communicates to the Data Controller the Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.

2. Cookies and similar technologies

The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect Personal Data of the Data Subject on the pages, links visited and other actions performed when the Data Subject uses the Application. They are stored to be then transmitted to the next visit of the Data Subject. Legal basis and purpose of processing

The processing of Personal Data is necessary:

  • for the execution of the contract with the interested party and specifically:
    • fulfillment of any obligation arising from the pre-contractual or contractual relationship with the interested party
    • support and contact with the interested party : to respond to the interested party's requests
    • Payment management : to manage payments by credit card, bank transfer or other instruments
  • by legal obligation and specifically:
    • the fulfillment of any obligation provided for by current legislation , laws and regulations, in particular, in tax and fiscal matters
  • based on the legitimate interest of the Data Controller, for:
    • email marketing purposes of the owner's products and/or services to directly sell the Data Controller's products or services using the email provided by the Data Subject in the context of the sale of a product or service similar to the one being sold
    • management, optimization and monitoring of the technical infrastructure : to identify and resolve any technical problems, to improve the performance of the Application, to manage and organize information in an IT system (e.g. server, database, etc.)
    • security and anti-fraud : to guarantee the security of the assets, infrastructures and networks of the Owner
    • statistics with anonymous data : to carry out statistical analyses on aggregated and anonymous data to analyse the behaviour of the interested party, to improve the products and/or services provided by the Data Controller and better satisfy the expectations of the interested party
  • based on the consent of the interested party, for:
    • profiling of the interested party for marketing purposes : to provide the interested party with information on the products and/or services of the Data Controller through automated processing aimed at collecting personal information with the aim of predicting or evaluating his/her preferences or behaviors
    • retargeting and remarketing : to reach with a personalized advertisement the Data Subject who has already visited or has shown interest in the products and/or services offered by the Application using his/her Personal Data. The Data Subject can opt-out by visiting the page of the Network Advertising Initiative
    • marketing purposes of the Data Controller's products and/or services : to send commercial and/or promotional information or materials, to carry out direct sales activities of the Data Controller's products and/or services or to carry out market research using automated and traditional methods
    • detection of the exact location of the interested party : to detect the presence of the interested party, to control access, times and presence of the interested party in a specific place, etc.

Based on the legitimate interest of the Owner, the Application allows interactions with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies to which reference is made. The interactions and information acquired by this Application are in any case subject to the privacy settings that the Data Subject has chosen on such platforms or social networks. This information - in the absence of specific consent to processing for further purposes - is used for the sole purpose of allowing the use of the Application and providing the information and services requested.

The Personal Data of the Interested Party may also be used by the Owner to protect himself in court before the competent judicial offices.

3. Methods of processing and recipients of Personal Data

The processing of Personal Data is carried out using paper and computer tools with organizational methods and logic strictly related to the purposes indicated and through the adoption of adequate security measures.

Personal Data is processed exclusively by:

  • persons authorized by the Data Controller who have undertaken to maintain confidentiality or have an appropriate legal obligation of confidentiality;
  • subjects who operate independently as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all processing activities necessary to pursue the purposes set out in this information notice (for example, commercial partners, consultants, IT companies, service providers, hosting providers);
  • subjects or entities to whom it is mandatory to communicate Personal Data by law or by order of the authorities.

The subjects listed above are required to use appropriate guarantees to protect Personal Data and can access only those necessary to perform the tasks assigned to them.

Personal Data will not be disclosed indiscriminately in any way.

4. Place
 Personal Data will not be transferred outside the European Economic Area (EEA).

5. Period of Retention of Personal Data

Personal Data will be retained for the period of time necessary to fulfill the purposes for which they were collected, in particular:

  • for purposes related to the execution of the contract between the Data Controller and the Interested Party, they will be retained for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years. In the event of legal disputes, for the entire duration of the same, until the terms for the exercise of appeal actions have expired
  • for purposes related to the legitimate interest of the Data Controller, they will be retained until such interest is fulfilled
  • for the fulfillment of a legal obligation, by order of an authority and for protection in court, they will be kept in compliance with the timeframes set out in said obligations, regulations and in any case until the expiry of the limitation period set out in the regulations in force
  • for purposes based on the consent of the interested party, they will be retained until the consent is revoked

At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.

6. Rights of the interested party

Interested parties may exercise certain rights with reference to the Personal Data processed by the Data Controller. In particular, the Interested party has the right to:

  • be informed about the processing of your Personal Data
  • revoke consent at any time
  • limit the processing of your Personal Data
  • oppose the processing of your Personal Data
  • access your Personal Data
  • verify and request the rectification of your Personal Data
  • obtain the limitation of the processing of your Personal Data
  • obtain the deletion of your Personal Data
  • transfer your Personal Data to another owner
  • lodge a complaint with the supervisory authority for the protection of your Personal Data and/or take legal action.

To exercise their rights, the Interested Parties may send a request to the following email address info@marcomesseribiagiotti.com. The requests will be taken care of by the Owner immediately and processed as soon as possible, in any case within 30 days.

Last updated: 12/14/2023