Privacy policy
Pursuant to Reg mentation (EU) no. 679/2016 this page describes the methods of processing the personal data of users who consult the website 2changingart.com.
This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the sites, but referring to resources external to the Owner’s domain.
1. OWNER OF THE TREATMENT
The Data Controller is STKZ S.r.l. Via Marco Fabio Quintiliano, 24/A 20138 Milano, MI CF/PI 12782150960 REA MI-2684504 e-mail info@2changinart.com.
2. CATEGORIES OF DATA PROCESSED
Navigation data. The computer systems and software procedures used to operate this site automatically acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are the IP addresses or domain names of the computers used by the connecting user, the addresses in URI notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response , the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the permanence on each page) and details relating to the itinerary followed within the site, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the user’s IT environment.
Data common personal collected upon registration and/or communicated by the user.
Please note that the optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller involves the acquisition of the sender’s contact details and any additional personal data included in the communications, which are necessary to manage and respond to the contact request made.
Data relating to specific user preferences and interests (with the express consent of the user).
Remember that the user can revoke his consent to the processing of these categories of data at any time, through the appropriate section of the profile or by contacting the Data Controller at the addresses indicated in this statement. The revocation, however, will not affect the lawfulness of the treatment based on the consent before the revocation.
3. PURPOSE AND LEGAL BASES OF THE TREATMENT
The processing of personal data provided by the user when using the services will be carried out for the following purposes:
The processing of the user’s personal data for the purposes stated above is lawful where it is:
The provision of data for the purposes referred to in numbers 1) and 2) is mandatory and refusal by the user may not make it possible the use of the services. In particular, when the data requested by the site are marked as mandatory, the provision of the same by the user is necessary for it to be possible to render the requested service.
In any case, it is specified that the communication of data to the public Authorities will be carried out in cases where it is required by law.
The provision of data for the purposes referred to in numbers 3) and 4) is instead optional and the user’s refusal to provide data for these purposes it will have no consequence other than to prevent by the Data Controller the treatment for marketing activities/newsletter and profiling.
4. PROCESSING METHODS
The data as indicated above are processed with mainly telematic and IT tools or systems in accordance with the provisions of the Reg (EU) n. 679/2016.
The Data Controller uses automated decision-making processes, including profiling, exclusively with the express consent of the user concerned.
5. DATA CONSERVATION
The acquired data will be processed exclusively for the necessary period to the performance of the services requested and, as regards registration data, until the account is canceled by the user. In fact, it is specified that the user is guaranteed at any time the right to definitively cancel his/her account by means of thespecial procedure described in the Terms and Conditions, however always without prejudice to the legitimacy of the treatment of the personal data necessary to pursue the purposes indicated under par. 3., nos. 1-2) of this information. It should be noted that, in the event of definitive cancellation of the account, the user’s personal data will no longer be disclosed on the website, nor will they be accessible by other users.
The user is also guaranteed the possibility of unsubscribing from the newsletter via a special link accessible from each newsletter e-mail, as well as withdraw your consent to the processing of personal data for profiling purposes via specific section of the profile or by contacting the Data Controller at the addresses indicated in this information.
Although user data is processed only for the time strictly necessary to achieve the purposes described above, the same will subsequently be kept for the period necessary during which responsibilities may arise for the Data Controller deriving from the processing in compliance with current legislation.
COMMUNICATION OF DATA AND TRANSFER ABROAD
Consistent with the purposes indicated above, personal data may be disclosed, with different levels of access depending on the tasks assigned, by the personnel in charge of the Data Controller and , in particular, the personnel involved in the management of functional activities for the correct provision of services and their IT management.
Furthermore, users’ personal data may be disclosed to other recipients for the performance of regulatory obligations envisaged for this purpose and in order to be able to comply with the obligations imposed by the laws in force, without prejudice to the guarantee of protection of the rights of the interested party. These include credit institutions, logistics service providers, technology and analysis service providers, judicial or administrative authorities.
Where necessary, for the stated purposes, some processing of the user’s personal data may also be carried out by external subjects to whom the Data Controller entrusts certain activities (or part of them) functional to the management of the established relationship, in all its phases. In this case, the same external subjects, who will operate as Data Processors and are essentially included in the following categories:external professionals and consultants who provide functional services for the purposes indicated above, artists (in case of purchase of works), information society and IT development and assistance.
The user’s personal data may be transferred abroad even outside the territory of Italy and in particular in [•], Country belonging to the European Economic Area and considered as a country able to guarantee an adequate level of protection. In any case, computer and technical security systems are used in the transfer activity such as to guarantee the confidentiality of the data.
RIGHTS OF THE INTERESTED
As an interested party, each User has the right to request at any time:
and propose any complaints to the Data Protection Authority or other competent Authority on the point where it believes that its rights have been violated.