DATA CONTROLLER
Amilon S.r.l., with registered office in Milan, Via Natale Battaglia n. 12, Italy, with tax number and VAT number 05921090964 email privacy@amilon.it hereinafter also referred to as “Company”).

DATA PROTECTION OFFICER (DPO)
dpo-ext@amilon.it

1 – DATA PROCESSING PURPOSE
1.1– Contract Purpose: view the web pages and use the services, including the sale of products, offered within the website www.amilon.it (“Website”)
1.2 – Marketing Purpose: by automated (such as sms, mms and e-mail) and traditional means of contact (such as telephone calls with operators and traditional mail), sending of commercial and promotional communications relating to the services/products offered by the Company or reporting of corporate events, as well as carrying out of market research and statistical analysis.
1.3 – Profiling Purpose: analysis of user’s preferences, habits, behaviors or interests in order to send personalized marketing communications.
1.4 – Legal obligations: comply with obligations provided for by regulations and applicable national and international legislation.
1.5 – Newsletters: if requested by user with registration for this service.
1.6 – Rights of the data controller: if necessary, to verify, exercise or defend the rights of the Company in legal proceedings.
1.7 – Out-of-court debt recovery: in order to allow the Company to recover its receivables without appealing to a legal authority.
1.8 – Website functioning: the IT systems and software procedures used to run the Website acquire, during standard functioning, some personal data whose communication is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but that, by their very nature, could, through processing and association with data held by the Company or third parties, allows the identification of users of the Website.

2 – LEGAL BASIS FOR DATA PROCESSING
2.1 – Contract Purpose: performance of a contract the user is a party to.
2.2 – Marketing and Profiling Purposes: consent (optional and revocable at any time).
2.3 – Legal obligations: need to fulfill legal requirements.
2.4 – Newsletters: performance of a contract the user is a party to, or subscription to the newsletter.
2.5 – Rights of the data controller and out-of-court debt recovery: legitimate interest.

3 – DATA RETENTION PERIOD
3.1 – Contract Purpose, Legal obligations and Newsletters: for the entire term of the contract and, after termination, for 10 years.
3.2 – Marketing and Profiling Purposes: until revocation of consent for such purpose. Only data relating to the details of any purchases made will be retained and processed for the terms provided by the measure of the Data Protection Supervisory Authority dated 24 February 2005 and subsequent amendments, namely 24 months.
3.3 – Rights of the data controller and out-of-court debt recovery: in the event of litigation, for the entire duration of the same, as long as the time limits for bringing an appeal have not expired.
3.4 – Website functioning: for the duration of the Website browsing session.
After the above retention terms have expired, the Data will be destroyed, erased or anonymized, consistent with the technical procedures of erasure and backup.

4.1 – PERSONAL DATA PROCESSED FOR CONTRACT PURPOSES – LEGAL OBLIGATIONS – RIGHTS OF THE DATA CONTROLLER – DEBT RECOVERY
Personal data, contact data, administrative and accounting data.

4.2 – PERSONAL DATA PROCESSED FOR MARKETING AND PROFILING PURPOSES
Personal data, contact data, administrative-accounting data, purchase data made on the Website, data collected by cookies installed by the Website.

4.3 – PERSONAL DATA PROCESSED FOR NEWSLETTERS
Contact data.

4.4 – PERSONAL DATA PROCESSED FOR THE FUNCTIONING OF THE WEBSITE
IP addresses or domain names of computers used by users connecting to the Website, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..), other parameters relating to the user’s operating system and IT environment, information relating to website users’ behavior, the pages that have been visited or searched for, in order to select and make specific announcements to the users of the website and data relating to website browsing behavior using, for example, cookies.

5 – DATA PROVISION COMPULSORINESS
The provision of personal data referred to in section 4.1 for the purposes referred to in section 1.1 is mandatory. The refusal to provide such personal data does not enable, therefore, the use of the services of the Website relating to the booking and sale of products.
The provision of personal data referred to in point 4.2 for the purposes referred to in points 1.2 and 1.3 is optional and subject to user consent.
Some personal data referred to in paragraph 4.4 are strictly necessary for the functioning of the Website, others are used only to obtain anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after the processing. In the processing of personal data that can, directly or indirectly, identify the user, we try to respect a principle of strict necessity. For this reason, we have configured the Website so that the use of personal data is reduced to the bare minimum and so as to limit the processing of personal data which allows identification only when necessary or at the request of the authorities and police (such as, for example, traffic data and user’s presence on the Website or his/her IP address) or to determine liability in the event of hypothetical computer crimes against the Website.

6 – DATA RECIPIENTS
The data may be processed by external parties operating as autonomous controllers such as, by way of example, authorities and supervisory and control boards and, in general, public or private parties entitled to request the data.
The data may also be processed, on behalf of the Company, by external parties designated as data processors, who are provided with adequate operating instructions. These subjects are essentially included in the following categories
a. companies offering email services;
b. companies offering Website maintenance and development services;
c. companies offering support in carrying out market researches.

7 – PARTIES AUTHORIZED TO PROCESS DATA
The data can be processed by employees of the Company’s corporate functions in charge of pursuing the purposes indicated above, who have been expressly authorized to process and who have received adequate operating instructions.
The data referred to in point 4.4 collected during Website browsing will be processed by employees, collaborators of the Company or external parties, in their capacity as data processors and managers, who carry out technical and organizational tasks of the Website on behalf of the Company.
A complete and updated list of the data processors appointed by the Company can be obtained by writing an email to privacy@amilon.it

8 – DATA SUBJECT’S RIGHTS – COMPLAINT TO THE SUPERVISORY AUTHORITY
Contacting the Company by e-mail at privacy@amilon.it the User can ask the Company to access to personal data, its erasure, the correction of inaccurate data, the integration of incomplete data, the limitation of data processing in the cases provided for by art. 18 of the GDPR, as well as the opposition to data processing in the cases of legitimate interest of the Company.
Moreover, if the processing is based on consent or contract and is carried out by automated means, the user has the right to receive personal data in a structured format, commonly used and readable by an automatic device, as well as, if technically feasible, to transmit them to another owner without hindrance.
The user is entitled to withdraw consent at any time for marketing and/or profiling purposes and to object to the processing of data for marketing purposes, including profiling related to direct marketing. Nevertheless, the user may prefer to be contacted for this purpose exclusively by traditional means, to express opposition only to the receipt of communications through automated means.
The data subject shall have the right to lodge a complaint with the relevant supervisory authority in the Member State where he or she has his or her habitual residence or employment or in the Member State where the alleged infringement has occurred.

9 – DATA-SAFETY
The data will be processed by automated means for the time strictly necessary to achieve the purposes for which they have been collected and in compliance with the principle of necessity and proportionality, avoiding the processing of personal data if the operations can be performed through the use of anonymous data or by other means.
We have adopted specific security measures to prevent the loss of personal data, illegal or incorrect use and unauthorized access but please note that it is essential for the security of data that the device is equipped with tools such as constantly updated antivirus and that the provider supplying the Internet connection ensures the safe transmission of data through firewalls, anti-spam filters and similar measures.