Newsletter – Processing Of Personal Data

Privacy Notice For Users Regarding The Processing Of Personal Data For The “Newsletter” Section

Article 13 of Regulation (EU) 2016/679 (GDPR)

Donati S.p.A., with registered office in Via Paderno 15/F – 25050 Rodengo-Saiano (BS), Tax Code and VAT No. 03484480177 (hereinafter also referred to as “the Controller”, “Donati” or “the Company”), in its capacity as Data Controller, provides this notice to illustrate the methods of processing personal data collected through the “newsletter” section of the company’s website.



Contact Details Of The Data Controller

Donati S.p.A.
Registered office: Via Paderno 15/F – 25050 Rodengo-Saiano (BS)
Tax Code and VAT No. 03484480177
E-mail: privacy.gruppodonati@donatiholding.it
Certified e-mail (PEC): donatispa@legalmail.it



Data Processed

The data processed through the newsletter subscription form include:

  • identification data (name, surname, company, country);
  • contact data (e-mail address).




Purposes And Legal Bases Of The Processing

The personal data collected are processed for the purpose of sending informational and promotional communications regarding products, services, initiatives, events, and news of Donati S.p.A. Communications will be made exclusively by Donati S.p.A., without any disclosure of personal data to third parties for their own marketing purposes. The legal basis of the processing is the data subject’s consent, pursuant to Article 6(1)(a) of Regulation (EU) 2016/679, expressed through the appropriate selection (checkbox) at the time of newsletter subscription.
Providing consent is optional, but necessary in order to receive promotional and informational communications. Failure to provide consent will make it impossible for the Company to send updates, offers, or other promotional or informational messages.
Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by writing to privacy.gruppodonati@donatiholding.it, via certified e-mail (PEC) to donatispa@legalmail.it, or by using the unsubscribe link contained in each communication.



Methods Of Processing

Processing is carried out by electronic means, under the authority of the Controller, by persons expressly authorised and instructed pursuant to Article 29 of the GDPR. Processing is performed in compliance with the principles of lawfulness, fairness, transparency, data minimisation, and security (Article 5 GDPR).
Data may also be processed by third parties appointed as Data Processors pursuant to Article 28 of the GDPR (for example, IT service providers, newsletter management platforms, web hosting companies, IT consultants), who operate under a written agreement and under the direct supervision of the Controller.
The updated list of Data Processors is available from the Controller upon the data subject’s request. Under no circumstances will the data be disclosed.



Data Retention Period

Personal data will be retained for a maximum period of 24 months from the date on which consent is obtained, unless earlier withdrawal by the data subject.
If, prior to the expiry of the aforementioned period, the data subject clearly expresses the will to continue the communication relationship with the Controller, also through positive and conclusive actions such as, by way of example, opening received messages, interacting with promotional content, or participating in the reported initiatives, the retention period may be extended for an additional equal period.
In any case, the data subject retains the right to object at any time to processing for marketing purposes and to request the deletion of their data, through the methods indicated in this notice.



Data Transfer Abroad

The processing of personal data mainly takes place within the territory of the European Union.
Should the Company make use of suppliers or Data Processors employing tools or services (such as servers or cloud platforms) located outside the EU, the Controller ensures that such transfers are carried out in full compliance with Articles 44 et seq. of the GDPR.



Rights Of The Data Subject

Data subjects may exercise, at any time, the rights provided for by Articles 15–22 of the GDPR, including:

  • obtain confirmation as to whether or not data concerning them exist and access such data (Article 15);
  • request their rectification or update (Article 16);
  • obtain their erasure in the cases provided for (Article 17);
  • request restriction of processing (Article 18);
  • receive their data in a structured, commonly used and machine-readable format and transmit them to another controller (Article 20);
  • object at any time to the processing of data carried out for marketing purposes (Article 21);
  • withdraw consent given (Article 7(3)).

Requests may be sent to the Controller by writing to privacy.gruppodonati@donatiholding.it or via certified e-mail (PEC) to donatispa@legalmail.it.
If the data subject believes that the processing of their personal data violates the applicable law, they have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or to bring the matter before the competent judicial authorities.



Changes

This privacy notice may be subject to changes as a result of regulatory updates or variations in processing methods.