Privacy

EXTENDED INFORMATION PURSUANT TO ARTICLES. 12, 13 AND, IF APPROPRIATE, 14 OF THE GDPR – REGULATION (EU) 2016/679 RELATING TO THE PROTECTION OF NATURAL PERSONS, WITH REGARD TO THE PROCESSING OF PERSONAL DATA (HEREINAFTER THE GDPR)

Il titolare del trattamento riporta, di seguito, l’Informativa ai sensi degli artt. 12, 13 e, occorrendo, 14 del GDPR relativa al trattamento dei dati personali forniti dal Cliente/interessato tramite la compilazione e sottoscrizione del Contratto per acquistare i prodotti/servizi offerti in vendita dal titolare del trattamento stesso, caricando spontaneamente in questo sito web dati personali (in particolare attraverso la compilazione di form) o semplicemente navigando in esso.

1. Data controller and data protection officer personal

The data controller is the company The  Best Cleanings Service S.r.l., in the name of the legal representative pro tempore, with headquarters in S. Giuliano Milanese (Milan), via G. Puccini n. 9, C.F. and VAT number 05188240963, tel. +39 0298245619, e-mail info@cleaningsservice.it, web www .cleaningsservice.it (hereinafter the website). The owner can be contacted via PEC cleaningsservice@pec.cleaningsservice.it. The company has not appointed a personal data protection officer (RDP or data protection officer, DPO), as the company does not fall into those categories provided for by the art. 37, par. 1, letter. b) and c), of Regulation (EU) 2016/679 and the processing is carried out by the legal representative pro tempore della The Best Cleanings Service s.r.l.

2. Principles applicable to the treatment
   In accordance with the provisions of the GDPR, the data controller constantly works to ensure that personal data are:
3. processed in a lawful, correct and transparent manner;
4. collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes;
5. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
6. exact and, if necessary, updated;
7. kept for a period of time not exceeding the achievement of the purposes for which they are processed;
8. processed, using adequate technical and organizational measures, in order to guarantee security;
9. processed, if by virtue of consent, by decision freely taken by the Customer/interested party, on the basis of a request presented in a way clearly distinguishable from the rest, in an understandable and easily accessible form, using simple and clear language.

The data controller adopts appropriate technical and organizational measures in order to ensure the protection of personal data by design and to ensure that, by default, only personal data are processed necessary for each specific processing purpose.
The data controller collects and takes into utmost consideration the indications, observations and opinions of the Customer/interested party transmitted to the contact details above, in order to implement a dynamic privacy management system that ensures effective protection of people, with regard to the processing of their data.
This information may undergo changes, in line with the evolution of the reference legislation and the technical and organizational measures gradually adopted by the data controller; the Customer/interested party is therefore asked to periodically visit this section of the Site, to view the updates and the Information in the text in force from time to time.

3. Methods of processing

(3a) Method of processing personal data
The processing of personal data is carried out manually and with electronic tools, with logic strictly related to the purposes indicated below and, in any case, in order to guarantee the security and confidentiality of the data themselves.

(3b) Contact form

The User, by filling in the contact form with his/her data, consents to their use to respond to requests for information, quotes, or any other nature indicated by the form header.

Personal Data collected: surname, email, name, telephone number and various types of Data.| ||117

4. Purposes of the processing of personal data

(4a) Purposes for which the processing of data is necessary
The personal data provided by Customer/interested party are mainly processed for the execution of the Contract and the management of the credit and, more generally, of the relationship arising from the Contract itself.
The provision of data in the Contract or subsequently, during the contractual relationship, for the processing purposes in question it is mandatory; therefore, the failure, partial or incorrect provision of such data makes it impossible to stipulate and/or execute the Contract and, for the Customer/interested party, to use the products/services offered by the data controller, potentially exposing the Customer/interested party himself. to liability for contractual breach.
The personal data provided by the Customer/interested party may also be processed if this is necessary to fulfill a legal obligation to which the data controller is subject, for the protection of the vital interests of the Customer/interested party or of another natural person, for the execution of a task of public interest or connected to the exercise of public powers vested in the data controller, or for the pursuit of the legitimate interest of the data controller itself or third parties, provided that the interests or fundamental rights and freedoms of the Customer/interested party do not prevail; even in these cases, the provision of data is mandatory and, therefore, failure, partial or incorrect communication of data may expose the Customer/interested party to possible liabilities and sanctions provided for by the legal system. 

(4b) Further purposes of the processing following specific and express consent of the Customer/interested party
In addition to the processing purposes mentioned above, the personal data provided/acquired may be processed, subject to the consent of the Customer/interested party, to be expressed by selecting the box << I have read and accept the Privacy conditions >> on the Contract or on the Site (or by using other social or web applications of the owner of the processing), also for carrying out market surveys and to carry out commercial and promotional communications, via telephone (also using the mobile number provided) and automated contact systems (e-mail, sms, mms, fax, etc.), on products/services of the data controller.
Consent for the processing purposes referred to in this point (4b) is optional; therefore, following any refusal, the data will be processed only for the purposes indicated in the previous point (4a), except as specified below with reference to the legitimate interests of the data controller or third parties.

 | ||128

5. Categories of personal data processed The data controller mainly processes identification/contact data (name, surname, addresses, type and number of identification documents, telephone numbers, e-mail addresses, of a fiscal/billing nature, unless otherwise specified) and, if commercial transactions are envisaged, financial data (of a banking nature, in particular current account identifiers, numbers of credit cards, except for others connected to the aforementioned commercial transactions). 
   The processing that the data controller carries out, both for the execution of the Contract and by virtue of the express consent of the Customer/interested party, does not generally concern particular categories of personal data, known as sensitive (which reveal the racial or ethnic origin, political opinions, religious beliefs, state of health or sexual orientation, etc.), nor genetic and biometric data or so-called judicial data (relating to criminal convictions and crimes).
   Tuttavia, non può escludersi che il titolare del trattamento, al fine di eseguire le obbligazioni discendenti dal Contratto, abbia la necessità di trattare dati sensibili, quali dati giudiziari (relativi al casellario giudiziale) dei propri dipendenti o di terzi richiesti dal Cliente/interessato;
   The data controller processes, as data controller with reference to the Site, and, potentially, as data controller appointed for this purpose (in the terms set out above) by the Customer/interested party, also the so-called navigation data. The computer systems and software procedures used to operate the websites acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified subjects, but which, by its very nature, could allow the interested party to be identified. This category of information includes geolocation data, IP addresses, browser type, operating system, domain name and website addresses from which access has been made or exited, information on the pages visited by users within of the site, access time, time spent on a single page, internal path analysis and other parameters relating to the operating system and the user's IT environment. It is, therefore, information which, by its very nature, allows users to be identified through processing and association also with data held by third parties.
   Cookies may then be used on the Site , both session (which are not stored on the data subject's computer and disappear when the browser is closed) and persistent, for the transmission of personal information, or in any case systems for tracking data subjects.

6. Payment management

Payment management services allow the company to process payments via credit card, bank transfer or other instruments. The data used for payment are acquired directly by the manager of the requested payment service without being processed in any way by the company.

Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding payment.

PayPal

PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments.|| |142

Dati personali raccolti: varie tipologie di Dati secondo quanto specificato dalla privacy policy del servizio.

Privacy Policy (link)

https://www.paypal.com /IT/webapps/mpp/ua/privacy-full?locale.x=it_IT

7. Registration and statistics

(7a) Registration and authentication|| |148

Con la registrazione o l’autenticazione l’Utente consente all’Applicazione di identificarlo e di dargli accesso a servizi dedicati.

(7b) Direct registration|| |151

L’Utente si registra compilando il modulo di registrazione e fornendo direttamente alla società i propri Dati Personali.

Personal Data collected: surname, date of birth, email and name.

(7c) Statistics

The services contained in this section allow the Data Controller to monitor and analyze the traffic data of the company's website, through the use of  Google Analytics of which the link to their privacy policy is given below:

Place of processing: USA – Privacy Policy – ​​Opt Out https ://policies.google.com/privacy

8. Source of personal data
   The personal data that the data controller processes are collected directly by the data controller himself from the Customer/interested party at the time of, and during, navigation of this on the Site (or using other social or web applications of the data controller), or, also through its sales representatives, on the occasion of, or subsequent to, the signing of the Contract, in the phase of execution of the same.
    
9. Legitimate interests
   The legitimate interests of the data controller or third parties may constitute a valid legal basis for the processing, provided that the interests or rights and freedoms do not prevail fundamentals of the interested party. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the data controller and the data subject, for example when the data subject is a client of the data controller. In particular, it constitutes the legitimate interest of the data controller to process personal data of the Customer/interested party: for fraud prevention purposes, for direct marketing purposes, or relating to traffic, in order to guarantee the security of networks and information, that is, the ability of a network or system to resist unexpected events or illicit acts that could compromise the availability, authenticity, integrity and confidentiality of data. 

10. Circulation of personal data

(10a) Communication of personal data – categories of recipients
As well as from employees and collaborators to various titles of the data controller (who are authorized by the data controller himself to process pursuant to adequate written operating instructions, in order to guarantee the confidentiality and security of the data), some processing operations can also be carried out by third parties , to whom the data controller entrusts certain activities, or part of them, functional to the purposes referred to in point (4a), therefore both in execution of contractual and legal obligations, among which deserve mention, however, inevitably and not exhaustively: commercial and/or technical partners; companies that provide banking and financial services; companies that perform document archiving services; debt collection companies; auditing and financial statement certification companies; rating companies; subjects who carry out professional assistance and consultancy activities in favor of the data controller; companies that carry out customer care activities; factoring companies, credit securitization companies or otherwise credit transferees; company of the Group to which the data controller possibly belongs; subjects who provide commercial information; IT services company. The subjects belonging to the aforementioned categories process the same personal data as independent data controllers, or as data controllers, with reference to specific processing operations that fall within the contractual services that the same subjects perform for/in the interest of of the data controller; the data controller gives adequate written operating instructions to the data controllers, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of the data.
Some processing operations may be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, also functionally to the purposes referred to in point (4b), among which deserve mention, however, inevitably and not exhaustively: commercial partners and/or technicians; companies that institutionally provide marketing services; advertising agencies; subjects who provide assistance and consultancy activities with reference to competitions and prize operations. The subjects belonging to the aforementioned categories process personal data as independent data controllers, or as data controllers, with reference to specific processing operations that fall within the contractual services that the same subjects perform in favor/in the interest of the data controller; the data controller gives adequate written operating instructions to the data controllers, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of the data.
It is available, subject to written request to be sent to the headquarters of the data controller, the list, subject to periodic updating, of the data controllers with whom the data controller has relationships.
Personal data may also be communicated, in case of request, to the competent authorities, in fulfillment of obligations deriving from mandatory provisions of law.

(10b) Transfer of personal data to third countries
The personal data of the Customer/interested party may be transferred abroad, both to European Union countries and in countries outside the European Union at the time of purchasing packages through payment with the PayPal platform of which the "Privacy Policy" link is available which refers to the GDPR regulation of reference.

11. Criteria for determining the retention period of personal data
    For the purposes referred to in point (4a) above, the retention period of personal data released by the Customer/ interested party, and their consequent potential processing, coincides with the limitation period of the rights/duties (legal, fiscal, etc.) deriving from the Contract: generally 10 years, therefore, except for the occurrence of events interrupting the limitation period which could prolong, done, said period.
    For the purposes referred to in point (4b) above, the retention period of the data released by the Customer/interested party, and their consequent potential processing, ends with the revocation of consent previously issued by the Customer/interested party himself or, in the absence of this, in any case one year after the termination of any relationship between the data controller and the Customer/interested party.

12. Communication of data

The personal data of the Customer/interested party may be communicated to:

1. employment consultants and accountants who provide functional services for the purposes indicated above;
2. institutes banking and insurance companies that provide functional services for the purposes indicated above;
3. subjects that process the data in fulfillment of specific obligations of law;

13. Rights of the Customer/interested party
    The data controller recognizes – and facilitates the exercise, by the Customer/interested party, of – all the rights provided for by the GDPR, in particular the right to request access to one's personal data and to extract a copy (art. 15 GDPR), to the rectification (art. 16 GDPR) and to the cancellation of the same (art. 17 GDPR), to the limitation of the processing that concerns him (art. 18 GDPR), to the portability of the data (art. 20 GDPR, where applicable the conditions are met) and to oppose the processing that concerns him (articles 21 and 22 GDPR, for the hypotheses mentioned therein and, in particular, to the processing for marketing purposes or which translates into a automated decision-making process, including profiling, which produces legal effects concerning him, where the conditions are met).
    The data controller also acknowledges to the Customer/interested party, if the processing is based on consent , the right to revoke said consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. To do this, the Customer/interested party can unsubscribe at any time on the Site (or on other social or web applications of the data controller) or by using the appropriate link at the bottom of each commercial communication received, or by contacting the data controller at contact details above.
    The data controller also informs the Customer/interested party of the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data, as supervisory authority operating in Italy, and to propose appeal jurisdictional, both against a decision of the Guarantor Authority, and against the data controller himself and/or a data controller.

14. Security of systems and personal data| ||190
    Tenendo conto dello stato dell’arte e dei costi di attuazione, nonché della natura, dell’oggetto, del contesto e delle finalità del trattamento, come anche del rischio, in termini di probabilità e gravità, per i diritti e le libertà delle persone fisiche, il titolare del trattamento adotta misure tecniche ed organizzative ritenute appropriate a garantire un livello di sicurezza adeguato al rischio, in particolare assicurando, su base permanente, la riservatezza, l’integrità, la disponibilità e la resilienza dei sistemi e dei servizi di trattamento (anche attraverso la cifratura dei dati personali, ove necessario) e la capacità di ripristinare tempestivamente la disponibilità dei dati in caso di incidente fisico o tecnico, ed adottando procedure interne dirette a testare, verificare e valutare regolarmente l’efficacia delle misure tecniche e organizzative impiegate.
    When assessing the adequate level of security, account is taken of the risks presented by the processing which derive, in particular, from destruction, loss, modification, unauthorized disclosure or access, in an accidental or illegal manner , to personal data transmitted, stored or otherwise processed.
    The data controller ensures that anyone acting under his authority and having access to personal data does not process such data unless instructed to do so by the same owner of processing.
    That said, the Customer/interested party acknowledges and accepts that no security system guarantees, in terms of certainty, absolute protection; therefore, the data controller is not liable for acts or facts of third parties who, despite the adequate precautions adopted, access the systems without the necessary authorizations.

15. Automated decision-making processes, including profiling
    The data controller may carry out automated processing, including profiling, in relation to the purposes referred to in point (4b) above, to optimize the navigability of the Site (or the usability of other social or web applications of the data controller) and to improve the purchasing experience, except as specified above with regard to the rights of opposition and revocation of consent by the Customer/interested party.
    Profiling means any form of automated processing of personal data aimed at evaluating certain aspects relating to a natural person, in particular to analyze or predict aspects concerning, for example, that person's personal preferences, interests or location, also for the purpose of creating profiles, that is homogeneous groups of subjects in terms of characteristics, interests or behaviour.
    The data controller does not carry out any automated processing that produces legal effects concerning the Customer/interested party or that significantly affects his/her person in a similar way, unless this is necessary for the conclusion or execution of the Contract, is authorized by law or is based on the explicit consent of the Customer/interested party, in any case always recognizing the latter's right to obtain human intervention, to express his/her opinion opinion and to contest the decision.