Privacy

Askan SRL - donneshome.com

INFORMATION ON THE COLLECTION OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION 2016/679

Updated 01/07/2024

This information is provided, pursuant to Article 13 of Regulation (EU) No. 2016/679 on the Protection of Personal Data (hereinafter, the "General Data Protection Regulation"; hereinafter, the "GDPR"), to those who connect to this website (hereinafter, the "Site"), owned and managed by Askan srl. It is intended to describe the processing of personal data of users who visit the Site and/or use the features and services made accessible through it (e.g., newsletter service, contact form). This information is provided only for those who interact with the Site owned by Askan srl and not for other websites owned by third parties that may be accessed by users via dedicated links. Users are encouraged to read this information carefully before submitting any personal information and/or completing any electronic forms on the Site.

1) Identity of the Owner

The Data Controller is Askan srl, with registered office and processing headquarters at Via Bini 6, Novara. The Data Controller reserves the right to process your personal data at locations other than the registered office indicated. For further information, please contact the Data Controller.

You can contact the Data Controller at the email address info@donneshome.com or by writing to the company headquarters listed above.

2) Type of data processed

The personal data processed through our Site are the following :

  1. Browsing data

Information regarding the processing of browsing data and so - called "cookies " can be found in the cookie policy section .

  1. Data provided voluntarily by the interested party

Askan srl collects personal data voluntarily provided by the User when requesting goods or services offered through the Site .

Askan srl will process this data in compliance with applicable law , assuming it refers to the user or to third parties who have expressly authorized the user to provide it based on an appropriate legal basis that legitimises the processing of the data in question. In this case, the User becomes the independent data controller, assuming all legal obligations and responsibilities , and indemnifies Askan srl against any dispute , claim , request for compensation for damages resulting from processing, etc., that may be received by Askan srl from third parties whose personal data has been processed through the use of the Site's services in violation of applicable data protection laws .

  • Purpose of the processing

Except for browsing data and any cookies , the personal data that Users communicate through the Website and other contact channels may be processed for the purposes listed below :

  1. Respond to (or provide updates on ) questions and requests for information or quotes; fulfill the requested services and any additional services resulting from the sale of products or other services of the Data Controller; possibly fulfill the legal and tax obligations of the
  2. Allow registration on the Site and management by the User of his/her personal account if provided for by the
  3. Pursue legitimate interests, such as legal defense , or the communication of special events relating to the products/ services requested by the User, or direct marketing (and related processing activities, such as profiling, to the extent connected to such direct marketing ) .
  4. Build customer loyalty , including through newsletters and marketing operations

The User's personal data will not be used for purposes other than those described in this Policy , unless the User is informed in advance and, where necessary, his or her consent is obtained .

  • Legal bases of the processing

The legal basis for processing for the purposes indicated in points 3a ) and 3b) above is the need to perform the contract to which the User is a party, or the pre-contractual measures adopted at the User's request, or to fulfill a legal obligation to which the Data Controller is subject. The legal basis for processing for the purposes indicated in point 3c) above is the need to pursue the Data Controller 's legitimate interests . The legal basis for processing for the purposes indicated in point 3d ) above is the User 's consent .

  • Data recipients

The collected data will not be disclosed and may be communicated not only to parties who are entitled and have an interest in accessing the User's personal data by law or by secondary and/or EU regulations, but also to the Data Controller's internal staff and to companies, associations , or professional firms that provide goods or services to the Data Controller, such as , for example , IT or cloud service providers .

  • Data transfer

The Data Controller does not transfer the data subject's personal data to third countries or international organizations . However , it reserves the right to use cloud services ; in which case, the service providers

Dear Customer,

We hereby provide you with information pursuant to Article 13 of Regulation (EU) No. 2016/679 on the Protection of Personal Data (the "General Data Protection Regulation," hereinafter the "GDPR").

Identity of the Owner

The Data Controller is Askan srl, represented by its legal representative pro tempore, with registered office and processing headquarters at Via Bini no. 6, Novara. The Data Controller reserves the right to process your personal data at locations other than the registered office indicated above. For further information, please contact the Data Controller. You can contact the Data Controller at info@donneshome.com or by writing to the company headquarters listed above. The Data Controller guarantees the security, confidentiality, and protection of the personal data in its possession, at every stage of the processing. The personal data collected is used in accordance with the principles of lawfulness, fairness, transparency, and relevance, and in compliance with the GDPR.

 Purpose of the processing

Your personal data will be processed for the following purposes :

  1. performance of obligations arising from a contract to which you are a party or to fulfill, before or after the execution of the contract, your specific requests;
  2. organizational, administrative, accounting and commercial management of the contract;
  3. fulfillment of obligations established by law, by a regulation, by community legislation or by an order of the Authority;
  4. internal statistical analysis ;
  5. soft spam

We also remind you that, pursuant to applicable law, Askan srl may use the email address you provide when purchasing one of our services and/or products to offer you similar products and services . However , if you do not wish to receive such communications , you may notify us at any time by sending a request to info@donneshome.com or using the link provided in the email communications you receive . In such a case, Askan srl will immediately discontinue such activity.

 Legal basis for processing

The legal basis for processing data for the purposes indicated above is the performance of a contract to which you are a party or of pre-contractual measures adopted at your request, or to comply with a legal obligation, or to protect our legitimate interests pursuant to Art . 6 of the GDPR , without overriding the interests or fundamental rights and freedoms of the data subject. Providing data for the purposes required and sanctioned by law is mandatory; otherwise, providing data is optional but necessary; therefore, your refusal will make it impossible for the Data Controller to continue with the relationship being established , its timely execution, and support services.

 Treatment methods

Your personal data is processed using both paper-based and electronic/computerized/telematic tools/media using the operations indicated in Article 4(2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.

 Data recipients

Your personal data will not be disclosed or disseminated , and will not be disclosed to unspecified parties in any form, including by making them available or simply consulting them. Such data may , however , be processed by parties under the authority of the Data Controller and/or by expressly authorized collaborators who have received adequate operating instructions , always for the purposes indicated above . Without prejudice to communications made in compliance with legal and contractual obligations, your data may be disclosed to parties authorized to access them pursuant to provisions of law, regulations, and EU legislation, as well as, where necessary for the pursuit of the purposes specified above and to the extent strictly necessary, to parties required to provide goods or services to the Data Controller, such as, for example: credit institutions , insurance companies and firms ; legal , administrative , tax , or marketing consultants who assist the company in carrying out its activities; IT or cloud service providers; any agents , subcontractors , and / or subcontractors engaged in activities related to the performance of the Contract with the Data Controller; subsidiaries, affiliates, or affiliated companies; always in compliance with the GDPR and for the purposes indicated above.

 Data transfer

The Data Controller does not transfer your personal data to third countries or international organizations . However, it reserves the right to use cloud services ; in this case, service providers will be selected from those providing adequate guarantees, as required by Article 46 of the GDPR .

 Data retention

Your collected data will be retained, starting from their receipt/update, for the time strictly necessary to achieve the purposes indicated above and in any case in compliance with the legal deadlines . After this period, the data will be deleted and/or anonymized so as not to allow, even indirectly or by connecting to other databases , the identification of the data subjects, without prejudice to the need to retain the data to comply with the obligations set forth by applicable legislation in force, even after the termination of the processing operations. In the case of consent - based processing , your data will be retained until you withdraw your consent and, subsequently, for the time strictly necessary to comply with applicable legal or regulatory obligations and, in any case, for the time necessary to guarantee the exercise of the company's rights, including in court . The retention period will be determined based on the assessment of the individual transaction and will, in any case, be in compliance with the GDPR principles of necessity, purpose, relevance, minimization, and non-excess.

 Rights of the interested party

You may exercise the following rights against Askan srl at any time pursuant to Articles 15 and 22 of the GDPR:

  1. right to access your personal data ;
  2. right to rectification or erasure;
  3. right to restriction of processing;
  4. right to portability;
  5. right to

You also have the right to freely withdraw your consent at any time . Processing carried out pursuant to your consent and the related legal effects will remain in effect even after your consent is withdrawn . To exercise these rights, report concerns , or request clarification regarding the processing of your personal data, you can send an email to info@donneshome.com , specifying the subject of your request . In any case, you have the right to lodge a complaint with the competent supervisory authority , which in Italy is the Italian Data Protection Authority , if you believe that the processing of your personal data violates applicable law .

 Changes and updates

This policy may be subject to changes and/or additions, including as a result of updates to applicable legislation . The updated policy will be available on the website www.donneshome.com, in the privacy section.

Personal data breaches under Regulation (EU) 2016/679

 

 

WHAT IS A DATA BREACH ?

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

A personal data breach may compromise the confidentiality, integrity, or availability of personal data.

Some possible examples:

  • access or acquisition of data by unauthorized third parties;
  • the theft or loss of computer devices containing personal data;
  • the deliberate alteration of personal data;
  • the impossibility of accessing data due to accidental causes or external attacks, viruses, malware, etc.;
  • the loss or destruction of personal data due to accidents, adverse events, fires or other disasters;
  • the unauthorized disclosure of personal data.

WHAT TO DO IN THE EVENT OF A PERSONAL DATA BREACH?

The data controller must notify the personal data breach to the Italian Data Protection Authority without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

The data controller who becomes aware of a potential breach is required to promptly inform the data controller so that the latter can take action.

Notifications to the Guarantor made after the 72-hour deadline must be accompanied by the reasons for the delay.

Furthermore, if the breach poses a high risk to individuals' rights, the controller must communicate it to all interested parties, using the most appropriate channels, unless it has already taken measures to reduce its impact.

The data controller, regardless of notification to the Data Protection Authority, documents all personal data breaches, for example by maintaining a dedicated register. This documentation allows the Authority to conduct any necessary checks on compliance with the legislation.

WHAT KIND OF PERSONAL DATA BREACHES MUST BE NOTIFIED?

Only personal data breaches that may have a significant adverse effect on individuals, resulting in physical, material, or non-material damage, need to be notified.

This may include, for example, loss of control over your personal data, limitation of certain rights, discrimination, identity theft or risk of fraud, loss of confidentiality of personal data protected by professional secrecy, financial loss, damage to your reputation, and any other significant economic or social disadvantage.

HOW TO SEND THE NOTIFICATION TO THE GUARANTOR?

Starting July 1, 2021, notification of a personal data breach must be sent to the Guarantor via a specific electronic procedure, made available on the Authority's online services portal, and reachable at https://servizi.gpdp.it/databreach/s/ (SEE: Provision of May 27, 2021).

A sample template is available on the same page. This template is NOT to be used for notification to the Guarantor, but it is useful for previewing the content that will be communicated to the Guarantor.

To simplify the obligations imposed on data controllers, the Guarantor has designed and made available a specific self-assessment tool that allows users to identify the actions to be taken following a personal data breach resulting from a security incident.

THE GUARANTOR'S ACTIONS

The Data Protection Authority may prescribe corrective measures (see Article 58, paragraph 2, of EU Regulation 2016/679) if a violation of the provisions of the Regulation is detected, including regarding the adequacy of the technical and organizational security measures applied to the affected data. Fines of up to €10 million or, in the case of businesses, up to 2% of the total annual worldwide turnover are applicable.

E-COMMERCE PORTAL INFORMATION

This Notice is provided pursuant to and for the purposes of Articles 13 and 14 of Regulation (EU) No. 2016/679 on the Protection of Personal Data (the "General Data Protection Regulation," hereinafter "GDPR"), in order to inform adult data subjects of the purposes and methods of use of the data provided by them for the conclusion of contracts governed by the General Conditions of Online Sale, hereinafter "GTC," available on the website www.donneshome.com .

 Identity of the Owner

The Data Controller is Askan srl, represented by its legal representative pro tempore, with registered office and data processing headquarters at Via Bini no . 6 , Novara . The Data Controller reserves the right to process your personal data at locations other than the registered office indicated. For further information, please contact the Data Controller . The Data Controller guarantees the security, confidentiality , and protection of the personal data in its possession, at every stage of the processing. The personal data collected is used in accordance with the principles of lawfulness, fairness, transparency, and relevance, and in compliance with the GDPR.

 Purpose of the processing

Your personal data is processed for the following purposes :

  1. execution of obligations arising from the conclusion of contracts governed by the GTC;
  2. organizational, administrative, accounting and commercial management of the contract;
  3. fulfillment of obligations established by law, by a regulation, by community legislation or by an order of the Authority.

The interested party's data will not be used for purposes other than those described in this policy , unless we inform you in advance and , where necessary, obtain your consent.

 Legal basis for processing

The legal basis for data processing for the purposes indicated above is the performance of a contract to which the data subject is party or of pre-contractual measures adopted at their request , or to comply with a legal obligation , or to protect our legitimate interests pursuant to Art . 6 of the GDPR, without overriding the interests or fundamental rights and freedoms of the data subject. Providing data for the purposes required and sanctioned by law is mandatory; otherwise, providing data is optional but necessary; therefore, any refusal by the data subject will make it impossible for the Data Controller to enter into the contracts governed by the GTC and/or fulfill the obligations arising therefrom.

 Communication and data transfer

The data subject's personal data will not be disclosed or disseminated , and will not be disclosed to unspecified parties in any form, including by making them available or simply consulting them. Personal data may be disclosed to persons entitled to access them pursuant to laws, regulations, and EU legislation, to employees of the Data Controller who are authorized to process them and informed of data protection regulations, as well as to external parties who collaborate with the Data Controller and who are required to supply goods or perform services, designated as Data Processors pursuant to Article 28 of the GDPR, after assessing the existence of sufficient guarantees to implement appropriate technical and organizational measures such that the processing meets the GDPR requirements and guarantees the protection of the data subject 's rights . Under no circumstances will personal data be transmitted to third countries or to international organizations . However , we reserve the right to use cloud services ; in this case , service providers will be selected from among those who provide adequate guarantees , as required by Article 28 of the GDPR . 46 GDPR 679/16.

 Data retention

The collected data will be retained for the time necessary to fulfill the obligations arising from the conclusion of the contracts governed by the GTC and, in any case, to demonstrate fulfillment of these obligations, until their statute of limitations has expired . After this period, the data will be deleted and/or anonymized so as not to allow , even indirectly or by connecting to other databases , the identification of the data subjects , without prejudice to the need to retain the data to comply with the obligations set forth in the applicable legislation in force, even after the processing operations have ceased . In the case of consent - based processing , the data will be retained until the data subject withdraws their consent and, subsequently, for the time strictly necessary to fulfill applicable legal or regulatory obligations and, in any case, for the time necessary to ensure the exercise of the company 's rights , including in court. The retention period will be determined based on an assessment of each individual transaction and will, in any case, be in compliance with the GDPR's principles of necessity, purpose, relevance, data minimization, and non-excess .

 Rights of the interested party

The data subject may exercise the following rights pursuant to Articles 15 and 22 of the GDPR at any time : right to access personal data; right to rectification or erasure ; right to restriction of processing; right to data portability; right to object. The data subject also has the right to freely withdraw any consent given at any time . Processing carried out in accordance with consent and the related legal effects will remain valid even after consent is withdrawn . To exercise these rights , report concerns , or request clarification regarding the processing of their personal data, the data subject may send an email to info@donneshome.com, specifying the subject of their request. In any case, the data subject has the right to lodge a complaint with the competent supervisory authority , which in Italy is the Italian Data Protection Authority , if they believe that the processing of their personal data violates applicable law.

Information for suppliers

Dear Supplier,

We hereby provide you with information pursuant to Article 13 of Regulation (EU) No. 2016/679 on the Protection of Personal Data (“General Data Protection Regulation,” hereinafter “GDPR”).

Identity of the Owner

The Data Controller is Askan srl, represented by its legal representative pro tempore, with registered office and processing headquarters at Via Bini no. 6, Novara. The Data Controller reserves the right to process your personal data at locations other than the registered office indicated above. For further information, please contact the Data Controller. You can contact the Data Controller at info@donneshome.com or by writing to the company headquarters listed above. The Data Controller guarantees the security, confidentiality, and protection of the personal data in its possession, at every stage of the processing. The personal data collected is used in accordance with the principles of lawfulness, fairness, transparency, and relevance, and in compliance with the GDPR.

Purpose of the processing

Your personal data will be processed for the following purposes :

  1. performance of obligations arising from a contract to which you are a party or to fulfill, before or after the execution of the contract, your specific requests;
  2. administrative and accounting obligations, such as accounting and treasury management as well as invoicing ( for example, verification and registration of invoices ) , in compliance with the requirements of current legislation ;
  3. fulfillment of obligations established by law, by a regulation, by community legislation or by an order of the Authority.

Your data will not be used for purposes other than those described in this policy , unless we inform you in advance and , where necessary , obtain your consent .

Legal basis for processing

The legal basis for processing data for the purposes indicated above is the performance of a contract to which you are a party or of pre-contractual measures taken at your request, or to comply with a legal obligation, or to protect our legitimate interests (e.g., pursuing statutory purposes or, if necessary, to exercise and/or defend the Company's rights in court). Providing data for the purposes required and sanctioned by law is mandatory ; otherwise , providing data is optional but necessary, and your refusal will make it impossible for the Data Controller to continue with the relationship, its timely execution, and support services .

Treatment methods

Your personal data is processed using both paper-based and electronic/computerized/ telematic tools and media using the operations indicated in Article 4(2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection , extraction, comparison, use, interconnection, blocking, communication, erasure , and destruction of data. The Data Controller does not perform automated decision-making processes on the data of individual customers or of natural persons acting on behalf of legal entity customers .

Data recipients

Your personal data will not be disclosed or disseminated, nor will it be disclosed to unspecified parties in any form , including by making it available or simply consulting it . However , such data may be processed by parties under the authority of the Data Controller and/or by expressly authorized collaborators who have received adequate operating instructions , always for the purposes indicated above . Without prejudice to disclosures made in compliance with legal and contractual obligations, your data may be disclosed to parties authorized to access it pursuant to provisions of law, regulations, and EU legislation, as well as, where necessary for the pursuit of the purposes specified above and to the extent strictly necessary, to parties required to provide goods or services to the Data Controller, such as , for example : credit institutions , insurance companies and firms ; legal, administrative, tax , or marketing consultants who assist the company in carrying out its activities; IT or cloud service providers; any agents, subcontractors, and/or subcontractors engaged in activities related to the performance of the Contract with the Data Controller; subsidiaries, affiliates , or affiliated companies ; always in compliance with the GDPR and for the purposes indicated above .

Data transfer

The Data Controller does not transfer your personal data to third countries or international organizations. However, it reserves the right to use cloud services ; in this case, service providers will be selected from among those providing adequate guarantees , as required by Article 46 of GDPR 679/16 .

Data retention

Your collected data will be retained, starting from their receipt/update, for the time strictly necessary to achieve the purposes indicated above and in any case in compliance with the legal deadlines . After this period , the data will be deleted and/or anonymized so as not to allow , even indirectly or by connecting other

databases , to identify data subjects, without prejudice to the need to retain the data to comply with obligations under applicable legislation , even after the processing operations have ceased . In the case of consent-based processing, your data will be retained until you withdraw your consent and, subsequently, for the time strictly necessary to comply with applicable legal or regulatory obligations and , in any case, for the time necessary to ensure the exercise of the company's rights, including in court. The retention period will be determined based on an assessment of each individual transaction and will, in any case, comply with the GDPR 's principles of necessity, purpose, relevance, data minimization , and non- excess .

Rights of the interested party

You may exercise the following rights against Askan srl at any time pursuant to Articles 15 and 22 of the GDPR:

  1. right to access your personal data ;
  2. right to rectification or erasure;
  3. right to restriction of processing;
  4. right to portability;
  5. right to

You also have the right to freely withdraw any consent you may have given at any time. Processing carried out pursuant to your consent and the related legal effects will remain in effect even after your consent has been withdrawn. To exercise these rights, report concerns, or request clarification regarding the processing of your personal data, you can send an email to info@donneshome.com, specifying the subject of your request. In any case, you have the right to lodge a complaint with the competent supervisory authority , which in Italy is the Italian Data Protection Authority , if you believe that the processing of your personal data violates applicable law .

Changes and updates

This information may be subject to changes and/or additions, including as a result of updates to applicable legislation .

The updated information will be available on the website www.donneshome.com, in the privacy section .