Dear User, this information describes, pursuant to art. 13 of EU Regulation 2016/679 (General Data Protection Regulation, hereinafter GDPR), the methods of processing personal data provided by the User while browsing and using the services made available through this website. The processing will be based on compliance with the principles of lawfulness, transparency, correctness and protection of the privacy and rights of the User, always in accordance with national and European legislation currently in force.
The Data Controller, pursuant to articles 4 and 24 GDPR, is Cavalleria Toscana S.p.A., with registered office in Via Celio Bottai 11 – 51015, Monsummano Terme (PT). Email address: email@example.com
Data Protection Officer (DPO)
The Data Protection Officer (DPO), designated pursuant to Article 37 GDPR, is available at firstname.lastname@example.org
Joint Data Controller
Joint Data Controller, pursuant to art. 26 GDPR, with regard to the personal data of customers and users collected through the sale of goods and services, is the Company CT Academy S.a.r.l., with registered office in Monaco (Principality of Monaco), 4, Révérend Père Luis Frolla - 98000. Email address: email@example.com
Type of data collected
- Navigation data.The computer systems and software procedures used to operate the websites may acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This category of data could include IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the operating system and the User's computer environment. These data are used for the sole purpose of receiving anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing
- Data provided through the Contact Us section. In addition to the data collected when the User sends a message to the e-mail addresses indicated on the site, the following data are acquired through the appropriate form: name, surname, e-mail, telephone number and any other data that the User enters in the message section.
- Data released for Newsletter subscription, such as name, surname, e-mail address, month and day of birth.
- Data released following registration on the website (login) such as name, surname, e-mail, date of birth. Social login. The registration procedure can be bypassed via social login. This is an alternative registration procedure that allows you to use your Facebook or Google credentials to log in. With the Facebook or Google API, in fact, you can transfer information from your social profile and wait for the page to load: the profile will be created automatically. In case of registration through one of these social networks, we will receive the following information:
- Facebook Inc.: first and last name, email address, gender, date of birth, profile picture.
- Google Inc.: first and last name, email address, gender, date of birth, profile picture.
- Data relating to the order history and items saved in the Shopping Cart or Wishlist.
- Data released through the e-commerce section, ssuch as name, surname, e-mail, address, telephone number, company if any and data relating to shipping, payment and billing.
- Personal data, even "special data", contained in the CVshat may be sent to the e-mail addresses indicated on the site. In this case the Data Controller – in accordance with the provisions and guidelines of the Supervisory Authority– will provide the information on the processing of data contained in the curriculum at the time of the first useful contact with the candidate.
Purpose and legal basis of the processing
Data are processed for the following purposes:
- to allow the website to function properly and for the User to navigate correctly. The legal bases are the execution of contractual measures and the legitimate interest of the Controller (Art. 6, b, f, GDPR);
- to execute your requests and respond to questions made through the Contact Us section or through the email addresses provided; to fulfill orders, manage payments and make returns and refunds, to provide customer service and support. The legal basis is the execution of contractual and pre-contractual measures adopted at the request of the customer (Art. 6, b, GDPR);
- to provide via e-mail information on goods or services similar to those already purchased - so-called Soft spam -, provided that the User does not object to the processing. The legal basis is Art. 130, paragraph 4, Legislative Decree 196/2003 as amended;
- for marketing and sales promotion purposes, in order to send news on products, services or offers promoted by Cavalleria Toscana and the Joint Data Controller, by e-mail, telephone or other digital communication tools. The processing of data collected and stored for this purpose has as its legal basis the consent of the User (Article 6(a) GDPR).
- the processing of data contained in the CVs received is lawful as it is necessary to implement pre-contractual measures (Art. 6, b, GDPR) adopted at the request of the data subject. The processing of "special" data is lawful on the basis of the Provision of the Supervisory Authority of 5 June 2019 which integrates and modifies the General Authorization no. 1/2016;
- comply with legal obligations to which the Data Controller is subject in the administrative-accounting field (Article 6, (c), GDPR).
Provision of data
The provision of the requested data in the fields marked with an asterisk (*) is mandatory. Any refusal to communicate the data marked as mandatory could make it impossible to execute the contract and provide the services available. The provision of additional data is, however, optional.
Modalities and place of processing
The processing of personal data is carried out mainly electronically and telematically by the Data Controller and the Joint Data Controller, using specially authorized internal staff. We adopt appropriate security measures in order to minimize the risks of destruction or loss - even accidental - of data, unauthorized access or processing that is not permitted or does not comply with the purposes of collection. The data are processed at the offices of the Data Controller and the Joint Data Controller and in any other place where the parties involved in the processing are located, as well as at the host servers. For more information contact the Data Controller
The data are processed for the time necessary to perform the service requested by the User or in general until the purposes for which they were collected are achieved. The data of users registered or subscribed to our Newsletter are kept until the request for cancellation. The User may at any time request the interruption of the processing or the deletion of data. Payment and billing data will be kept by virtue of legal obligations relating to fiscal-administrative-accounting obligations. With regard to marketing purposes, the retention period of purchase data is 24 months from the last useful interaction. Subsequently, personal data will be automatically deleted or permanently anonymized.
Communication of personal data
The User's personal data will not be disclosed to indeterminate subjects, however the data may be communicated to third parties, legal and / or natural persons, which provide the Data Controller with outsourced services of a technical and organizational nature, such as IT services, communication services, e-mail marketing services, logistics services, etc. The same will operate as controllers or duly appointed data processors, in full compliance with the current legislation indicated above. They shall be provided only with the information necessary for the performance of their duties. The complete and updated list of data processors is available upon request. Please note that the data may be made available to subjects who have the right to access them by virtue of legal provisions, within the limits and for the purposes set out in these rules, as well as to banks, credit institutions, debt collection companies and insurance agencies.
Transfer of personal data
The transfer of personal data to the Joint Controller CT Academy S.a.r.l., based in the Principality of Monaco, is carried out in accordance with Articles 44 et seq. of the GDPR, providing appropriate means to ensure adequate data protection guarantees. Any further transfer to third countries that may be necessary, to follow up the contract in place with the User, will be carried out in compliance with the same principles.
Links to other websites
This information is provided only for cavalleriatoscana.com and not for other websites that may be consulted by the User through links. Cavalleria Toscana cannot be held responsible for personal data provided by users to external parties or to any websites linked to this site.
The website allows interaction with social networks through a direct link to Facebook, Instagram, Pinterest, YouTube and Twitter by means of social buttons, particular buttons on the site that depict the icons of social networks and allow users who are browsing to interact with a 'click' directly with the social networks. In this case the social network acquires data relating to the visit.In order to ensure that the data processed on this site is not linked to your social profile, it is recommended that you log out from it. The Data Controller will also collect data that the User agrees to share on the company's social pages. For more information on data processing by these external parties, please refer to their respective privacy policies.
Rights of the data subject
At any time, pursuant to Articles. 15 et seq. of EU Regulation 2016/679, the User may exercise the following rights:
- access the processed data, obtain information on certain aspects of the processing and receive a copy of the same;
- verify the correctness of the data and request its updating or correction;
- obtain the cancellation or removal of personal data;
- obtain the limitation of data processing, when certain conditions are met;
- receive the data in a structured format, commonly used and readable by automatic device and, where technically feasible, obtain their transfer without hindrance to another controller;
- oppose the processing of data when it takes place on a legal basis other than consent;
- odge a complaint with the competent Data Protection Supervisory Authority (for Italy, Garante per la protezione dei dati personali, www.garanteprivacy.it).
The exercise of rights, with the exception of letter g) may take place by sending a request to the e-mail address firstname.lastname@example.org
Please note that for any further information or in case of suspected violation of the legislation on the protection of personal data, the User may contact the Data Protection Officer by writing to email@example.com
Updates and changes