Privacy Policy – Use of Personal Data

Privacy Notice on the Processing of Personal Data

Dear User, pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Go and Ply Srl, as Data Controller of the data collected through interaction with the web services accessible electronically via the website teambuildingnatura.it, hereby informs you about the processing of your personal data.
You are invited to authorize the processing of your data for the purposes described, by freely and voluntarily giving your consent to such processing.
This privacy notice applies solely to the website of the Data Controller and not to any other websites that may be accessed by the user through links.

1 – Data Controller

Go and Ply Srl – Via Cecchi 4/4A, 16129 Genova – P.IVA/CF 02266640990 – E-mail: tbn@goandply.com.

2 – Methods of Processing

Your data will be processed at the Data Controller’s premises, either verbally and/or in writing, using electronic tools and/or paper-based media, in the manner and within the limits necessary to pursue the stated purposes, in compliance with the principles set out in Article 5(1) of Regulation (EU) 2016/679, namely:

• Lawfulness, fairness and transparency
• Purpose limitation
  
  
• Data minimization
  
  
• Accuracy of data
  
  
• Storage limitation
  
  
• Integrity and confidentiality
  
  
• Accountability of the Data Controller.

The processing activities carried out concern the following categories of data and purposes:

• • Browsing Data. The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on website usage, to record access to the site, and to verify its proper functioning. The data may be used to ascertain responsibility in the event of hypothetical cybercrimes against the website. Except for this eventuality, web contact data are not retained for more than seven days.

• • Personal data voluntarily provided by the user (e.g., first name, last name, email address) for the purpose of responding to a specific request submitted through the website’s services. The provision of such data is optional and voluntary, but necessary to respond to the request and to allow the user to receive the requested service. Users are free to provide personal data indicated in request forms in order to receive the monthly (or at most bi-weekly) newsletter, informational material, or other technical and/or commercial communications (e.g., new products or services, participation in trade fairs). Failure to provide such data, or providing incomplete data, may result in the inability to fulfill the request. Personal data are processed for the time strictly necessary to achieve the purposes for which they were collected or for as long as consent remains valid. Processing will be carried out exclusively by authorized personnel within the scope of their assigned functions and in accordance with the instructions provided by the Data Controller, solely for the purposes described above, ensuring data security, confidentiality, and the protection of your rights. Such data are not transferred to non-EU countries or international organizations. Data may be disclosed, within the limits of their specific duties carried out on behalf of the Data Controller, to external Data Processors, both public and private entities, natural persons and/or legal entities. The processing of data does not involve automated decision-making processes, including profiling.

• Personal data (e.g., first name, last name, bank details) processed for the purpose of drafting and concluding sales contracts, performing contractual obligations, including technical-operational and administrative-accounting activities related to business operations, and fulfilling contractual and legal obligations in tax matters. The provision of such data is mandatory for the execution of the contract and compliance with legal obligations; failure to provide such data will make it impossible to perform the service and comply with applicable fiscal and administrative regulations. Processing will be carried out exclusively by authorized personnel within the scope of their respective functions and in accordance with the Data Controller’s instructions, solely for the purposes outlined above, ensuring data security, confidentiality, and the protection of your rights. Data may or must be disclosed, within the limits of their specific duties carried out on behalf of the Data Controller, to public and private entities external to the Data Controller’s organization, including suppliers, collaborators, lawyers, accountants, labor consultants, general consultants, credit institutions, public bodies, and competent authorities entitled to request them. Such data are not transferred to non-EU countries or international organizations. Data will be retained for the duration of the established relationship and, in any case, for a period not exceeding the time necessary to achieve the aforementioned purposes. Accounting and administrative data required for tax purposes (accounting records) are retained by law (Civil Code) for at least 10 years from the date of the last record or until any tax audits by competent authorities relating to the relevant tax period have been concluded (Art. 22, paragraph 2, Presidential Decree No. 600/1973). The processing of your data does not involve automated decision-making processes, including profiling.

3 – Data Subject Rights

The Regulation grants you, as a data subject, the exercise of specific rights listed in Articles 15 to 22. You may therefore request from the Data Controller:

• Access to personal data (Art. 15): obtain confirmation as to whether or not personal data concerning you are being processed and access to such data;
• Rectification of data (Art. 16): obtain the correction of inaccurate data and the completion of incomplete data;
• Erasure of data (“right to be forgotten”) (Art. 17);
• Restriction of processing (Art. 18);
• Data portability (Art. 20): receive the data provided to the Data Controller and transmit them without hindrance to another controller;
• Objection to processing (Art. 21);
• Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22).

You also have the right to:

• Lodge a complaint with the Data Protection Authority;
• Withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal (Art. 7(3)). The right of withdrawal does not apply where processing is necessary to comply with a legal obligation to which the Data Controller is subject.

You may exercise the above rights at any time and free of charge by contacting the Data Controller at the following email address: tbn@goandply.com.

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, you will be notified without undue delay, in accordance with Article 34 of the Regulation.