INFORMATION ON PROCESSING OF PERSONAL DATA
1. INTRODUCTION
What does this document represent?
This document describes the processing of personal data of users consulting the website www.dfn.sm. This information does not concern other Internet sites, pages or online services that can be reached via hypertext links that may be published on the sites but refer to external resources.
Why such information?
National and international regulations on the processing of personal data require that the person concerned, i.e. the user consulting this website, be informed in a clear, transparent and intelligible manner of the manner and purpose of the processing of his or her personal data.
What are the legal references?
- European Personal Data Protection Regulation UE 2016/679 (GDPR)
- Legislative decree 196/2003, as amended by the legislative decree 101/2018 e subsequent amendments to (Italian Privacy code)
- Guideline 2002/58/CE (e-Privacy code)
- Act 21 December 2018 n.171 of the Republic of San Marino
2. DATA CONTROLLER
The Data Controller is Poste San Marino S.p.A. in the person of its pro-tempore legal representative. The Data Controller is based in Strada Borrana, 32 - 47899 Serravalle, Republic of San Marino and can be contacted at the following e-mail address privacy@poste.sm or by telephone on 0549 981022 for any questions concerning the processing of personal data carried out through this website.
3. DATA PROTECTION OFFICER
Poste San Marino has appointed its own Data Protection Officer (DPO), who may be contacted for any information concerning the processing of personal data at the following e-mail address: dpo@poste.sm.
4. TYPE OF DATA PROCESSED
Browsing data
The computer systems and software procedures used to operate this site acquire, in the course of their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could enable users to be identified through processing and association with data held by third parties.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. This data is not disclosed to third parties and is not disseminated.
Data provided by the user
The optional, explicit and voluntary sending of messages to the contact addresses indicated on this site, as well as the completion and forwarding of the forms on this site, entail the subsequent processing of the sender's contact data, which are necessary to reply, as well as all personal data included in the communications.
Users are requested not to send names or other personal data of third parties that are not strictly necessary, but rather to use fictitious names whenever possible.
Access to the reserved area of this site is permitted after registering an account using login credentials and entails the subsequent processing of the personal data requested during registration, which is necessary to be able to proceed with the purchase of goods on the Shop page of the website. Personal data collected during registration are processed to fulfil legal, accounting and administrative obligations arising from the distance selling of goods.
Personal data and information required to make payments for goods purchased are also processed. The personal data subject to processing are indicated on the Payment Conditions page.
Cookies and other tracking tools
A 'cookie' is a small text file transferred from the web server to the user's computer, the purpose of which is to inform the server of the user's accesses to that particular web page, and of any other information it obtains from the system's readable parameters by means of functions contained in the web page.
Cookies may be 'temporary' (or session cookies, they are deleted at the end of the connection) or 'permanent' (they remain stored on the user's hard disk, unless the user deletes them.
For identification of the cookies used by this site, please refer to the full (Cookie policy).
5. PURPOSES, LEGAL BASES, RETENTION PERIODS AND NATURE OF PROCESSING OPERATIONS
Personal data are processed for the following purposes:
|
Purposes
|
Legal bases
|
Retention periods
|
Nature of processing operations
|
|
Replying to contact requests.
|
The legal basis is the need to execute pre-contractual measures taken at the request of the user in concern.
|
The storage period for personal data is the time needed to process the request.
|
The provision of personal data is optional, but refusal to provide it will make it impossible for the user to forward the request.
|
|
Newsletter subscription.
|
The legal basis is the consent of the user concerned.
|
The retention period of personal data is determined by the user's request for revocation of consent.
|
The provision of personal data is optional, but refusal will make it impossible to subscribe to the newsletter.
|
|
User registration in the Customer Area.
|
The legal basis is the need to execute pre-contractual measures taken at the request of the user interested in the registration of his or her data necessary to make purchases on the Shop page of this website.
|
The retention period of personal data is linked to the purposes of processing, as well as to the retention periods determined by the tax, accounting and legal regulations in force in the Republic of San Marino.
|
The provision of personal data is optional, but refusal will make it impossible to register in the reserved area and to make purchases.
|
|
Processing of purchase order and shipment of goods.
|
The legal basis is the contractual obligation arising from the purchase of goods by the user. Please refer to the conditions of sale for more detailed information. A further legal basis is represented by compliance with legal obligations under current administrative, fiscal and accounting regulations.
|
The retention period of personal data is linked to the purposes of processing, as well as to the retention periods determined by the tax, accounting and legal regulations in force in the Republic of San Marino.
|
The provision of personal data in the order form is mandatory in order to proceed with the purchase of the goods.
|
|
To prevent, detect and prosecute unlawful conduct.
|
The legal basis for this processing is the pursuit of the data controller's legitimate interest in preventing, detecting and prosecuting unlawful acts or infringements of intellectual/industrial property rights (including those of third parties) or computer crimes or those committed via telematic networks.
|
The period of retention of the processed data is equal to the time reasonably necessary to assert the rights of the data controller from the moment of knowledge of the offence or its potential commission.
|
The processing of personal data by the data controller is mandatory to prevent, detect and prosecute unlawful conduct.
|
|
E-mail marketing and regular newsletters on promotions or commercial initiatives
|
The legal basis is the user's consent given during registration or in the newsletter form in the footer.
|
The period of storage of personal data is determined by the user's possible request for revocation of consent. The user may at any time request to no longer be subscribed to the newsletter by sending a communication to the contact points indicated in this notice.
|
The processing of personal data for marketing purposes is optional, but refusal will result in the impossibility of receiving periodic communications on promotions and commercial initiatives.
|
6. DATA RECIPIENTS
The recipients of the personal data processed following consultation of this site are the following persons designated by the Data Controller as being responsible for the processing carried out:
- TheSpace S.r.l. Strada di Paderna, 2, 47895
- Semplify S.r.l.
The following categories of persons may also be recipients of the personal data processed:
- Subjects, entities or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders by the authorities;
- Staff expressly authorised by the data controller, necessary to perform activities strictly related to the provision of services, who have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality and have received adequate operational instructions.
7. DATA TRANSFER
Some personal data are shared with recipients that may be located outside the European Economic Area (EEA). The Controller ensures that the processing of your personal data by these recipients is carried out in compliance with the relevant regulations.
8. EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING
The Data Controller does not adopt an automated decision-making process on the processing of personal data carried out by consulting this site.
9. PROTECTION OF MINORS
Persons under 16 years of age may not provide personal data. The Data Controller shall not be liable in any way for any collection of personal data, as well as for any false statements, provided by the minor, and in any case, should it be found to have been used, the Data Controller shall facilitate the right of access and cancellation forwarded by the guardian, custodian or person exercising parental responsibility.
10. RIGHTS OF INTERESTED PARTIES
Users consulting this site, in the cases provided for by the relevant regulations in force, have the possibility of exercising access, at any time, to the data, of receiving them in a structured and commonly used, electronically readable format and of requesting that they be transmitted to another data controller (data portability), as well as of having them corrected, updated, modified or deleted (subject to any applicable exceptions). Also recognised is the right to object to and restrict processing, as well as the right to delete data. The right to revoke the consent originally given is also recognised at any time.
It is possible to exercise the above-mentioned rights by contacting the Data Controller at the contact points indicated in section 2 above.
Users who consider that the processing of personal data relating to them carried out through this site is in breach of the provisions of the relevant legislation in force, have the right to lodge a complaint or report to the competent Data Protection Authority.
11. UPDATES
This information is updated on 15/01/2023. The Controller reserves the right to make changes to this policy at any time.
Italiano