Privacy policy

Privacy policy

Information pursuant to art. 13 of the EU General Regulation 2016/679 on the protection of personal data.


4Shiva Srls is owned by Fabrizio Fiorini based in Rome Piazza del Popolo 18 (hereinafter, the "Firm") which informs that it is the Data Controller pursuant to articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data (hereinafter, the "Regulation") of personal data collected on this website ("Site"). Hereinafter, with the terms "Interested" or "User", both in the singular and in the plural, we mean overall the natural persons of age; individuals aged sixteen on their own; minors under the age of sixteen authorized by those exercising parental authority.

 

By processing of personal data we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a data bank, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.

 

The data will be processed for the following purposes, manually and / or with the support of IT or telematic means.

 

Identification details and contact details of the Data Controller.

 

As required by the WP 260/2017 Transparency Guidelines, the identification details of the Data Controller and all the information to contact him are provided in the first instance.


4Shiva Srl

Piazza del Popolo 18 - Rome

P. IVA number: 15919961001

Mail. info@4shiva.it



The processing of personal data on the Site will also take place in full compliance with the provisions of the general opinion of the Guarantor's Office of 3 June 2004, Prot. N. 22457 - issued in agreement with the National Forensic Council - regarding the protection of personal data. in carrying out forensic activities (privacy and law firms).


Processing of data of minors pursuant to art. 8 of the Regulation.

 

The provision of personal data - to be valid - must come from persons of greater age, or from minors who have already reached the age of 16: pursuant to art. 8 of the Regulation, minors who have reached the age of sixteen can express their consent to the processing of their personal data in relation to the offer of the services offered on the Site.


Again on the basis of the provisions of art. 8 of the Regulation, the processing of personal data of the minor under the age of at least sixteen can be based on a consent validly given by the minor only on condition that he has been authorized by the person exercising parental responsibility to give consent or provided that the consent is given directly by the person exercising parental authority. The registration of unauthorized users under the age of sixteen is not allowed. By browsing or otherwise providing their personal data on the Site, the interested party confirms that he or she is in possession of the aforementioned age requirements.


Purpose of the treatment.


The treatment we intend to carry out has the following purposes. In the list below, appropriate and comprehensive information is provided about the purposes of the processing, which will be carried out only where the user intends to use the services offered. Therefore, if the user does not make use of specific services or his navigation within the Site does not make it necessary to process his personal data, the related processing operations will not be carried out, even if all the possible purposes are specified below for information purposes.

We therefore list the purposes of the processing below:


  • Privacy Service: receive requests to purchase the services specified in the relevant section; identify the applicant and the related request following the completion of a specific electronic form; proceed with the management of the Service in accordance with the supply conditions;
  • Other Services: manage all other requests received by the Data Controller through the various contact forms and e-mail addresses available to users on the various pages of the Site in view of the provision of specific services and / or the information requested.


To allow the Firm to fulfill its obligations pursuant to any requested services, the related personal data of the users concerned will be processed. Furthermore, the processing of the data subject's personal data could also pursue pre-contractual purposes, such as responding to specific requests from the data subject (for example through the "Contacts" section of the Site). By way of example and not limited to, and for greater transparency towards the interested party, the primary purposes of the processing connected to the fulfillment of the obligations to provide the services listed above - where required - may also be specifically: provision of services such as overall defined, maintenance and technical assistance; management of any complaints and / or disputes, storage of personal data, use of personal data to make communications relating to the performance of the contractual relationship established, checks on the correct fulfillment of the obligations assumed, dispute of illegal or fraudulent behavior.

 

Pursuant to Article 6 of the Regulation, the legal basis of the processing, in all cases and treatments provided for in this paragraph, is represented by the following: the processing is necessary for the execution of a contract (or for the execution of pre-contractual measures adopted at the request of the interested party).

 

The categories of personal data being processed are represented by common personal data.

 

Secondly, personal data will also be processed to fulfill the obligations established by law, by a regulation or by community legislation and for civil, administrative, accounting and tax purposes.

 

Finally, personal data may be processed to assert or defend rights of any nature in the competent offices (judicial, arbitration, administrative, etc.), whether or not they are connected to a contractual relationship for the rendering of the services listed above (eg: breach) or other legal terms and conditions of the Site.

 

The legal basis of the processing, in these cases, is represented by the need to fulfill a legal obligation to which the Firm is possibly subject. Furthermore, in the case of actions to assert or defend a right in court, the legal basis of the processing is represented by the legitimate interest.

 

The categories of personal data being processed are represented by common personal data.


Scope of communication and dissemination of personal data for the pursuit of the purposes of the processing.

 

In all the cases illustrated above, the Firm will not communicate personal data to external recipients, unless the communication is required by binding orders of public and / or judicial authorities. The data will not be disseminated.


Mandatory or optional consent for the pursuit of the purposes of the processing of personal data.

 

In all the cases illustrated above - and having regard to the legal bases referred to in art. 6 of the Regulations - the Firm is not obliged to acquire the specific consent to the processing of the interested party. In fact, all the treatments described above pursue primary purposes for which the Regulation excludes the need to acquire specific consent, alternatively applying different juridical-legal bases that legitimize and make the processing lawful in the absence of consent. These are in particular the legal bases of the processing necessary to perform obligations deriving from a contract of which the interested party is a party or to fulfill, before the conclusion of the contract, specific requests of the interested party; of the treatment necessary to fulfill an obligation established by law, by a regulation or by community legislation or - finally - of the treatment necessary for the purpose of action or defense of a right in court or to pursue a legitimate interest of the Firm.

 

If the interested party does not intend to provide the personal data requested and necessary on the basis of the foregoing, the consequence would be that of the impossibility of proceeding with the rendering of services. In this case, browsing the Site as a user would always be possible.

Data retention times.


The data will be kept for the times defined by the relevant legislation, which are specified below pursuant to art. 13, paragraph 2, letter (a) of the Regulations: ten years from the termination of the contractual relationship for the documents and related data of a civil, accounting and tax nature as provided for by the laws in force.


Exercise of rights by the interested party.

 

Pursuant to articles 13, paragraph 2, letters (b) and (d), from 15 to 22 of the Regulation, the interested party is informed that:


  1. has the right to ask the Firm for access to personal data, to correct or cancel them or limit their processing or to oppose their processing, in the cases provided for;
  2. has the right to lodge - in Italy - a complaint with the Guarantor for the protection of personal data, if competent authority, following the procedures and indications published on the official website of the Authority at www.garanteprivacy.it;
  3. alternatively, you have the right to lodge a complaint with another competent European privacy authority located in the place of habitual residence or domicile in Europe of whoever disputes a violation of their rights, following the appropriate procedures and indications;
  4. any corrections or cancellations or limitations of processing carried out at the request of the interested party - unless this proves impossible or involves a disproportionate effort - will be communicated by the Firm to each of the recipients to whom the personal data have been transmitted. The Firm may communicate these recipients to the interested party if the interested party requests it.


The exercise of rights is not subject to any formal constraints and is free. Only in the event of a request for further copies of the data requested by the interested party, the Firm may charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format. The specific address of the Firm for transmitting requests for the exercise of rights as recognized by the Regulations is as follows: info@4shiva.it No other formalities are required. The reply will be given within the terms provided for in article 12, paragraph 3 of the Regulation ("The data controller provides the data subject with information relating to the action taken regarding a request pursuant to articles 15 to 22 without undue delay and, in any case, at the latest within one month of receipt of the request. This deadline can be extended by two months, if necessary, taking into account the complexity and number of requests. The data controller informs the interested party of this extension, and of the reasons for the delay, within one month of receipt of the request. If the interested party submits the request by electronic means, the information is provided, where possible, by electronic means, unless otherwise indicated by the interested party ")

 

Based on the provisions of the WP 260/2017 Transparency Guidelines issued by the Group of EU Guarantors, the data controller must specify a summary / summary of each right in question in the indication of the rights of the data subject and must provide separate indications. on the right to portability.

 

Specific information on the right to the portability of personal data.

 

The Firm informs the interested party about the specific right to portability. Article 20 of the General Data Protection Regulation introduces the new right to data portability. This right allows the interested party to receive the personal data provided to the Firm in a structured format, commonly used and readable by an automatic device, and - under certain conditions - to transmit them to another data controller without hindrance.

 

Only personal data that (a) concern the interested party, and (b) have been provided by the interested party to the Firm are portable; (c) are processed electronically as part of the stipulation of a contract.

 

Data portability includes the right of the interested party to receive a subset of the personal data concerning him / her processed by the Firm and to keep them for further use for personal purposes. This storage can take place on a personal medium or on a private cloud, without necessarily involving the transmission of data to another owner. Portability is a sort of integration and strengthening of the different right of access to personal data, also provided for by art. 15 of the Regulation.
 
If the interested party requests portability together with the direct transmission of his data to another data controller, please note that this right is subject to the condition of technical feasibility: art. 20, paragraph 2 of the Regulation provides in fact that the data can be transmitted directly from one owner to the other at the request of the interested party, and where this is technically possible. The technical feasibility of the transmission from one owner to another must be assessed on a case-by-case basis. Recital 68 of the Regulation clarifies the limits of what is "technically feasible", specifying that "it should not lead to the obligation for the owners to adopt or maintain technically compatible processing systems". Therefore, the direct transmission of data from the Firm to another owner may take place if it is possible to establish a secure communication between the systems of the two owners (transferring and receiving), and if the receiving system is technically capable of receiving the data in entrance. If technical impediments preclude direct transmission, the Firm will provide complete information and detailed explanation to the interested party. With regard to the interoperability of formats designed to ensure portability, the Firm will comply with the provisions of paragraph 1021, letter (b) of Law 205/2017 ("presence of adequate infrastructures for the interoperability" of the formats with which the data are made available to interested parties ") if in force after 25 May 2018 and in any case within the limits of what is clarified by the Guidelines on data portability WP242 issued by the Group of European Guarantors (" The expectation is that the owner transmits personal data in an interoperable format, but this does not constitute any obligation for the other owners to support this format ").

 

We also inform you that, pursuant to the WP242 Data Portability Guidelines, owners who comply with a portability request have no specific obligation to verify the quality of the data before transmitting them. Furthermore, portability does not impose on the Firm any obligation to keep data for a period longer than necessary or further than that specified. Above all, it does not impose any further obligation to retain personal data for the sole purpose of fulfilling a potential portability request.

 

The exercise of the right to data portability (or any other right under the Regulation) does not affect any of the other rights. The interested party can continue to use and benefit from the service offered by the Firm even after a portability operation has been completed. Portability does not involve the automatic deletion of data stored in the Firm's systems and does not affect the retention period originally envisaged for the data being transmitted. The interested party can exercise the rights as long as the processing carried out by the Firm continues.

 

The Firm undertakes to process portability requests within 30 days of receiving the request, reserving, pursuant to art. 12, paragraph 3 of the Regulation, the faculty to find the request within a longer term of three months in cases of greater complexity. The portability request must be addressed to the following specific email address: fabrizio.fiorini@4shiva.it.


Summary information on the other rights of the interested party.

 

The Regulation confers on the data subject a series of rights which, pursuant to the WP 260 Transparency Guidelines, it is mandatory to summarize in their main content within the information. These rights are summarized and summarized below:

 

Right of access (to one's own personal data only): the right to obtain from the data controller confirmation that personal data concerning the data subject is being processed or not and, in this case, to obtain access to personal data and to be informed about the purposes of the processing; on the categories of personal data in question; on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations; when possible, on the retention period of personal data provided or, if not possible, on the criteria used to determine this period; if the data have not been collected from the interested party, the right to receive all available information on their origin; the right to receive information on the existence of an automated decision-making process, including profiling and significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
 
Right of rectification and integration: The interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration. The data controller communicates any corrections to each of the recipients to whom the personal data have been transmitted, unless this proves impossible or involves a disproportionate effort. The data controller informs the data subject of these recipients if the data subject requests it.

 

Right to cancellation: the interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay (and where the specific reasons of art.17 paragraph 3 of the Regulation do not exist, which on the contrary raise the holder from the cancellation obligation) if the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; or if the interested party revokes the consent and there is no other legal basis for the processing; or if the interested party opposes the processing for marketing or profiling purposes, also by revoking the consent; if the personal data have been unlawfully processed or relate to information collected from minors, in violation of art. 8 of the Regulation. The data controller communicates any cancellations to each of the recipients to whom the personal data have been transmitted unless this proves impossible or involves a disproportionate effort. The data controller informs the data subject of these recipients if the data subject requests it.

 

Right to limitation of treatment: the interested party has the right to obtain from the data controller the limitation of treatment (ie, pursuant to the definition of "limitation of treatment" provided by Article 4 of the Regulation: "the personal data marking stored with the aim of limiting their processing in the future ") when one of the following hypotheses occurs: the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited; although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; the interested party opposed the marketing treatment, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. If the processing is limited, these personal data are processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of a another natural or legal person or for reasons of significant public interest The interested party who has obtained the limitation of the processing is informed by the data controller before said limitation is revoked. The data controller communicates any limitations to each of the recipients to whom the personal data have been transmitted, unless this proves impossible or involves a disproportionate effort. The data controller informs the data subject of these recipients if the data subject requests it.
 
Right to object: the interested party has the right to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him carried out by the owner or for the execution of a task of public interest or connected to exercise of public authority vested in the data controller or carried out for the pursuit of the legitimate interest of the data controller or third parties (including profiling). Furthermore, the interested party, if personal data are processed for direct marketing or commercial profiling purposes, has the right to object at any time to the processing of personal data concerning him carried out for these purposes.

 

Right not to be subjected to automated decisions, including profiling: the interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects him on his person, except in cases where the automated decision is necessary for the conclusion or execution of a contract between the data subject and a data controller; is required by law, in compliance with measures and precautions; is based on the explicit consent of the interested party.
 

-------------------------------------------------------------------------------------------------------------------------------

[Terms and Conditions]

Share by: