This notice describes, in accordance with and for the purposes of Article 13 of the EU Regulation 679/2016 (General Data Protection Regulation, hereinafter GDPR), the information collected, the methods of use and sharing, and how the Data Controller manages privacy and rights in connection with the use of the website www.prodchoice.com. The processing of personal data will be based on the principles of lawfulness, transparency, fairness, and protection of confidentiality and rights, always in compliance with the current national and European legislation (GDPR, Legislative Decree 196/2003 and subsequent amendments and additions, Legislative Decree 101/2018).

Data Controller

Pursuant to Articles 4 and 24 of the GDPR, the Data Controller is Balzo Srl, through its legal representative pro tempore, VAT IT06350300486, located in Via Solferino 10, 50123, Florence.

Email: hello@balzo.eu

Data Protection Officer (DPO)

Balzo S.r.l. has appointed a DPO who can be contacted at the email address dpo@balzo.eu

Types of Data Collected:

1) Navigation Data

The IT systems and software procedures used to operate this website acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This category includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment. This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: save this eventuality, at present, web contact data does not persist for more than seven days.

2) Data Provided Voluntarily by the User

Data voluntarily provided by the user to send specific requests to the contact information found on the website; in addition to data acquired through the newsletter subscription form (email).

Purposes and Legal Basis of Processing

The collected data will be processed for the following purposes:

a) to allow navigation on the website. This processing is based on the execution of the contract to which the User is a party and pre-contractual measures (Article 6(1)(b) of the GDPR) or to fulfill a legal obligation to which the Data Controller is subject (Article 6(1)(c) of the GDPR);

b) to process requests that may come through contact data found on this site. This processing serves the purpose of executing pre-contractual or contractual measures requested by the interested party (Article 6, paragraph 1, letter b) GDPR).

c) for direct marketing activities through the sending of communications by email, where the email address has been acquired through the newsletter available in different sections of this website and with the User's consent to the processing for the purpose under discussion (Article 6(1)(a) of the GDPR).

Provision of Personal Data

The provision of data required for navigation on the site and to process requests is mandatory for the delivery of the service; any refusal to provide them would prevent the Controller from executing the service in whole or in part. The provision of additional data for marketing purposes is purely optional and does not preclude the User from using the services available on the Site.

Methods and Location of Processing

Data is processed, also through the use of automated tools. Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access. The Controller has adopted all adequate security measures provided by law and inspired by the main international standards, has also adopted further security measures to minimize risks concerning confidentiality, availability, and integrity of collected and processed Data. The Controller performs the necessary processing in compliance with national privacy legislation, as well as in compliance with the Regulation.

Data Communication

In addition to the Controller, in some cases, Data may be accessed by:

a) categories of personnel specifically trained involved in the website's organization (administrative, commercial, marketing, legal, system administrators);

b) external parties (such as third-party technical service providers, IT companies, communication agencies) also appointed as Data Processors by the Controller pursuant to Article 28 GDPR.

The updated list of Data Processors, duly appointed, can always be requested from the Data Controller;

c) public or private subjects that can access the Data in compliance with legal obligations;

d) subjects performing ancillary and instrumental tasks with respect to the activity of the Controller;

Conservazione dei dati

Così come espressamente previsto dall’art. 5, co. 1, lett. e) del GDPR, i dati sono conservati per il tempo necessario al Trattamento degli stessi in relazione allo svolgimento del servizio richiesto dall’ Utente, o richiesto dalle Finalità descritte in questo documento e in particolare: i Dati raccolti per obblighi contrattuali saranno conservati per il tempo necessario all’espletamento delle finalità suddette e, in particolare, fintanto che il rapporto contrattuale rimarrà in essere, fatta salva l’ulteriore conservazione per obblighi di legge.

I Dati raccolti per obblighi fiscali /amministrativi saranno conservati per il tempo necessario all’espletamento delle finalità suddette e secondo quanto previsto dalla legge.

I Dati Personali per l’invio di comunicazioni marketing diretto potranno essere conservati  fino a 24 mesi dalla data di rilascio del consenso, a meno che non intervenga prima una richiesta di disiscrizione. Al termine del periodo di conservazione i Dati Personali saranno cancellati, salvo eventuale rinnovo.

Data Retention

The personal data processed are not subject to transfer to third countries. In case of transfer of Personal Data to third parties located outside the European Union, such transfer will take place in accordance with and for the effects of Articles 44 et seq. of the GDPR based on:

(a) adequacy decisions by the European Commission issued in favor of third countries;

(b) adequate guarantees provided by the third-party recipient;

(c) binding corporate rules.

User Rights Art. 15 et seq. of the EU Regulation 2016/679;

Pursuant to Articles 15 and following of the EU Regulation 679/2016, the User has the right to:

• withdraw consent to the processing of data previously expressed at any time;

• access data, obtain information on certain aspects of the processing, and receive a copy of the processed data (Article 15 of the GDPR, right of access);

• verify the accuracy of the data and request its update or correction (Article 16 of the GDPR, right to rectification);

• obtain, where possible, the deletion or removal of personal data (Article 17 of the GDPR, right to erasure);

• obtain the restriction of data processing when certain conditions apply (Article 18 of the GDPR, right to restriction of processing);

• receive the data in a structured, commonly used, and machine-readable format, and, where technically feasible, to have it transferred without hindrance to another Controller (Article 20 of the GDPR, right to data portability);

• object to the processing of data when it is based on a legal basis other than consent (Article 21 of the GDPR, right to object);

• lodge a complaint with the competent data protection supervisory authority (for Italy, the Guarantor for the protection of personal data, https://www.garanteprivacy.it/) or take legal action if it is believed that the processing of personal data violates applicable laws.

To exercise these rights, it is possible to send a request to the contact details indicated in this document. Requests are submitted free of charge and processed as quickly as possible.

Updates and Changes to this Privacy Policy

This notice is a document in constant update: the Data Controller reserves the right to make changes at any time, also in consideration of changes to the laws or regulations governing this matter and protecting Your rights. The changes will apply from the date of their publication. You are therefore invited to regularly consult this section to verify the publication of the most updated Privacy Policy.

Firenze, 16/11/2023