Privacy policy statement data processing

Information document article 13 EU Reg. 2016/679- GDPR

Associazione Distretto Urbano del Commercio di Fasano Terra del Faso, headquartered in Piazza Ciaia I, 72015 Fasano (BR) in its capacity as data controller, informs you pursuant to Article 13 Legislative Decree 30.6.2003 no. 196 (hereinafter, “Privacy Code”) and Article 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following manner and for the following purposes:

  1. Purpose of Processing.

The Data Controller processes personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references)-hereafter, “personal data” or also “data”) communicated by you in connection with the conclusion of contracts for the services of the Data Controller.

The data resulting from the web service may be communicated to the technological and instrumental partners that the Data Controller uses for the provision of the services requested by visitor users. The personal data provided by visitor users who forward requests for the sending of informative material (requests for information, answers to questions, etc.) or other communications are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose (provision of the services requested through the technological and instrumental partner). The Data Controller makes use of appointees for the processing. The Regulations place an obligation on the processor, but also on the Data Controller, to keep records of all processing carried out under its responsibility. Preservation that if referring to computerized documents obviously implies necessary skills inherent to substitute storage.

  1. Purposes of processing.

Your personal data are processed:

  1. A) without your express consent (Art. 24 lett. a), b), c) Privacy Code and Art. 6 lett. b), e) GDPR), for the following Service Purposes:

-to conclude contracts for the Controller’s services;

-fulfill pre-contractual, contractual and tax obligations arising from existing relationships with You;

-exercising the rights of the Controller, e.g. the right of defense in court;

  1. B) Only with your specific and separate consent (Articles 23 and 130 Privacy Code and Art. 7

GDPR), for the following Marketing Purposes:

to send you by e-mail, mail and/or sms and/or telephone contact, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and satisfaction survey on the quality of services;

to send you via e-mail, mail and/or sms and/or telephone contacts commercial and/or promotional communications of third parties (e.g. business partners)


  1. Modalities of processing

The processing of your personal data is carried out by means of the operations indicated in Art. 4 No. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.

The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 5 years after the termination of the relationship for the Service Purposes and for no longer than 2 years after the termination of the service, for the collection of data for the Marketing Purposes. Subject to legal provisions for the retention of tax data.

Browsing Data. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data provided voluntarily by the user. The optional, explicit and voluntary sending of electronic mail to the addresses possibly indicated on this site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

In case you have given explicit and free consent, during the process of registration, support request and newsletter registration or during the use of our services, the aforementioned personal data may also be processed for the following additional purposes: sending of Newsletters and commercial notices, traditional marketing activities such as sending brochures, catalogs and/or technical with ordinary paper mail and telephone calls with operator, and also marketing activities with automated or assimilated tools such as: Fax, E-mail, SMS, MMS, Instant Messaging, Chat and unattended phone calls. Also, online marketing activities, web marketing and web advertising. Market research and commercial profiling activities and finally, communication to third parties. The provision of personal data collected for the above purposes is optional.

Where necessary, the data may also be communicated to third parties. Data obtained through authentication with third-party systems are understood to be conferred to this site through explicit acceptance of the authentication service (o-auth).

  1. Access to data

Your data may be made accessible for the purposes set out in section 2.A and 2.B:

to employees and associates of the Data Controller, in their capacity as internal data processors and/or system administrators;

to third party companies or other entities (by way of example, for the provision of shipping and packaging services, postal services etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors.


  1. Communication of data

Without the need for express consent art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in point 2.A to those subjects to whom the communication is obligatory by law for the fulfillment of the said purposes. Said subjects will process the data in their capacity as autonomous data controllers.

Transfer of data. The Data Controller does not transfer personal data to third countries or international organizations.

  1. Nature of data provision and consequences of refusal to respond

The provision of data for the purposes set out in section 2.A) is mandatory. In their absence, we will not be able to guarantee you the Services provided by the Controller.

On the other hand, the provision of data for the purposes of 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material inherent to the Services offered by the Owner. You will, however, continue to be entitled to the Services referred to in point 2.A).

  1. Rights of the data subject

In your capacity as a data subject, you have the rights where applicable set out in Articles 15 to 22 EU Regulation 2016/679 and namely: right of access, right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object, as well as the right to complain to the Data Protection Authority.

  1. Methods of exercising rights

You may at any time exercise your rights by sending an email to :, or by written communication by registered mail with return receipt: to the Data Controller with headquarters in Piazza Ciaia I.

To exercise your rights you may use the form provided at the following link: Rights of the data subject

The data controller assumes the burden of giving a response to the complaint submitted by the data subject within 1 (one) month from the request, even in case of denial. Deadline extended up to 3 (three) months in cases of particular complexity.

  1. Consent to processing and minors

The interested party declares having read the information, above, with the communication of personal data freely given or otherwise collected in the course of navigation, always carried out in accordance with the privacy in force; he gives his consent to the processing, and therefore, “checking” in the appropriate box expressly accepts the registration and processing of their data that will be based on the principles of correctness, lawfulness and transparency, in the manner indicated above.

Particular conditions are dictated by EU Regulation 679/ 2016 in the interest of minors in Article 8, which clarifies that the processing of personal data of minors under the age of 16 years – or, if provided for by the law of the member states, of a lower age but not under 13 years – is lawful only if and to the extent that such consent is expressed or authorized by the holder of parental responsibility over the child. Therefore, conduct engaged in by minors without the authorization of those who are required to supervise them under their responsibility, parents first and foremost, is contrary to the provisions, and the data controller cannot be held responsible for the minor violating the law by circumventing the provisions in force.

  1. Expanded Cookie Policy

Pursuant to the effects of Articles 13 and 122 of Legislative Decree 196/2003 and EU Reg. 2016/679 and in accordance with the provisions of the General Provision of the Privacy Guarantor of May 8, 2014 “Identification of the simplified procedures for information and acquisition of consent for the use of cookies,” we provide some information on the cookies used.

Cookies are small text files sent by the site to the data subject’s terminal (usually the browser), where they are stored and then transmitted back to the site the next time the same user visits. A cookie cannot retrieve any other data from the user’s hard drive or transmit computer viruses or acquire email addresses. Each cookie is unique to the user’s web browser. Some of the functions of cookies may be delegated to other technologies. In this document the term ‘cookies’ is intended to refer to both cookies, properly so called, and all similar technologies.