undertakes to guarantee the protection of your personal data every day. The aim of this policy is to offer you a clear and transparent overview on which customer data we collect and process within the contractual relationship and in relation to the use of our website and online apps installed on mobile devices. In the following paragraphs we will explain how we use your personal data, for what purpose and for how long, furthermore reminding you how we guarantee your rights and the compliance with the rules on personal data protection.
Who is the controller of your personal data?
, with its registered headquarters at walls of Via Lungarno Vespucci, 6/R 50123 Firenze
- Italy, in the person of its pro tempore legal representative, is the controller of your personal data.
What are the contact details of the data protection officer?
has not appointed a data protection officer ("Data Protection Officer" or "DPO") because said figure is not mandatory for its structure; the data protection officer is therefore the pro tempore legal representative of Curio Srl .
You may contact the data protection officer by sending an email to the email address firstname.lastname@example.org
or by writing to: Data protection officer c/o Curio Srl
, with its registered headquarters in Via Lungarno Vespucci, 6/R 50123 Firenze
What are personal data and which data do we process?
"Personal data” means any information relating to an identified or identifiable natural person, in this case you in your use of the services offered by Curio Srl
Specifically, we collect and process your personal data that are required for the conclusion of the contract and the provision of the requested services, such as:
- personal identification data (name, surname, date and place of birth, social security number and gender);
- home address, telephone number and email;
- bank account details necessary to make the relevant charges;
- in general, all other data and information necessary for the conclusion and execution of the contract.
Furthermore, when you use our website and our apps, we process: the data requested during the registration process; your navigation data; your contact information; your IP address; the domain name of the devices you use; the URL that is used; information about the operating system and IT environment you use; Web browsing history; the geographical coordinates of the mobile device; and the data you voluntarily provide in this context in order to use our services and purchase our products.
In addition to this, we collect your data through cookies.
Cookies are small text files that are sent to the user's devices by visited websites; they are stored in the user's device and then re-transmitted to the websites on the user's subsequent visits to those websites.
In general, we use the so-called "technical" cookies required to ensure that the user has access to our website’s best functionality. If you wish to disable or refuse the use of said cookies, you may at any time change your PC’s browser settings.
Redirect to external sites
Purpose of processing of your data
First of all, we collect and process personal data about you (see par. 4) that are strictly necessary to follow up on your requests and on the services you have subscribed to. Purposes To conclude and execute the contract
relating to our services, namely for purposes strictly connected to and necessary for performing the necessary contractual activity (assessment of creditworthiness and solvency), for managing the contractual relationship (administrative and accounting activities, customer service, complaints management, debt collection), and for providing the services required upon each occasion. To protect our corporate assets
and defend our rights under our legitimate interest. To fulfil legal obligations and respond to enquiries by the Authorities
and to respect the provisions of the regulations in force for the prevention of fraud, money laundering and terrorism financing, where applicable. Also, in the interests of constantly improving the customer experience and in order to offer you “tailor-made” services, we process your data: - for sales and marketing activities, in order to directly offer you products and services similar to those you have already purchased. To do so we will act on the basis of our legitimate interest; you are at all times entitled to object to receiving such communications by writing to the email address email@example.com
If we have previously acquired your express and specific consent,you may revoke it at any time by writing to the email address firstname.lastname@example.org
Your consent may be acquired for the following processing purposes: - for direct sales activities, sending you communications -with the use of traditional and automated systems- involving the full range of products and services offered by us, by Group companies (parent companies, subsidiaries and/or related companies), from affiliated businesses and third party partners; - to communicate and/or dispose of some of your data to third party companies (belonging to sectors such as auction houses etc) who will process for commercial acting as independent controllers; - for profiling purposes, in order to process and conduct statistical and market studies and researches, to allow the creation/definition of your profile, to analyze your tastes, preferences, habits, needs and/or choices so as to be able to offer products and services that are in line with your needs, as well as special offers and discounts. In all cases, we undertake to ensure that the data collected and treated are appropriate for the abovementioned purposes, and that this does not result in an invasion of your personal sphere.
To whom do we disclose your data?
We disclose your data solely to the subjects we employ to carry out the activities necessary for achieving the purposes described in the previous paragraph 5, including for example:
- companies directly controlled by Curio Srl;
- companies that are a part of Curio Srl;
- external companies that offer services relating to the assessment of creditworthiness, financial strength, risk profile and regulatory compliance profile (eg. money laundering);
- third-party companies that provide logistics services;
- companies that perform technical coordination, assistance and data-processing system maintenance tasks on our behalf;
- in general, third-party companies that assist us in matters relating to the contract.
The subjects mentioned above are specially appointed data processors, a list of which can be requested by writing to the email address email@example.com
We may also communicate your data to subjects to whom the communication is due by virtue of legal obligations and to credit institutions with which we operate for the purpose of concluding the contract. Such subjects perform their processing activities as independent controllers. The subjects mentioned above are specially appointed data processors, a list of which can be requested by writing to the email address firstname.lastname@example.org
We may also communicate your data to subjects to whom the communication is due by virtue of legal obligations and to credit institutions with which we operate for the purpose of concluding the contract. Such subjects perform their processing activities as independent controllers.
Where do we transfer your data?
Normally we do not transfer your information outside the European Union. In certain circumstances and for purposes related to the assessment of creditworthiness and financial strength, some of your data may be transferred to third countries. In this case we shall make sure that the recipient, acting as data processor, complies with the provisions of GDPR including specifically dictated standards for the transfer of personal data to third countries. In particular, we guarantee that these transfers are carried out on the basis of an adequacy decision or of the processor’s subscription of standard data protection clauses approved by the European Commission. The actual transfer of personal data to third countries and further information relating thereto may be obtained by writing to the email address email@example.com
The server farm on the website is located is in France - company OVH. Your data shall not be transferred to third parties located outside the European Economic Area; should such transfer be necessary, we shall make sure that the recipients of your data have taken suitable security measures to ensure the protection of your personal data.
How long do we store your data?
We only store your data for the time necessary to perform the processing for the above-mentioned purposes. In particular, below are the main times of use and storage of your personal data with reference to the various processing purposes:
a) we shall process your data for the duration of the contract and for as long as obligations or purposes related to its implementation persist. After the termination of the contractual relationship, we shall retain them for 11 years to comply with legal obligations or to safeguard our rights;
b) with reference to processing for marketing purposes, carried out on the basis of our legitimate interest and of your consent, your data will be processed for the duration of the contract and for as long as obligations or purposes related to its implementation persist, unless you object to the processing or withdraw your consent;
c) your data shall be processed for profiling purposes until you withdraw your consent and/or request termination of the processing. In any case, profiling activities will only take into account the data relating to the past 12 months;
d) for the fulfillment of legal obligations, your data shall be processed and stored as long as the processing is necessary for fulfilling said obligations.
e) finally, we reserve the right to retain the so-called login and logout data for a longer period of time in order to be able to manage any offences committed to the detriment of the website (e.g. hacking activities).
What are your rights
Right of access
– you have the right to obtain from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to any information concerning said processing. Right to rectification
– have the right to obtain from the controller the rectification of any inaccurate or incomplete personal data concerning you. Right to erasure
(“right to be forgotten”)– in certain circumstances, you have the right to obtain the erasure of your personal data from our archives if they are not relevant to the continuation of the contractual relationship or required by law. Right to restriction of processing
– under certain conditions, you have the right to obtain from the controller restriction of processing if it is not relevant to the continuation of the contractual relationship or required by law. Right to data portability
– you have the right to obtain transmission of your data to another controller. Right to object
– you have the right to object, on grounds relating to your particular situation, at any time, to processing of your personal data based on the lawfulness of legitimate interest of on the performance of a task carried out in the public interest or in the exercise of official authority, including profiling. Right to withdrawal of consent
– you have the right to withdraw consent to the processing of your data at any time,not affecting the lawfulness of processing based on consent before its withdrawal. Right to lodge a complaint with a supervisory authority
– at any time, you have the right to promote a request for exercising your rights. In all cases, if you wish to lodge a complaint regarding the ways in which your data is processed, or regarding how a complaint filed by you was managed, you have the do so directly with the supervisory authority. The aforementioned rights may be exercised against us by writing to the email address firstname.lastname@example.org
The exercise of your rights as a data subject is free of charge in accordance with article 12, GDPR.