Privacy & Cookie 2018-07-11T09:07:33+00:00

Privacy Statement Pursuant to Article 13 of UE Regulation 2016/679

Under Section 4 of EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (henceforward referred to as “EU Regulation”), Carter & Benson S.r.l. intends to inform anyone who visits this website about how your personal data will be used and processed.


Definitions

“Personal data” (formerly art. 4 number 1 of EU Regulation 2016/679) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” (formerly art. 4 number 2 of EU Regulation 2016/679) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


Who is the Data Controller? Identity and contact details of the Data Controller

Company Name: Carter & Benson S.r.l.
Legal office: Foro Buonaparte 22, 20121 Milan
Telephone number: 02/80509788
Email: carterbenson@legalmail.it
The website is managed by Carter & Benson S.r.l.
Carter & Benson S.r.l. can be contacted to the above-mentioned contact details.


Data processing operations for marketing purposes

Collected personal data
Carter & Benson S.r.l. collects and processes the Personal Data provided by the data subjects, such as identification data (for example, name, surname and e-mail address).

Purposes of processing operations
Carter & Benson S.r.l.  processes the Personal Data provided by the data subject electronically, or possibly by paper form for marketing activities through the sending of promotional and information material through emails, sms, etc.
For each of the above mentioned purposes you can find details about the legal basis, type of data, type of personal data and the related conservation time in the following chart:

CHART No. 1

Purpose of processing operation of personal data Legal basis of the processing Types of personal data subject to processing Personal data preservation time Type of recipient
Marketing activities through the sending of promotional and information material Consent Identification data Until the unsubscribe service request *

*Types of recipients
With reference to the above mentioned purposes, data may be communicated to the following subjects and/or subject categories, or rather be communicated to companies and/or individuals, both in Italy and abroad, that provide services, also external, in name of the Data Controller. Among these ** hereafter their different categories are indicated by way of example but not limited to:

  • IT providers;
  • Communication agencies;
  • Consulting companies in the marketing sector;
  • Authorities or Surveillance bodies.

(**) a list of external Subject/Responsible with other useful data for identification is available at the Data Controller office

Data transfer to third non-EU countries
The Data Controller does not transfer personal data in extra-EU countries.

Preservation time
Personal data will be kept until the unsubscribe service request.

Data subjects’ rights
With regard to the aforesaid processing operations, the rights referred to Section 4 of EU Regulation 2016/679 may be exercised as follow:

  • right of access by the data subject [art. 15 of EU Regulation](right to obtain from the controller confirmation as to whether or not Personal Data are being processed, and, where that is the case, access to the related information);
  • right to rectification [art. 16 of EU Regulation](right to obtain the rectification of inaccurate Personal Data concerning him or her);
  • right to erasure of Personal Data concerning him or her without undue delay (“right to be forgotten”) [art. 17 EU Regulation] (data subject shall have the right to erasure of Personal Data);
  • right to restriction of processing of Personal Data as regulated by art. 18 EU Regulation (where the processing is unlawful or the accuracy of the Personal Data is contested by the data subject )[art. 18 EU Regulation];
  • right to data portability [art. 20 EU Regulation] (data subject shall have the right to receive the Personal Data concerning him or her, in a structured format to transmit those data to another controller pursuant to mentioned article);
  • right to object to processing of Personal Data [art. 21 EU Regulation] (the data subject shall have the right to object to processing of Personal Data concerning him or her);
  • right not to be subject to a decision based on automated processing [art. 22 EU Regulation] (the data subject shall have the right not to be subject to a decision based solely on automated processing).

The above mentioned rights can be exercised pursuant to Regulation, thus sending an email to carterbenson@legalmail.it.
Carter & Benson S.r.l., pursuant to art. 19 EU Regulation, provides to communicate any rectification or erasure of personal data or restriction of processing to each recipient, unless this proves impossible or involves disproportionate effort.
Whereas the purpose pursued by Carter & Benson S.r.l. is based on consent, the data subject has the power to withdrawal at any time, sending an email to carterbenson@legalmail.it.
Pursuant to art. 7 EU Regulation, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The data subject, if considers that the processing of personal data relating to him or her infringes the Regulation, shall have the right to lodge a complaint with the Supervisory Authority.
For any further information regarding the rights and the exercise of rights themselves, please refer to the paragraph about data subjects’ rights.

The Data Controller does not use any automated decision-making process.

Mechanisms of processing operations
Personal data will be processed in paper form, electronically or on-line, and inputted in the relevant databases (potential clients, clients, users etc.) which will be accessible by, and, therefore, disclosed to, explicitly appointed personnel by the Data Controller, such as Data Processors or Persons in charge of the processing of personal data, and they will be allowed to carry out reference operations, utilization, processing, compare, and any whatsoever appropriate operation, even automated, in compliance with the necessary law provisions to guarantee, among others, privacy and data protection as well as their accuracy, revision, and relevance with regard to the declared purposes.


Data processing with regard to Contacts page 

Collected personal data
Carter & Benson S.r.l. collects and processes the Personal Data provided by the data subjects, such as identification data (for example, name, surname and e-mail address).

Purposes of processing operations
Carter & Benson S.r.l.  processes the Personal Data provided by the data subject electronically, or possibly by paper, in order to answer to requests or questions presented, solve problems concerning our services and receive helpful advice aimed to the improvement of our offer
For each of the above mentioned purposes you can find details about the legal basis, type of data, type of personal data and the related conservation time in the following chart:

CHART 1

Purpose of processing operation of personal data Legal basis of the processing Types of personal data subject to processing Personal data preservation time Type of recipient
Answer to requests or questions presented, solve problems concerning our services and receive helpful advice aimed to the improvement of our offer Consent Identification data Until the completion of the request *

*Types of recipients
With reference to the above mentioned purposes, data may be communicated to the following subjects and/or subject categories, or rather be communicated to companies and/or individuals, both in Italy and abroad, that provide services, also external, in name of the Data Controller. Among these ** hereafter their different categories are indicated by way of example but not limited to:

  • IT providers;
  • Communication agencies;
  • Authorities or Surveillance bodies.

(**) a list of external Subject/Responsible with other useful data for identification is available at the Data Controller office.

Data transfer to third non-EU countries
The Data Controller does not transfer personal data in extra-EU countries. 

Preservation Time
Personal data will be kept until the completion of the request.

Data subjects’ rights
The Data Subject, with regard to the personal data object of the present privacy policy statement, can exercise the rights referred to the EU Regulation as follows:

  • right of access by the data subject [art. 15 of EU Regulation;
  • right to rectification [art. 16 of EU Regulation);
  • right to erasure of Personal Data concerning him or her without undue delay (“right to be forgotten”) [art. 17 of EU Regulation];
  • right to restriction of processing of Personal Data as regulated by art. 18 EU[art. 18 EU Regulation];
  • right to data portability [art. 20 EU Regulation];
  • right to object to processing of Personal Data [art. 21 EU Regulation];
  • right not to be subject to a decision based on automated processing [art. 22 EU Regulation].

The above mentioned rights can be exercised pursuant to Regulation, thus sending an email to carterbenson@legalmail.it.
Carter & Benson S.r.l., pursuant to art. 19 EU Regulation, provides to communicate any rectification or erasure of personal data or restriction of processing to each recipient, unless this proves impossible or involves disproportionate effort.
Whereas the purpose pursued by Carter & Benson S.r.l. is based on consent, the data subject has the power to withdrawal at any time, sending an email to carterbenson@legalmail.it.
Pursuant to art. 7 EU Regulation, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The data subject, if considers that the processing of personal data relating to him or her infringes the Regulation, shall have the right to lodge a complaint with the Supervisory Authority.
For any further information regarding the rights and the exercise of rights themselves, please refer to the paragraph about data subjects’ rights.

The Data Controller does not use any automated decision-making process.

Mechanisms of processing operations
Personal data will be processed in paper form, electronically or on-line, and inputted in the relevant databases (potential clients, clients, users etc.) which will be accessible by, and, therefore, disclosed to, explicitly appointed personnel by the Data Controller, such as Data Processors or Persons in charge of the processing of personal data, and they will be allowed to carry out reference operations, utilization, processing, compare, and any whatsoever appropriate operation, even automated, in compliance with the necessary law provisions to guarantee, among others, privacy and data protection as well as their accuracy, revision, and relevance with regard to the declared purposes.


Mechanisms of processing operations of surfing data
The information systems and the software procedures necessary for the functioning of this website acquire, during their ordinary exercise, some personal data of which the transfer is implicit in the use of Internet communication protocols. These information are not gathered to be associated to identified Data Subjects, but – due to their nature – they could allow to identify the users through elaborations and associations with third-party data.
To this category belong the IP addresses, the type of browser or the operation system used,  the  URI (Uniform Resource Identifier) notation addresses, the domain name and Web addresses from where the access or exit were made (referring/exit pages), the time of the request to the server, the method used and information on the answer obtained, other information about the user’s navigation on the website (see the Cookies section) and other parameters concerning the operation system and the user’s information environment.
These data could be used to assess the responsibility in case of possible cyber-crimes against the web site.


Use of Cookies
This notice on the use of cookies is provided to the visitor pursuant to the measures of the Italian Data Protection Authority issued on May 8, 2014, entitled “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies”.

WHAT IS A COOKIE?

Cookies are small text files that can be sent to the user’s terminal equipment (PC, notebook or tablet; they are usually stored on the browser used) by visited websites. The same website which transmitted them, can then read and register the cookies present on the same terminal equipment in order to obtain different kind of information. Which kind of information? Every kind of cookie has a specific function.

TYPES OF COOKIES

Cookies may be distinguished into two major groups: “technical” cookies and “profiling” cookies.
The technical cookies are generally necessary for the proper functioning of the website and allow the navigation on the website; these cookies are required to properly display the site pages or to use some services. For example, a technical cookie is strictly necessary to keep the user connected during his/her visit to a website, or to store the language or display settings, etc. The technical cookies can be furtherly distinguished in:

  • navigation cookies, that guarantee the normal navigation and use of the website (allowing, for example, to buy an item or access and login to your personal areas);
  • analytical cookies, included in the technical cookies only if directly used by the website’s manager to gather information about the number of users and how they visit the website.
  • Functional cookies, that allow the user to surf following a series of selected criteria (i.e., the language, the products selected for the purchase) in order to improve the service offered to the user.

The profiling cookies are more sophisticated! These cookies are aimed at creating user profiles and they are used to send ads messages in line with the preferences shown by the user during navigation. They can be classified as follows:

  • Session cookies, that are immediately erased when the browser is closed.
  • Persistent cookies that – as opposed to session cookies – remain stored in the browser for a period of time. They are used, for example, to recognize the device connected to the website easing the login operations for the user.
  • First-party cookies, that are cookies generated and managed directly by the manager of the website where the user is surfing.
  • Third-party cookies, that are generated and managed by subjects different from the website’s manager where the user is surfing (usually on the basis of a contract between the website owner and the third party).

WHICH COOKIES ARE USED BY Carter & Benson S.r.l. ?

We use technical cookies aimed at guaranteeing the proper behavior of our website and at making your navigation experience pleasant. In order to improve our website and understand which sections or elements are mainly appreciated by users, as anonymous and aggregated analysis tool, we use third-party cookies, i.e. Google Analytics. We are not the owner of this cookie, therefore, for more information, you can consult the statement provided by Google at http://www.google.it/policies/privacy/partners/. When accessing this Website for the first time, a banner is displayed informing you about the use of these specific third-party profiling cookies. By giving your consent or remaining or accessing other elements present on the website, you will provide your consent to the use of such cookies. You will always be able to remove them by following the instructions below.

 The following chart indicates the cookies used.

Name Expiry Type of cookie Purposes
_uvt 1 week Technical Cookie To allow a proper browsing experience*
uvts 1 year Technical Cookie To allow a proper browsing experience*

* the present website uses tools that reduce the identification power of cookies such as the anonymization of IP address of users before Google Inc. processes or stores it.

Finally, below are listed the links to the most common browsers, where you can find the information about how disable the storage or cancel cookies already stored on your browser:


Notice regarding children younger than 16 years old

The processing of the personal data of a child shall be lawful where the child is at least 16 years old. Carter & Benson is not responsible for collected personal data, or mendacious declaration, provided by the child, and, in any case, if such data are used, Carter & Benson shall ease the right of access and erasure by the legal guardian or by anyone who wield the parental authority.


Rights of the data subject
The data subject, with reference to the present Data Protection, has the right to exercise their rights in compliance to the EU Regulation:

  • Right of access by the data subject [art. 15 EU Regulation]: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the related information, among which, by way of example and not limited to, the purposes of the processing, the categories of personal data and recipient concerned, the envisaged period, the existence of the right to request erasure, rectification or restriction, the right to lodge a complaint, any available information as to their source, the existence of automated decision-making referred to in Article 22 of Regulation as well as copy of the personal data.
  • Right to rectification [art. 16 EU Regulation]: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
  • Right to erasure (‘right to be forgotten’) [art. 17 EU Regulation]: The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds contained in the article applies, among which, by way of example and not limited to, the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, the data subject withdraws consent on which the processing is based, the data subject objects to the processing and there are no overriding legitimate grounds, the personal data have been unlawfully processed, the personal data have to be erased for compliance with a legal obligation, personal data of children processing without compliance with art. 8 of Regulation.
  • Right to restriction of processing [art. 18 EU Regulation]: in the cases regulated by art. 18, among which, where processing is unlawful, the accuracy of the personal data is contested, the data subject opposes and the controller no longer needs the personal data, the personal data shall, with the exception of storage and the other cases as regulated in the article, only be processed with the data subject’s consent.
  • Right to data portability [art. 20 EU Regulation]: the data subject, where the processing is base on consent or on a contract, shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
  • Right to object [art. 21 EU Regulation]: the data subject shall have the right to object at any time to processing of personal data concerning him or her, where personal data are processed for direct marketing purposes or the processing is based on non prevalent legitimate interest.
  • Automated individual decision-making, including profiling [art. 22 EU Regulation]: the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (e.g. processing exclusively based on electronic tools or IT programs).

The above mentioned description does not replace the text of the mentioned articles and for the complete reading of such article you can refer to the following link

Right to lodge a complaint

The data subject, if considers that the processing of personal data relating to him or her infringes the Regulation, shall have the right to lodge a complaint with a supervisory authority, following the instructions given in the following internet page:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
For further information on the rights of the data subject as regulated by the Authorities please refer to the paragraph about data subjects’ rights.


Modifications and updates

The present circular is effective at the date of its last upgrade as indicated above.
Carter & Benson S.r.l. may modify and/or integrate the document also as consequence of potential and consequent modifications and/or updates of the regulation.


Reference to articles on the data subject’s rights

Article 15
Right of access by the data subject

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    1. the purposes of the processing;
    2. the categories of personal data concerned;
    3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    4. ) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    6. the right to lodge a complaint with a supervisory authority;
    7. where the personal data are not collected from the data subject, any available information as to their source;
    8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  3. The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Article 16
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. 2Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Article 17
Right to erasure (‘right to be forgotten’)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
    3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
    4. the personal data have been unlawfully processed;
    5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  2. ere the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
    4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    5. for the establishment, exercise or defence of legal claims.

Article 18
Right to restriction of processing

  1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
    1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
    2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
    4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

Article 19
Notification obligation regarding rectification or erasure of personal data or restriction of processing
 The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

Article 20
Right to data portability

  1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
    1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
    2. the processing is carried out by automated means.
  2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. 2That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Article 21
Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. 2The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Article 22
Automated individual decision-making, including profiling

  1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  2. Paragraph 1 shall not apply if the decision:
    1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
    2. ) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
    3. is based on the data subject’s explicit consent.
  3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
  4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(2)1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.