INFORMATION PURSUANT TO ART. 13 AND 14 OF EU REGULATION 2016/679 (G.D.P.R.)

We inform you that European Regulation 2016/679 (G.D.P.R.) provides for the protection of individuals with regard to the processing of personal data and the free movement of such data.

In accordance with this regulation, the processing of your personal data will be conducted according to the principles of fairness, lawfulness, and transparency, ensuring the protection of your privacy and rights.

Pursuant to Articles 13 and 14 of the G.D.P.R. 2016/679, we provide the following information:

1. PURPOSE AND METHODS OF DATA PROCESSING

Your personal data has been provided to us and will be processed solely for purposes strictly connected and instrumental to sending the information you requested from the website www.datasurf.it:

- to enter records into databases for the management of information and any purchases;

- for accounting purposes;

- for managing obligations, collections, and payments;

- to comply with obligations under civil, fiscal, regulatory, and EU law;

- upon your consent, to send newsletters and commercial promotions.

The processing of personal data will be carried out using paper and electronic supports by the data controller, the data processor, and authorized personnel, observing all precautionary measures to ensure security, confidentiality, and timely, accurate, and complete processing.

2. NATURE OF DATA COLLECTION AND CONSEQUENCES OF NON-PROVISION

Providing your personal data is mandatory to fulfill obligations arising from your choice to request information or purchase products, and to comply with legal requirements in general.

Failure to provide data may make it impossible for us to fulfill contractual obligations and legal requirements.

3. DATA COMMUNICATION AND DISCLOSURE

Your personal data, for the execution of the contract and the purposes indicated above, may be communicated to:

- all natural and legal persons (legal, administrative, fiscal consultancy firms, auditing companies, couriers and shipping companies, online payment intermediaries, data processing centers, etc.) when communication is necessary for the purposes described above;

- banking institutions for managing collections and payments;

- factoring or debt collection companies;

- our collaborators and employees specifically authorized and within their respective roles.

Your data will not be transferred to non-EU countries.

The collected data will in any case not be disseminated.

4. DATA RETENTION

We will retain your data only as long as necessary to provide the requested services, unless we are required to keep it for longer periods by law, regulations, or EU provisions, or if needed for dispute resolution or judicial investigations.

When your data is no longer necessary for the above purposes, we will securely destroy it or render it permanently non-identifiable.

5. RIGHTS OF THE DATA SUBJECT

You may exercise your rights at any time with respect to the data controller pursuant to the articles of G.D.P.R. 2016/679, which are listed for your convenience:

Art. 15 – Right of access by the data subject

Art. 16 – Right to rectification

Art. 17 – Right to erasure (right to be forgotten)

Art. 18 – Right to restriction of processing

Art. 19 – Obligation to notify in case of rectification

Art. 20 – Right to data portability

Art. 21 – Right to object

The exercise of your rights can be addressed to the data controller or the data processor and may also be sent by registered letter, fax, or email.

6. DATA CONTROLLER

The data controller is Hive s.r.l.s.