Privacy Policy
PRIVACY NOTICE TO USERS OF THE WEBSITE WWW.LYRIA.IT ON THE PROTECTION OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679
Dear Users,
in accordance with Article 13 of Regulation (EU) 2016/679 (the “GDPR”) and in application of the principles set forth therein, before browsing our website (the “Website”), we invite you to read this privacy notice on the processing of personal data, in order to make you aware of the characteristics and methods of the processing (the “Processing”) that will be carried out with respect to any information acquired as a result of the browsing of the Website by any person (the “User”), as well as any information provided through the Website and relating to an identified or identifiable natural person (the “Data Subject”) (the “Personal Data”).
Pursuant to Article 4(1) GDPR, “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
1. Data Controller (the “Controller”)
The Data Controller is LYRIA S.R.L. UNIPERSONALE, C.F. e P.IVA 01905190979, Tax Code and VAT No. 01905190979, represented by its legal representative pro tempore, with registered office at 59013 Montemurlo (PO), Via Venezia, n. 30/32, tel. +39 0574 797411, PEC: amministrazione.lyria@pec.uipservizi.it, e-mail: info@lyria.it, sito web: https://lyria.it.
Any communication relating to the Processing, including pursuant to the following articles, shall be sent by you and/or by the Data Subject by registered letter with return receipt, PEC or e-mail to the contact details indicated above.
2. Purposes of the Processing (the “Purposes”) and legal basis
The Personal Data collected, whether from the Data Subject (Article 13 GDPR) or otherwise (Article 14 GDPR), will be used exclusively for the following purposes:
(i) allowing the use and navigation of the Website;
(ii) responding to the User’s requests;
(iii) fulfilling pre-contractual and contractual obligations towards you;
(iv) complying with and enforcing specific obligations arising from laws and regulations;
(v) sending newsletters.
The legal basis for the Processing is:
- the necessity to perform a contract to which the Data Subject is party or to take pre-contractual measures at the request of the Data Subject;
- the necessity to comply with a legal obligation;
- the legitimate interest of the Controller (Article 6(1)(f) GDPR);
- with reference solely to point (v), the explicit consent freely given by the Data Subject from time to time (Article 7 GDPR), including by sending e-mails, filling in specific forms and ticking the required checkboxes.
3. Mandatory or optional nature of providing Personal Data
The provision of Personal Data by you – including by sending e-mails, filling in specific forms and ticking the required checkboxes – is optional but necessary, as any refusal to provide such data, as well as the incorrect provision thereof, will make it impossible for the Controller to establish the relationship or to pursue the various Purposes for which the Personal Data are collected.
For the same reasons, as well as in order to ensure proper management of the existing relationship, you are also requested to inform us promptly of any changes to the Personal Data already provided.
4. Disclosure of Personal Data
Personal Data are processed internally by persons authorised to process such data (the “Authorised Persons”), under the responsibility of the Controller and for the Purposes indicated above.
Personal Data may be disclosed to external parties entrusted with carrying out instrumental and/or ancillary activities related to our business operations, who will process such data on our behalf. These parties will be appointed as external data processors (the “External Processors”) pursuant to Article 28 GDPR. An updated list of the External Processors is available at the registered office of the Controller and may be provided to the Data Subject upon written request to the above contact details.
Outside the cases mentioned above, Personal Data may also be disclosed to additional recipients and/or categories of recipients (the “Recipients” and the “Categories of Recipients”) solely for the performance of activities related to the pre-contractual and/or contractual relationship established with us and/or in order to comply with legal obligations and/or orders issued by public authorities, in full compliance with the safeguards provided for by the GDPR, the guidelines of the Italian Data Protection Authority and the European Commission established pursuant to the GDPR.
Except as provided above, Personal Data shall in no event be disseminated or disclosed to third parties without the specific consent of the Data Subject and only where necessary for the achievement of the Purposes.
5. Processing of “special categories of personal data” and of “personal data relating to criminal convictions and offences”
Should the Controller, in the context of the Processing, become aware of Personal Data belonging to:
(i) “special categories” pursuant to Article 9 GDPR (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation), such data shall be processed exclusively for the indicated Purposes and only with the prior consent of the Data Subject or where the Processing is necessary for the purposes of carrying out obligations and exercising specific rights of the Controller or the Data Subject in the field of employment, social security and social protection, insofar as authorised by Union or Member State law or a collective agreement, with appropriate safeguards for the fundamental rights and interests of the Data Subject;
(ii) data relating to criminal convictions and offences or related security measures pursuant to Article 10 GDPR, such data shall be processed only under the control of a public authority or where authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of the Data Subjects. Any comprehensive register of criminal convictions shall be kept only under the control of a public authority.
6. Methods of Processing
The Processing is carried out using electronic and/or paper-based tools and, in any case, by adopting appropriate organisational and IT measures to ensure security, confidentiality, relevance and data minimisation.
7. Territorial scope
Personal Data will be processed within the territory of the European Union.
Should it be necessary, for technical and/or operational reasons, to use parties located outside the European Union, such parties will be appointed as External Processors and the transfer of Personal Data to them, limited to the performance of specific Processing activities, will be regulated in compliance with the GDPR, adopting all necessary safeguards to ensure full protection of Personal Data, on the basis of appropriate guarantees (including, by way of example, adequacy decisions adopted by the European Commission, appropriate safeguards pursuant to Article 46 GDPR, etc.).
In any case, the Data Subject may request further details from the Controller if Personal Data have been processed outside the European Union, including evidence of the specific safeguards adopted.
8. Data retention period
Personal Data will be retained by the Controller for the period strictly necessary to achieve the Purposes and, in particular, until the termination of any pre-contractual and contractual relationships in place, without prejudice to any further retention period required by law.
For the purpose of handling disputes or litigation, as well as for the establishment, exercise or defence of a right in judicial proceedings, Personal Data may be retained for an additional period corresponding to the applicable statutory limitation period.
9. Provision of the privacy notice and subsequent amendments
This privacy notice applies exclusively to the Website and not to other websites that may be consulted by the User via links or accessed through social buttons on the Website, for which the Controller assumes no responsibility.
Any amendments or updates to this privacy notice will be made available to Users in the relevant section of the Website and will apply from the date of publication. If the Data Subject does not intend to accept such amendments, they may discontinue use of the Website. Data Subjects are therefore encouraged to periodically review this section.
10. Rights of the Data Subject and methods of exercise
At any time, the Data Subject may exercise the rights granted by the GDPR (the “Data Subject’s Rights”), including in particular:
- Article 15 – Right of access: the right to obtain confirmation as to whether or not Personal Data concerning them are being processed and, where that is the case, access to such data and a copy thereof;
- Article 16 – Right to rectification: the right to obtain the rectification of inaccurate Personal Data without undue delay and, taking into account the Purposes, the right to have incomplete Personal Data completed;
- Article 17 – Right to erasure (“right to be forgotten”): the right to obtain the erasure of Personal Data without undue delay where the conditions set out in the GDPR apply;
- Article 18 – Right to restriction of processing: the right to obtain restriction of Processing in the cases provided for by the GDPR;
- Article 20 – Right to data portability: the right to receive Personal Data in a structured, commonly used and machine-readable format and to transmit such data to another controller, where applicable;
- Article 21 – Right to object: the right to object at any time, on grounds relating to their particular situation, to the Processing of Personal Data.
Requests to exercise the above rights shall be addressed directly to the Controller at the contact details indicated above, without prejudice to the right to lodge a complaint with the supervisory authority or to bring a claim before the competent judicial authority.
The Controller shall respond within one month of receipt of the request, extendable up to three months in cases of particular complexity, pursuant to Article 12 GDPR.
11. Minors
The Controller does not process Personal Data relating to minors. By accessing the Website and using the services, the User declares that they are of legal age.
12. Withdrawal of consent
Where Processing is based on the consent of the Data Subject, such consent may be withdrawn at any time by sending a written request to the Controller at the contact details indicated above.
Withdrawal of consent shall not affect the lawfulness of Processing based on consent before its withdrawal.
13. Right to object
The Data Subject has the right to object at any time, on grounds relating to their particular situation, to the Processing of Personal Data pursuant to Article 6(1)(e) or (f) GDPR, including profiling, by sending a written request to the contact details indicated above.
The Data Subject also has the right to object at any time to the Processing of Personal Data for direct marketing purposes, including profiling to the extent related to such direct marketing.
14. Cookies
This Website uses technical cookies necessary for the proper functioning of the Website and for the management of navigation and user sessions, as well as statistical analysis tools configured to collect information in aggregate form and with anonymised IP addresses, without profiling or marketing purposes.
The use of such tools does not require the User’s consent.
For more detailed information on the types of cookies used and on how to manage preferences, please consult the Cookie Policy available at the following link: [https://lyria.it/cookie-policy/].
