Privacy Policy

PREFACE

Dear User,

This Privacy Policy is provided to you pursuant to art. 13 of EU Regulation 2016/679 - concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter also the "Regulation" or "GDPR").
This Privacy Policy contains information relating to the processing of your personal data as a result of browsing the internet and using the services made available to you via the website.
You will be given specific and/or supplementary information about the processing of your personal data every time we collect it, when you interact with the website, or by virtue of contractual relationships established with our Company; you can view them all at any time by clicking on the links in the “Policies” section at the bottom of this page.

NB: this Privacy Policy does not apply to web services provided by any third parties you may use or consult via hypertext links. In this regard, we invite you to consult the privacy information and privacy policies provided by these third parties in the appropriate locations.

DEFINITIONS

Privacy Regulations: The GDPR, the Privacy Code, the Italian Data Protection Authority's provisions and in general all laws concerning the protection of individuals with regard to the processing of personal data.

GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation)

Personal data: Any information regarding an identified or identifiable individual.  Besides data provided by the user via any forms in individual web service areas, this also includes browsing data

Data subject: The identified or identifiable individual that personal data refers to.

Browsing data: In the course of their normal operation, the computer systems and software procedures used to operate web services collect certain data whose transmission is implicit in the use of internet communication protocols. This is information that is not collected in order to be linked to identified data subjects, but that by its very nature could allow users to be identified via processing and association with data held by third parties. However, if the browsing session takes place after accessing the Reserved Area (requiring users to log in), the data collected is associated with the user's personal account.

Browsing data includes:

* IP addresses or domain names of the computers used by users that connect to the website;

* the addresses of the requested resources in URI (Uniform Resource Identifier) format;

* the time of the request;

* the method used to submit the request to the servers;

* the size of the file obtained in response;

* the numerical code indicating the status of the response the server gives (successful, error, etc.)

* other parameters regarding the user's operating system and computer environment.

Data provided by users: This is the data which the user voluntarily and knowingly provides by sending communications (e.g. by email, to the addresses on the web domain) or by filling in specific forms, if present in the areas provided by the services.

The data provided by the user is only strictly necessary for the purposes required by the services on a case by case basis (for precise details regarding the categories of data collected on a case by case basis, please refer to the relevant privacy policy). By way of example, this data may be:

* personal details;

* regarding contact details (e.g., email address)

* related to the user/client's contractual position;

* geolocation (if the user has consented to the collection of data about their position);

* regarding the use of individual services available to the user;

* regarding facts and events disclosed by the user in their messages (as far as this is concerned, and in order to better protect them, users are encouraged not to provide information that is not strictly connected with the request and the nature of the services provided by the Company).

Data controller: The person who decides on the purposes and methods of processing personal data.  With reference to web services, SAINT MICHEL STUDIO SRLS is the Company which this website refers to and whose references are at the bottom of each page.

Services or Web Services: The services provided through the internet, used via the website and/or any apps.

User: The data subject (individual) who browses, consults, accesses or uses the web services.

DPO: The Data Protection Officer. Users may request clarifications regarding the processing of personal data or exercise their rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information about data processing”.

Italian Data Protection Authority: The Guarantor for the protection of personal data, in other words the Italian national monitoring authority for the protection of personal data. Consult the  Authority's website.

Cookies: Cookies are pieces of information that are stored on your device (e.g., in your browser's memory) when you visit a website or use a web application

Each cookie may contain various data, such as the name of the server it comes from, a numerical identifier, etc.

See the Cookies Policy for more information.





USER PERSONAL DATA PROCESSING POLICY

Below we have provided some useful information about the processing of personal data carried out via our web services.

In particular, we would like to inform you about:

* the identification and contact details of the Data Controller;

* the contact details of the Data Protection Officer (DPO);

* the categories of personal data processed via the web services;

* the purposes for which this personal data is processed on a case by case basis;

* the conditions that legitimise the processing of this data (legal grounds);

* how long the data will be stored for, always strictly necessary for the pursuit of the stated purposes;

* the categories of data recipients.

Data controller: SAINT MICHEL STUDIO SRLS

Headquarter: Viale Monte Nero, 20 - Milano

Categories of personal data, purposes and legal grounds for processing and length of data storage

Providing your personal information is free and optional; We remind you, however, that it is indispensable to pursue certain purposes (to provide you with appropriate feedback to requests, to register in the Reserved Area or to provide individual services); if is not provided, it may not be possible to pursue these purposes.

If data (and relative consent) is not provided for any marketing or profiling purposes, this will not affect other services requested.

We invite you to consult the relevant data processing policies for more details.

Processing methods and data storage period

The abovementioned data will not be distributed and may be disclosed to members of staff in our Company who have specific authorisation to process it.  Processing operations may be carried out by external parties who perform certain activities on our behalf and with whom we have special agreements governing the processing of personal information.

Finally, data may be disclosed at the express request of public authorities or law enforcement agencies.

The processing of personal data is always subject to the application of appropriate security measures to ensure the confidentiality, availability and integrity of the data.

COOKIES

The Web Services may use both first and third-party technical, analytical and profiling cookies. 
Cookies are essential to improve the services and to provide products that are always in line with user preferences.
Any use of profiling and/or third-party cookies will always be subject to your prior consent.

To find out more, click here.





RIGHTS OF THE USER (AS DATA SUBJECT)


Privacy laws (articles 15-22 of the Regulation) guarantee the user, as data subject, the right to access data about them, as well as to obtain the rectification and/or integration, erasure or portability of the data.  Privacy laws also give the user the right to request the restriction of data processing and to object to processing, as well as the possibility to withdraw any consent given (withdrawal does not affect the lawfulness of the processing carried out up to that moment).