Privacy Policy

POLICY AND CONSENT FOR THE USE OF PERSONAL DATA

EU Regulation No. 697/16, Art. 13

This Policy applies to personal data collected through this Website/Portal. It does not apply to other websites owned by third parties, which may – possibly – be accessed via hypertext links.

  1. Subject of the processing

In compliance with the regulations in force, EXIT Music s.n.c. processes exclusively your personal “identification” data (for example: name, surname, date and place of birth, residence address, tax code, VAT number, telephone numbers, e-mail addresses, bank details, Chamber of Commerce certificate), which will be collected – directly or indirectly, in an analogue or digital way – by our employees and/or collaborators, for the purposes set out in art. 4 below. The aforementioned data may be provided directly by You or, for certain categories of customers, may also be collected by third parties (e.g. public and private credit rating databases) in the initial phase of the contract and in order to follow up particular requests (deferred payments, credit insurance, etc.). The latter data are used to follow up on your requests and will only be processed when necessary.

  1. General principles of processing

The personal data provided will be processed exclusively for the purposes and in the manner allowed by law, in compliance with ethical and moral values, allowing the concerned party to access, at any time, information and communications relating to the processing of the same. Furthermore, the data will be processed only for the purposes listed in this information notice, guaranteeing adequate security and stored for a period of time not exceeding the achievement of the aforementioned purposes.
1. Processing modalities

In the processing of data, analogue and digital instruments will be used, taking all appropriate technical and organisational measures to ensure the security, integrity and protection of the data.

  1. Purpose of processing

Personal data will be processed in order to:

  1. to fulfil contractual and pre-contractual obligations (including but not limited to: drawing up quotations, online and in-store orders, purchases, payments, returns, dispute resolution, complaints, invoicing, financial statements, answering your questions and/or online requests for information, etc.);
  2. to comply with legal obligations or an order from the Authority (for example, but not limited to: preventing money laundering and terrorism purposes, responding to any requests from the Judicial Authority, etc.)
  3. to exercise the Controller’s rights, including in court (for example, but not limited to: protecting the Controller’s interests, recovering debts, verifying rights and obligations, compensation for damages, etc.);
  4. to pursue any of our legitimate interests (for example, but not limited to: proof of transactions, IT system management and security)
  5. to send newsletters, promotional campaigns, product offers, invitations to our own and/or third-party events, communications and commercial information in general;
    f. to disclose your data to our business partners, in order to send you newsletters, promotional campaigns, product offers, invitations to our own shows and events, communications and commercial information in general
  6. to analyse your preferences, habits and consumption choices in order to be able to send you personalised communications and commercial proposals, as well as to carry out general analyses for strategic commercial orientation purposes, also using a fidelity card, through which you may participate in prize competitions organised by our company, take advantage of discounts and promotions dedicated to you and obtain vouchers through the accumulation of points as per fidelity programmes.
    1. Consent and legal basis for processing
    No explicit consent is required for all processing purposes under letters a), b), c), and d) of the above article. Not providing your personal data may make it impossible to proceed with the carrying out of contractual obligations. On the contrary, regarding the hypotheses under letters e) and f), you are free to deny your consent to the processing of your personal data for the indicated purposes, bearing in mind that, in case of denial, you will not be sent, by us and/or by our business partners, newsletters, communications regarding promotional campaigns, shows, events and competitions with prizes that EXIT Music may offer. In case of denial of consent for the purposes referred to in the previous article, letter g), it will not be possible to send you communications and/or commercial information that suit your tastes and/or preferences and/or needs.

The legal basis for the processing operations highlighted in the above article is as follows:

 lett. a) fulfilment of contractual and/or pre-contractual obligations,

 lett. b) fulfilment of a legal obligation or an order of the Authority,

 lett. c) and d) legitimate interest of the Controller,

 letters e), f) and g) your explicit consent.
1. Access to data and disclosure to third parties
Your data will be accessible, for the purposes mentioned above, to the employees and collaborators of the Data Controller, as data processors and persons in charge of the processing, within the scope of their respective functions and in compliance with the instructions they have received from the Data Controller, exclusively for the purposes indicated in this information notice and in compliance with the current legislation. It may also be made accessible to professionals and third-party companies (for example: commercial agents, credit institutions, post offices, professional firms, consultants, insurance companies for the provision of insurance services, companies, technicians and professionals for the maintenance, updating and management of software, etc.), which carry out activities in outsourcing on behalf of the Data Controller, as external data processors, always in compliance with the purposes of the processing itself.

Personal data may be communicated to business partners for marketing purposes, if you have given your consent to do so.

The list of Data Processors is available at the Data Controller’s office.
1. Data storage period

Your data will always be processed for the time necessary to fulfil the purposes for which it was collected. Specifically, for the purposes referred to in Article 4 letters a), b), c), d) your data will be kept for the time allowed by Italian law (Article 2946 of the Italian Civil Code et seq.) and, in any case, no longer than ten years from your last commercial transaction. For the purposes of art. 4 letters e), f) and g), your personal data will be processed until your consent is withdrawn. Without prejudice to cases in which the data is necessary for the assessment, exercise or defence of the Controller’s rights, including in court, which may justify its storage until the purpose is fulfilled.
1. Profiling and Dissemination

Your personal data is not subject to dissemination nor to any fully automated decision-making process. No profiling processes are carried out by us, unless expressly authorised by you in compliance with Section 8 letter g).
1. Video surveillance

In the event that you decide to come to our shops, we would like to inform you that video surveillance systems are installed to protect the company’s assets. The processing of data acquired by these systems is based on necessity, legitimacy, proportionality and purpose.
We also inform you that:

 the Data Controller is in charge of video surveillance;

 the cameras do not film the toilets;

 only the Data Controller and the Workers’ Safety Manager will have access to the recordings;

 the recordings will be stored for a period of twenty-four hours (except in cases of specific circumstances due to holidays or in the event of a specific investigative request by the judicial authorities), at the end of which the system will automatically delete them by overwriting them;

 the images will not be disseminated in any way.
1. Rights of the data subject

We inform you that you have the right to:

  1. access to your personal data, in order to know and obtain communications relating to the methods and purposes of their processing;
  2. have your data updated, completed and/or corrected;
    c. delete your data: if they are no longer necessary, if they are no longer used for the purposes for which they were collected or processed, if you decide to withdraw the consent previously given and there is no other legitimate reason to continue processing, if it is necessary to comply with an obligation imposed by a law of a European Union Member State
  3. request the restriction of your data processing, in cases of: I) a dispute over the accuracy of the personal data, for the period necessary to carry out the verification; II) in the event of unlawful processing and refusal to erase the data, with a concurrent request for restriction; III) if the Data Controller no longer needs the data, but the same are necessary for the Data Subject to exercise or defend a right; IV) in the event of refusal to process the data and to verify the possibility that the Data Controller’s legitimate reasons prevail over those of the Data Subject;
    e. request the transfer (portability) of your personal data (in a structured, commonly used and machine-readable format) to another Data Controller of your choice;
  4. refuse the processing of Your data for reasons of legitimate interest, for marketing purposes or for historical, scientific and statistical processing;
  5. withdraw your consent, when provided, bearing in mind that the aforesaid withdrawal shall not affect the lawfulness of the processing based on the consent given before the same
  6. lodge a complaint with the Supervisory Authority (Data Protection Supervisor), following the procedures and indications published on the Authority’s official website www.garanteprivacy.it.
  7. Changes imposed by legislation

This information notice may also be updated and/or modified in order to adapt and/or comply with national, EU or international regulations or to adapt to technological innovations. Any updates and/or changes that are made will be reported on this web page, and always made available by hyperlink on the website, so that interested parties can be fully informed about the use made of their personal data provided on this Website/Portal.
1. Data controller
The Data Controller is EXIT Music s.n.c., Savigliano (CN) 12038, Via Tapparelli D’Azeglio nr. 43
1. Contact

Any request and/or information can be addressed to the following contacts:

E-mail: info@exitmusic.it

Tel. 0172749486