PRIVACY POLICY


This information is provided, pursuant to art. 13 GDPR 679/2016 – “European regulation on the protection of personal data”, to persons who, for whatever reason, come into contact, request information or execute a transaction with DHORA S.r.l. Impresa Sociale or with one of the persons indicated below as joint controller of the processing (Article 26 of the GDPR) or with one of the persons who is designated as a DHORA S.r.l. Impresa Sociale controller (Article 28 of the GDPR).
Identity of the joint-controllers of the processing
The joint-controllers s of the processing with the purposes indicated below are:

  • DHORA S.r.l. Impresa Sociale based in Via Baldissero, 21 in Vidracco (TO), in the person of its legal representative pro tempore;
  • Devodama S.r.l., based in Via Baldissero, 21 in Vidracco (TO) in the person of its legal representative pro tempore;
  • Aps Damanhur, based in Via Pramarzo, 5 in Baldissero Canavese (TO), in the person of its legal representative pro tempore;
  • the bodies indicated at www.kditalia.it

Based on the internal agreement signed between the joint-controllers pursuant to art. 26 GDPR, it is up to DHORA S.r.l. Impresa Sociale the responsibility of providing information on the processing of personal data to the data subject.

The company DHORA S.r.l. Impresa Sociale has also been designated as a data processor, pursuant to art. 28 GDPR, by the following independent data controllers:
Damanhur Welcome & University S.n.c., based in Via Pramarzo, 3 in Baldissero Canavese (TO) in the person of its legal representative pro tempore;the bodies indicated at www.kditalia.it.

The processing for which DHORA S.r.l. Impresa Sociale has been designated as the processor is the same processing carried out as a joint controller.

Additional processing entrusted to DHORA S.r.l. Impresa Sociale in his capacity as the processor, is providing the information on the processing of personal data to the data subjects on behalf of the individual independent data controllers.

Finally, the response to the data subjects in case of exercise of their rights rests with DHORA S.r.l. Impresa Sociale

Identity of the Data Protection Officer for DHORA S.r.l. Impresa Sociale

The Data Protection Officer is Dr. Enrico Gamberini for the position located at DHORA S.r.l. Impresa Sociale in Via Baldissero, 21 in Vidracco (TO).

Data source
The personal data processed are those provided by the interested party on the occasion of:

  • purchases made at the point of sale of any of the subjects listed above, or through a website linked to them;
  • requests for information addressed to any of the subjects listed above, including by e-mail;
  • previous transactions with one or more of the subjects listed above.
Purpose of the processing
  1. The personal data of the data subjects can be processed by DHORA S.r.l. Impresa Sociale, by the other joint-controllers and by the independent data controllers who have designated DHORA S.r.l. Impresa Sociale as a data processor for the following purposes:to forward to those who have expressed interest in the products, services, activities and initiatives proposed by any of the subjects listed above, communications of various kinds and with different means of communication (telephone, mobile phone, email);
  2. to promote the activities, initiatives, products, and services of the subjects listed above;
  3. making requests or processing requests received;
  4. exchange information aimed at the execution of commercial transactions or contractual relationships of various kinds, including pre and post-contractual activities.
  5. carry out the operations necessary for the execution of orders and other requests;
  6. acquire user data from social profiles, through social login or interaction with the property of the subjects involved.
The pursuit of the aforementioned purposes and the consequent processing of personal data may be carried out independently by DHORA S.r.l. Impresa Sociale, by DHORA S.r.l. Impresa Sociale together with one or more of the listed subjects, independently by each of the subjects listed above.


Legal basis of the processing

The legal basis that legitimizes the processing is:

  • performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, for the purposes set out in points 1), 3), 4) and 5);
  • legitimate interests pursued by a joint-controller or by an independent controller, for the purposes referred to in point 2);
  • consent of the data subject, formulated through the free and conscious choice of privacy settings on the social media used, for the purposes referred to in point 6).


Recipients of the data
The personal data processed by the Data Controller will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be communicated to workers who work in the offices of the joint-controllers or independent data controllers, as listed above. They may also be disclosed, to the extent strictly necessary, to persons who for the purpose of evasion of purchases or other requests or services related to the transaction or contractual relationship with one or more of the listed subjects, must provide goods and/or perform on their behalf performance or services. Finally, it may be communicated to the persons entitled to access it under the provisions of the law, regulations, and community regulations.
In particular, on the basis of the roles and job duties performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the respective controller or joint-controller of the processing.


Data transfer

None of the subjects listed above transfers personal data to third countries or to international organizations.
However, they reserve the right to use cloud services; in which case, the service providers will be selected among those who provide adequate guarantees, as required by art. 46 GDPR 679/16.


Data retention

The subjects listed above as data controllers or independent data controllers keep and process personal data for the time necessary to fulfill the purposes indicated. Subsequently, personal data will be stored, and not further processed, for the time established by the current provisions on civil and fiscal matters.


Rights of the data subject

With reference to art. 7 of Legislative Decree 196/2003 and Articles 15 – right of access, 16 – right to rectification, 17 – right of erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 – right to oppose to automated individual decision-making of GDPR 679 / 16, the interested party can exercise his rights by writing to DHORA S.r.l. Impresa Sociale at the address above, or by e-mail at privacy@kditalia.it , specifying the joint-controller or independent controller in respect of which he exercises the right, the object of his request, the right that he intends to exercise and attaching a photocopy of an identity document that proves the legitimacy of the request.


Revocation of consent

With reference to art. 23 of Legislative Decree no. 196/2003 and art. 6 of GDPR 679/16, the data subject can revoke any consent given at any time.
However, with the exception of point number 6 above, the processing subject of this information is lawful and permissible, even without consent, as necessary for the execution of a contract to which the data subject is part (the supply relationship of products or services) or to the evasion of his requests.

Complaint proposal
The data subject has the right to propose a complaint with the supervisory authority of the state of residence.


Refusal to provide data

The data subjects that make purchases of products or services can not refuse to provide the personal data necessary to comply with the laws that regulate commercial transactions and taxation.
The provision of further personal data may be necessary to improve the quality and efficiency of the transaction.
Therefore, the refusal to provide the data required by law will prevent the fulfillment of orders; while the provision of additional data may compromise all or part of the processing of other requests and the quality and efficiency of the transaction.


Automated decision-making processes

The subjects listed above do not carry out treatments consisting of automated decision-making processes on the data of customers acting as natural persons, or of persons operating in the name and on behalf of clients or legal entities.


DHORA Impresa Sociale S.r.l.
Via Baldissero n.21 , 10080