D'Aponte Sas, with registered office at Via Casarea 15/19, 80013 Casalnuovo di Napoli, VAT No. 05941211210 (hereinafter referred to as “Controller”), as the data controller, informs you pursuant to Art. 13 of Legislative Decree 30.6.2003 No. 196 (hereinafter referred to as “Privacy Code”) and Art. 13 of EU Regulation No. 2016/679 (hereinafter referred to as “GDPR”) that your data will be processed in the manner and for the purposes indicated below:

1. Subject of Processing
The Controller processes personal, identifying data (e.g., name, surname, business name, address, telephone number, email address, banking, and payment details) hereinafter referred to as “personal data” or simply “data” provided by you when concluding contracts for the Controller’s services.

2. Purpose of Processing
Your personal data are processed:
a. without your express consent (Art. 24 letters a), b), c) Privacy Code and Art. 6 letters b), e) GDPR), for the following Service Purposes:
- to conclude contracts for the Controller’s services;
- to fulfill pre-contractual, contractual, and tax obligations arising from the relationship with you;
- to comply with legal obligations, regulations, EU legislation, or an order from an Authority (e.g., in matters of anti-money laundering);
- to exercise the Controller’s rights, for example, the right to defense in court;
b. only with your specific and separate consent (Arts. 23 and 130 Privacy Code and Art. 7 GDPR), for the following Marketing Purposes:
- to send you newsletters, commercial communications, and/or advertising material on products or services offered by the Controller via email, mail, and/or SMS and/or phone calls and to gauge satisfaction with the quality of services;
- to send you commercial and/or promotional communications from third parties (e.g., business partners, insurance companies, affiliated companies, or group companies) via email, mail, and/or SMS and/or phone calls.
Please note that if you are already a customer, the Controller may send you commercial communications about services and products similar to those you have already used, unless you object (Art. 130, paragraph 4, Privacy Code).

3. Processing Methods
The processing of your personal data is carried out through the operations indicated in Art. 4 of the Privacy Code and Art. 4 No. 2 GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data are processed both on paper and electronically and/or using automated methods.

The Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years after the termination of the relationship for Service Purposes and no more than 2 years from data collection for Marketing Purposes.

4. Access to Data
Your data may be made accessible for the purposes referred to in Art. 2.A) and 2.B):
- to employees and collaborators of the Controller in Italy and abroad, in their capacity as appointees and/or internal data processors and/or system administrators;
- to third-party companies or other entities (e.g., credit institutions, professional firms, consultants, insurance companies providing insurance services, etc.) that perform outsourcing activities on behalf of the Controller in their capacity as external data processors.

5. Data Communication
Without the need for express consent (ex Art. 24 letters a), b), d) Privacy Code and Art. 6 letters b) and c) GDPR), the Controller may communicate your data for the purposes referred to in Art. 2.a. to supervisory bodies (such as IVASS), judicial authorities, insurance companies providing insurance services, as well as those to whom communication is mandatory by law to fulfill the purposes mentioned. These entities will process the data in their capacity as independent data controllers.
Your data will not be disseminated.

6. Data Transfer
Personal data are stored on servers located in Italy (IT) within the European Union. In any case, it is understood that the Controller, if necessary, will have the right to move the servers outside the EU. In such cases, the Controller ensures as of now that the transfer of data outside the EU will take place in compliance with applicable legal provisions, subject to the stipulation of standard contractual clauses as provided by the European Commission.

7. Nature of Data Provision and Consequences of Refusal
The provision of data for the purposes referred to in Art. 2.a. is mandatory. Without it, we cannot guarantee the services referred to in Art. 2.a. Providing data for the purposes referred to in Art. 2.c. is optional. You can therefore decide not to provide any data or to deny the subsequent possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising material related to the Controller’s services. You will still be entitled to the services referred to in Art. 2.a.

8. Rights of the Data Subject
As a data subject, you have the rights referred to in Art. 7 Privacy Code and Art. 15 GDPR, specifically the rights to:
I. obtain confirmation of whether or not personal data concerning you exist, even if not yet recorded, and their communication in an intelligible form;
II. obtain information on: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with electronic tools; d) the identification details of the Controller, data processors, and designated representative pursuant to Art. 5, paragraph 2, Privacy Code and Art. 3, paragraph 1, GDPR; e) the entities or categories of entities to whom personal data may be communicated or who may learn about them as designated representatives in the State’s territory, data processors, or appointees;
III. obtain: a) the updating, rectification, or, when interested, the integration of data; b) the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those that do not need to be retained for the purposes for which they were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been made known, also regarding their content, to those to whom the data were communicated or disseminated, unless this proves impossible or involves a disproportionate effort compared to the protected right;
IV. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, using automated call systems without the intervention of an operator via email and/or traditional marketing methods via phone and/or mail. Please note that the data subject's right to object, described in the previous point b), for direct marketing purposes using automated methods also extends to traditional methods, and the possibility remains for the data subject to exercise the right to object even partially. Therefore, the data subject can decide to receive only communications via traditional methods or only automated communications, or neither of the two types of communication. Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right to Rectification, Right to Erasure, Right to Restriction of Processing, Right to Data Portability, Right to Object), as well as the right to lodge a complaint with the Supervisory Authority.

9. Methods of Exercising Rights
You can exercise your rights at any time by sending:
- a registered letter with return receipt to: D'Aponte Sas - Via Casarea 15/19, 80013 Casalnuovo di Napoli;
- a certified email to: [email protected].

10. Data Controller, Data Processor, and Appointees
The data controller is D'Aponte Sas, with registered office and operational headquarters at Via Casarea 15/19, 80013 Casalnuovo di Napoli. The updated list of data processors and appointees is kept at the Controller's registered office.

Product added to wishlist