Privacy Policy
INFORMATION ON THE WEBSITE PRIVACY POLICY
Browsing on this site and/or access to specific sections of the same can lead to the collection and processing of personal data by the Data Controller Spencer & Lewis.
This privacy policy provides information on the processing procedures of personal data regarding users browsing the website https://www.spencerandlewis.com/ and using the functions and services present.
This Privacy policy governs the personal data processing carried out by our company on this website in compliance with the legislation in force on data protection, in particular EU Regulation 2016/679 (hereinafter “GDPR”).
DATA PROCESSING
Data controller: Spencer & Lewis
Headquarters: Via dei Magazzini Generali, 10, 00154 Roma RM
Contact details: Tel. 06 45582893 – Email: italia@spencerandlewis.com
The data controller is liable to you for the lawful and proper use of your personal data and may be contacted for any information or request with regards to such processing.
Data acquired during browsing
The IT systems and and software procedures to run the website collect some personal data whose sending is implicit in the use of Internet communication protocols (IP addresses, URL addresses of the resources requested, time of request, method used to submit the request to the server, etc.).
This information is not collected to be associated to identified users and/or data subjects, but, because of its nature, it is used with the purpose of running the Website.
Data voluntarily provided by the user
The optional, explicit and voluntary sending of e-mails to the addresses given on this website in the Contact section for the request of information implies the subsequent acquisition of the sender’s address, as well as any other personal data contained in the request. The relevant processing is carried out exclusively to follow up the data subject’s request.
Purpose of processing and legal basis
The personal data collected shall be used by Spencer & Lewis in compliance with the legal provisions of art. 6 of GDPR for the purposes given below:
- The data acquired during browsing by all users shall be processed to enable the correct operation of the Website;
- The personal data provided by the users sending requests are used exclusively for following up the requests sent.
Methods used for processing
Personal data processing shall be carried out via automated tools for the time necessary to achieve the purposes for which they have been collected. Data processing shall be carried out complying with the security and confidentiality measures meant to prevent risks, such as loss, destruction, unlawful use of data, pursuant to the legislation in force, by Authorised People and Data Processors duly appointed. Upon withdrawal of consent by the data subject, data shall be no longer processed by the Data Controller.
Receivers of data and transfer of data outside the EU
Users’ data are processed by employees, other staff of the Data controller or external staff in their capacity as people authorised and Data Processors who, on behalf of the Data controller, carry out tasks of technical and organizational nature following specific instructions from the Data controller.
The Data Controller carries out data transfers to countries within the EU and may transfer data to countries outside the EU or to International Organizations. In the event of a transfer, the data will be transferred in accordance with Article 44 (General principle for transfers), Article 45 (Transfer based on an adequacy decision), and Article 46 (Transfer subject to appropriate safeguards). Specifically, the data may be transferred to third countries or international organizations for which the Commission has issued an adequacy decision (Article 45 of Regulation EU 2016/679).
Data Retention Times
Complying with art. 5 paragraph 1 letter e) of European Regulation 2016/679, the personal data collected shall be stored in a form which permits identification of data subjects for no longer than the time necessary for the purposes for which the personal data were collected and other purposes allowed and associated, or in compliance with the provisions of the applicable legislation. The retention times of the data collected via the browsing of the website concerned are given below:
- The data acquired when browsing this website are retained for the duration of the browsing session;
- Contact section: the data provided by the users who send requests are retained for the period necessary to deal with the request;
Rights of the data subject
Users have the following rights set forth by the GDPR:
- Right to request access to your personal data (art. 15);
- Right to rectification (art. 16);
- Right to erasure of personal data (art. 17);
- Right to restriction of the processing of personal data (art. 18);
- Right to object to the processing of personal data (art. 21);
- Right to data portability (art. 20);
- Right to withdraw consent to the processing of personal data for one or more specific purposes, at any time , without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal;
- Right to lodge a complaint with a Supervisory Authority (art. 77).
How to exercise your rights
At any time, you shall be entitled to exercise the rights of the data subject contacting the Data Controller at the e-mail address italia@spencerandlewis.com