Privacy Policy

AS Web Agency srls is committed to protecting your privacy and developing technology to provide you with the most powerful and safe online experience. This Privacy Policy applies to the stefanato.com website and governs data collection and usage.

AS Web Agency srls, with registered office at Via Anconitano, 7, 35124 PADOVA (PD), Tax Code and VAT No. 05039740286 (hereinafter, the "Data Controller"), as data controller, informs you pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003 (hereinafter, the "Privacy Code") and art. 13 of EU Regulation no. 2016/679 (hereinafter, the "GDPR") that your data will be processed in the manner and for the following purposes:

1. Object of the treatment
The Data Controller processes personal, identifying, and non-sensitive data (in particular, name, surname, tax code, VAT number, email address, telephone number – hereinafter, "personal data" or "data") provided by you when registering on the Data Controller's website and/or when subscribing to the newsletter service offered by the Data Controller and/or when completing forms.

2. Purpose of the processing
Your personal data is processed:
A) without your express consent (Article 24, letters a, b, and c of the Privacy Code and Article 6, letters b and e of the GDPR), for the following Service Purposes:
- allow you to register on the website;
- manage and maintain the website;
- allow you to subscribe to the newsletter service provided by the Data Controller and any additional Services you may request;
- fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with you;
- fulfill obligations established by law, by a regulation, by community legislation or by an order of the Authority;
- prevent or detect fraudulent activity or abuse that is harmful to the website;
- exercise the rights of the Data Controller, for example the right to defense in court.
B) Only with your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Marketing Purposes:
- send you newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller via email
We inform you that if you are already our customer, we may send you commercial communications relating to the Data Controller's services and products similar to those you have already used, unless you disagree (Article 130, paragraph 4, of the Privacy Code).

3. Methods of processing
Your personal data is processed using the operations indicated in Article 4 of the Privacy Code and Article 4(2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is subject to both paper-based and electronic and/or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer than 10 years from the termination of the relationship for Service Purposes and for no longer than 2 years from the collection of data for Marketing Purposes.

4. Access to data
Your data may be made accessible for the purposes referred to in Articles 2.A) and 2.B):
- to employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
- to companies with which the Data Controller collaborates (for example, for technical project management activities, for the storage of personal data, etc.) or to third parties (for example, providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

5. Communication of data
Without your express consent (pursuant to Article 24, letters a), b), and d) of the Privacy Code and Article 6, letters b) and c) of the GDPR), the Data Controller may disclose your data for the purposes set out in Article 2.A) to supervisory bodies, judicial authorities, and all other entities to whom disclosure is required by law for the fulfillment of the aforementioned purposes. Your data will not be disclosed.

6. Data transfer
Personal data will be managed and stored on servers located within the European Union, operated by the Data Controller and/or third-party companies duly appointed as Data Processors. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to relocate the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will be in compliance with applicable laws, stipulating, where necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

7. Nature of the provision of data and consequences of refusal to respond
Providing data for the purposes set out in Article 2.A) is mandatory. Without it, we cannot guarantee your registration on the site or the services set out in Article 2.A).
Providing data for the purposes referred to in Article 2.B) is optional. You can therefore decide not to provide any data or to subsequently object to the processing of data already provided. In this case, you will not receive newsletters, commercial communications, and advertising materials relating to the Services offered by the Data Controller. In any case, you will continue to be entitled to the Services referred to in Article 2.A).

8. Rights of the interested party
As a data subject, you have the rights set forth in Article 7 of the Privacy Code and Article 15 of the GDPR, specifically the rights to:
i. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
ii. obtain information on: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic means; d) the identification details of the data controller, data processors, and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the entities or categories of entities to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processors, or persons in charge of processing;
iii. obtain: a) the updating, rectification, or, where applicable, integration of the data; b) the deletion, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been notified, including their content, to those to whom the data was communicated or disseminated, except where such compliance proves impossible or involves a manifestly disproportionate effort compared to the right being protected;
iv. object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales materials or for conducting market research or commercial communications, through the use of automated calling systems without human intervention, via email and/or through traditional marketing methods such as telephone and/or mail. Please note that the data subject's right to object, set forth in point b) above, for direct marketing purposes via automated means extends to traditional methods, and that the data subject may exercise the right to object even partially. Therefore, the data subject may decide to receive communications only via traditional means, only automated communications, or neither type of communication.
Where applicable, you also have the rights set forth in Articles 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.

9. How to exercise your rights
You may exercise your rights at any time by sending:
- a registered letter to AS WEB AGENCY Srls., via Anconitano, 7, 35124 Padova (PD);
- an email to info@stefanato.com

10. Minors
This Site and the Data Controller's Services are not intended for minors under 18, and the Data Controller does not intentionally collect personal information from minors. If information about minors is inadvertently recorded, the Data Controller will promptly delete it upon request.

11. Owner, manager and persons in charge
The Data Controller is AS WEB AGENCY Srls.
The updated list of data controllers and processors is kept at the Data Controller's headquarters.

12. Changes to this Policy
This Policy may be subject to change. We therefore recommend that you check this Policy regularly and refer to the most up-to-date version.