PRIVACY POLICY
INFORMATION AND REQUEST FOR CONSENT FOR THE PROCESSING

OF PERSONAL DATA

Dear User/Interested Party,
this Information is provided pursuant to Legislative Decree No. 196 of June 30, 2003 and subsequent amendments (so-called Privacy Code), as well as pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.
We inform you that the personal data you provide in the context of the consultation of the site https://marialaurino.com, will be processed by the Data Controller in order to allow you to make contact with the same to find information regarding the products and services offered by the writer Maria Laurino, and to allow users to request the aforementioned subject to subscribe to a special newsletter through which they can be always updated in order to new activities, events, blogs, posts, or articles recommended by the writer.

This data will be processed by the writer Maria Laurino, as the author and owner of the site and the copyright of her book, as well as in her capacity as the Data Controller (hereinafter also the Data Controller), in compliance with the protection principles established by the Personal Data Code, as amended, as well as all European and national legislative interventions and / or measures of the Supervisory Authorities.

The following information is given for the website https://marialaurino.com and not also for other websites that may be consulted by the User through links to it.

A. PURPOSE OF PROCESSING

The various processing of data spontaneously provided by Users are carried out by the Owner for:

• enable the User to make contact with the Data Controller in order to inquire about products and services provided by the Data Controller;
• Allow the User to receive special newsletter through which they can be always updated in order to new activities, events, blog posts, or articles, from the Data Controller. Such processing is optional and will be carried out only with the consent of the User.

B. TYPE OF DATA COLLECTED AND PROCESSED

The personal data collected, for all three Treatments described above, are:

• Name;
• Surname;
• E-mail;
• Phone.

Without prejudice to the personal autonomy of the Interested Party and without prejudice to the provision of navigation data, the provision of the above described data is indispensable and the failure to provide, even partially, the data expressly indicated as necessary will determine the impossibility for the user to receive the newsletter and/or to contact the Data Controller in order to find information regarding the products and services offered by the same.

For Processing inherent to the newsletter and Marketing is, in any case, required the express consent of the User, which can be revoked at any time.

C. OWNER, MANAGERS AND APPOINTEES

The Data Controller is Ms. Maria Laurino, a resident of New York City, NY, USA

Please be advised that the Data provided may be processed by other parties involved in the organization of the Data Controller, all of them acting as data processors, i.e. external parties (such as third party technical service providers, hosting providers, online payment platform providers, training delivery platforms), appointed as data processors or, if necessary, External Data Processors by the Data Controller.

In any case, all individuals who will process data on behalf of the Data Controller will be duly appointed and possess the organization of means and resources to process personal data in accordance with the provisions of the GDPR.

D. METHODS OF TREATMENT.

The personal data provided will be processed at the headquarters/residence of the Data Controller or by External Data Processors appointed by the Data Controller (IT and logistics service providers; outsourced and cloud computing and management service providers; external professionals and consultants; external mailing list software). The processing will take place through computer and/or telematic procedures in the manner and to the extent necessary to pursue the aforementioned purposes.

Users are informed that the server where the data provided by users will be stored, is located outside the territory forming part of the European Union, in a third country, in full compliance with European legislation on the processing and storage of personal data in accordance with the provisions of the GDPR.
The Data Controller makes use of services rendered by leading companies in the industry appointed to carry out development and maintenance of management software and technical maintenance of the site.

E. DATA TRANSFER TO THIRD COUNTRIES

The Holder declares that the processed data, both of professionals and company representatives, will be transferred to third countries and, in particular, to the USA, in full compliance with the rules and regulations enshrined in the GDPR.

Users are informed that consent to the transfer of their personal data to a non-EU country may be changed and/or revoked at any time.

F. RETENTION PERIOD

Please be advised that the Data provided will be processed and stored by the Data Controller for the purposes stated above and stored at the Data Controller with the timeframes below.

In the case of invoicing, records of purchases made will be retained for 10 years from the date of invoicing, pursuant to applicable tax/accounting law.

In cases where the User has simply contacted the Data Controller to find information regarding products and services offered by the Data Controller, the data will be retained for a period of three months and then deleted.

In the event that the User has given consent in order to request to receive the newsletter of the Data Controller, the Processing will continue until the User revokes his/her consent. In each dedicated email containing Newsletter, there will be a special link through which the User can revoke his/her consent.

From the moment of revocation, the Data Controller will instantaneously stop sending Newsletters and will have a period of thirty days to delete all Personal Data, this is to allow a reasonable amount of time to proceed with data deletion from a technical/logistical point of view.
Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until such interest is satisfied.
G. RIGHTS OF THE DATA SUBJECT
The data subject may at any time exercise his/her rights vis-à-vis the Data Controller pursuant to Legislative Decree 193/2006 and Regulation (EU) 2016/679 as referred to in the following articles:

1. RIGHT OF ACCESS TO THE INTERESTED PARTY - Art. 15 Reg. (EU) 2016/679
2. RIGHT OF RECTIFICATION - Art. 15 Reg. (EU) 2016/679
3. RIGHT TO CANCELLATION ("RIGHT TO OBLIGATION") - Art. 17 Reg. (EU) 2016/679
4. RIGHT TO THE LIMITATION OF PROCESSING - Art. 18 Reg. (EU) 2016/679
5. RIGHT TO DATA PORTABILITY - Art. 20 Reg. (EU) 2016/679

1. RIGHT OF OPPOSITION - Art. 21Reg. (EU) 2016/679

GENERAL RULES FOR THE EXERCISE OF RIGHTS

We inform you that the rights referred to in the preceding paragraphs may be exercised at any time by sending an email to the following address: https://marialaurino.com, together with a digital copy of your valid identity document.
We remind you that if you ask us to stop all processing of your personal data and not only those for promotional purposes, we will not be able to continue to provide you with the services you have requested and that, unless you request to stop only the sending of promotional communications through automated systems, in the event of your generic request we will stop all processing of your personal data even through traditional means.

In any case, the Data Controller may retain certain of your personal data should it prove necessary for you to defend or assert a right of yours.
If you wish, the updated list containing the names of the Persons in charge of the processing of your data is available to you at the offices of the Data Controller, from whom you may also request it by e-mail by writing to https://marialaurino.com

Definitions

ART. 5 GDPR

For the purposes of these Regulations:
Personal data: any information relating to an identified or identifiable natural person, also referred to as a "data subject"; an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity;
Processing: any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction;
Limitation of processing: the marking of retained personal data with the aim of limiting their processing in the future;
Profiling: any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person's professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements
Pseudonymization: the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that such personal data is not attributed to an identified or identifiable natural person;
Archive: any structured set of personal data accessible according to specified criteria, regardless of whether such set is centralized, decentralized, or functionally or geographically distributed;
Data controller: the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria applicable to its designation may be established by Union or Member State law;
Data controller: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller;

Recipient: the natural or legal person, public authority, service or other body receiving communication of personal data, whether or not it is a third party. However, public authorities that may receive communication of personal data as part of a specific investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by such public authorities shall be in accordance with the applicable data protection rules according to the purpose of the processing;

Third party: the natural or legal person, public authority, service or other body other than the data subject, data controller, data processor and persons authorized to process personal data under the direct authority of the data controller or processor;
Consent of the data subject: any manifestation of the data subject's free, specific, informed and unambiguous will by which the data subject indicates his or her assent, by way of a statement or unambiguous affirmative action, that personal data concerning him or her be processed;

Personal data breach: a security breach that accidentally or unlawfully results in the destruction, loss, modification, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;
Genetic data: personal data relating to hereditary or acquired genetic characteristics of a natural person that provide unambiguous information about the physiology or health of that natural person, and resulting in particular from the analysis of a biological sample of that natural person;

Biometric data: personal data obtained by specific technical processing relating to physical, physiological or behavioral characteristics of a natural person that enable or confirm his or her unique identification, such as facial image or dactyloscopic data;
Health-related data: personal data pertaining to the physical or mental health of a natural person, including the provision of health care services, that reveal information about his or her state of health;

Principal Establishment:
(a) with regard to a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of the processing of personal data are made in another establishment of the controller in the Union and the latter establishment has the power to order the execution of such decisions,

in which case the establishment that has made such decisions shall be deemed to be the main establishment;
(b) with respect to a controller with establishments in more than one Member State, the place where its central administration in the Union is located or, if the controller does not have a central administration in the Union, the establishment of the controller in the Union where the principal processing activities are conducted in the context of the activities of an establishment of the controller to the extent that such controller is subject to specific obligations under this Regulation;

Representative: the natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents them with regard to their respective obligations under this Regulation;
Enterprise: the natural or legal person, regardless of its legal form, engaged in an economic activity, including partnerships or associations regularly engaged in an economic activity;

Enterprise group: a group consisting of a parent company and the companies controlled by it;
Binding Corporate Rules: the personal data protection policies applied by a controller or processor established in the territory of a Member State to the transfer or set of transfers of personal data to a controller or processor in one or more third countries, as part of a business group or a group of enterprises carrying out a common economic activity;

Supervisory authority: the independent public authority established by a member state under Article 51;
Supervisory authority concerned: a supervisory authority affected by the processing of personal data as:

(a) the controller or processor is established on the territory of the member state of that supervisory authority;
(b) data subjects residing in the member state of the supervisory authority are or are likely to be substantially affected by the processing; or
(c) a complaint has been lodged with that supervisory authority;
Cross-border processing:
(a) processing of personal data that takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or

(b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union, but which affects or is likely to affect substantially data subjects in more than one Member State;
Relevant and reasoned objection: an objection to the draft decision as to whether or not there is a violation of this Regulation, or whether or not the action envisaged in relation to the data controller or processor complies with this Regulation, which objection clearly demonstrates the relevance of the risks posed by the draft decision with regard to the fundamental rights and freedoms of data subjects and, where applicable, the free movement of personal data within the Union;
Information society service: the service defined in Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19);
International organization: an organization and bodies governed by public international law subordinate to it or any other body established by or on the basis of an agreement between two or more States.

‍