In carrying out its activities, Pur Pur Creative processes personal data, in compliance with all applicable laws and contractual provisions, using methods based on principles of correctness, lawfulness and transparency, protecting the privacy of the data subject and his / her rights.
Joint data controller
With this document, Pur Pur Creative – as Joint Data Controller processing personal data – pursuant to art. 13 and EU Regulation 679/2016 (hereinafter “GDPR”), intends to provide all information related to its use of personal data of the users of the website (hereinafter, “User/Users”) https://purpur-creative.de (hereafter, “Website”).
TYPES OF DATA COLLECTED
This is your Services Page. It's a great opportunity to provide information about the services you provide. Double click on the text box to start editing your content and make sure to add all the relevant details you want to share with site visitors.
a) Navigation data: the personal data that the computer systems and software procedures, used to operate this Website, acquire during their ordinary operations and whose transmission is implied in the use of Internet communication protocols. This information is not collected to be associated with identified data users but rather to be used through processing and association with data held by third parties to identify the related users. This category of data includes: IP addresses or domain names of the computers used by users who connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and they is deleted immediately after processing. The data could be used to ascertain responsibility in case of a hypothetical IT crime which may result in a damage of the Website; apart from this eventuality, this data is not stored for more than seven days.
b) Data provided voluntarily by the User by sending an email to firstname.lastname@example.org: when sending an email the User data will be processed for the sole purpose of replying to the request and fulfilling the related administrative obligations. The data that will be processed is: name, e-mail and any other personal data voluntarily shared by the User.
c) Cookies: for the process of data through cookies, please take a look to the relevant policy.
PURPOSES AND LEGAL BASIS OF THE DATA PROCESSING
User’s data collected are processed by the Joint Data Controller to:
ENSURE THE CORRECT FUNCTIONING OF THE WEBSITE, which is the legitimate interest of the Joint Data Controller to ensure the safety of the Website and the information exchanged therein, which means also the capacity of such Website to resist – at a given level of security – to unforeseen events or illicit or malicious acts that may compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible. The related legal basis is art. 6, par. 1 lett. f) of GDPR.
MANAGE THE CONTACT REQUEST, which means to reply to the requests submitted by the data subject. The related legal basis is art. 6, par. 1, lett. b) of GDPR, being the processing of her/his personal data necessary for the execution of the contract of which the data subject is a party;
SEND COMMUNICATIONS, INVITATIONS TO EVENTS/WORKSHOP OF THE JOINT DATA CONTROLLER, only if the data subject has expressed explicit consent to receive invitations to events organized by the Joint Data Controller or to send communications related to the activities of the Joint Data Controller. The related legal basis is art. 6, lett. A) of GDPR (consent of the data subject);
EVALUATE PROFESSIONAL PROFILES received through spontaneous candidature of a data subject with the intent to offer possible professional collaboration. The related legal basis is art. 6, par. 1, lett. b) of GDPR.
MODE OF PROCESSING THE DATA
Data processing will be carried out both on paper and electronically with the help of modern computer systems by persons expressly appointed for this purpose. The processing will take place with logic and through forms of organization of data strictly related to the obligations, tasks or purposes mentioned above. The Joint Data Controller uses technical and organizational measures to protect the data in his possession from manipulation, loss, destruction and against access by unauthorized persons. Security measures are constantly improved on the basis of technological development.
The User’s personal data will be processed by parties authorized to perform these tasks, duly appointed as data processors or in charge of processing, equipped with security measures to guarantee the confidentiality of the data shared by data subjects and to avoid undue access by third parties or unauthorized personnel. If necessary, the data collected may be transmitted to the Joint Data Controller, within the limits strictly relevant to the obligations, tasks or purposes described in point 2, to public or private subjects (insurers, auditing and certification companies, etc.) or to competent Authorities for the purpose of prevention, detection or repression of crimes, in compliance with the relevant regulations. No data will be disseminated.
The updated list of all Data Processors is available at Comes Design Studio’s office and may be requested at the following e-mail address: email@example.com. Such list may be updated from time to time.
All User’s data, stored in electronic form, is stored on a server owned by Comes Design Studio located in the European Union.
Personal Data shall be processed and stored as long as required for the purpose they have been collected for.
For the purposes referred to in art. 2) a) herein, personal data will be processed for the period strictly necessary to the pursuit of the aforementioned objectives and, subsequently, to the fulfillment of legal obligations and/or for defensive purposes.
The data provided for commercial communications activities, opinion polls and market researches will be stored until the request by the data subject to interrupt such activity or up to a maximum of 2 years.
Once the retention period expires, Personal Data will be deleted. Therefore, the right to access, the right to delete, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Users are entitled to know their rights, essentially consisting in the right to receive from other contractual parties’ information about the existence of the processing of their personal data, as well as access to their data, to obtain rectification, integration, update, erasure or block of their data. Furthermore, the User will also have the right to obtain a copy of his data, to limit or deny the process of the personal data, as well as the right to data portability and to submit complaints to the competent control Authorities at the conditions and within the limits indicated in art. 13 of the GDPR.
Pursuant to articles 15 and following of the GDPR, each data subject has the right to the following rights:
Right to be informed
Right of access to the data
Right to rectification
Right to erasure (‘right to be forgotten’)
Right to restriction of processing
Right to data portability
Right to object
The data subject can therefore know what personal data is held by the Joint Data Controller, its origin and how it is are used, can request its updating, correction or integration and, in the cases provided by the provisions in force, can also request the cancellation, the limitation of treatment or oppose to their treatment. Each data subject may, if he wishes, request to receive a copy of the personal data held by the Joint Data Controller in a format readable by electronic devices and, where technically possible, the Joint Data Controller may transfer the data directly to a third party indicated by the data subject.
If the user believes that the processing of his/her personal data has been carried out illegitimately, he/she can file a complaint with one of the competent control Authorities in charge of compliance of the rules on the protection of personal data. In Italy, any related complaint can be filed to the Garante per la Protezione dei Dati Personali (http://www.garanteprivacy.it/).
EXERCISE OF RIGHTS
To exercise the aforementioned rights, Users can send a communication to the following email address – firstname.lastname@example.org, indicating the subject “Privacy – exercise of rights”.