On this page, you can find all the information on how Grete Merlyn Kaljumaee processes and manages the personal data of users transmitted/acquired by the Data Controller while browsing.
The data controller is Grete Merlyn Kaljumaee
Contacts. +39 342 6168663 / firstname.lastname@example.org
VAT: 03886070139 / C.F. KLJGTM94D62Z144R
Type of data processed by our site and recipients
During navigation on this website, the following data are acquired and processed by the Controller, either independently or through third parties:
- Navigation data
- Identifying data voluntarily provided by the data subject
Personal identification data are provided voluntarily by the person concerned and allow their direct identification; they are: name, surname, telephone number, e-mail address, date-time-location of birth. These data must be provided voluntarily and explicitly by the user by filling in forms and are subsequently acquired by the Controller for the purposes of processing and for those authorised by the user. The user always assumes responsibility for the personal data of third parties obtained, published and shared on our site and guarantees that he/she has the right to communicate and disseminate them, releasing the Controller from any responsibility towards the third parties in question. The recipient of the data is the Owner, who will use the data acquired for the purpose of communication and will take care of the protection of sensitive data by not communicating it to third parties.
Legal basis of the processing
The legal basis for the processing is the consent freely given by the data subject when providing his data and/or the need to execute the contract with the Controller. The Controller shall also lawfully process the data in order to fulfil a legal obligation to which it is subject, where necessary to safeguard the vital interests of the data subject or of another natural person and where necessary for the performance of a task carried out in the public interest or in connection with the exercise of public authority vested in the Controller (Art. 6 EU Regulation 2016/679). The user always has the right to know the concrete legal basis for the processing of his or her data by making an express request to the Controller’s contact details.
Purpose of processing
The user’s data are acquired and processed in order to provide its services and ensure the fulfilment of the contract signed with the data subject or to process any pre-contractual requests made by the same (e.g. the drafting and submission of an estimate, making a payment or booking a session). The data are also acquired and processed for the following purposes: communication with the user, viewing the content of external platforms and interacting with them.
Processing methods and details of services used
Processing by the Data Controller of data acquired through the site and for the purposes identified above takes place through the use of computer and/or telematic tools, rarely on paper and through management software.
Your data can be used on these softwares (depending on your requests on the website):
- brevo.com is used for sending emails, newsletters and booking of sessions and readings. When you subscribe to the newsletter or book a session, your data will be stored here.
- stripe.com is used to process payments. When you buy a session or a digital tool, Stripe will store the relative data in the most secure way possible.
- gumroad.com is used to distribute free tools. When you download free tools, your data will be stored on Gumroad.
- invoice.zoho.eu is used for tax keeping purposes. For clients who benefit from Grete’s services, Zoho Invoice will be used for invoicing and estimates.
The Data Controller has adopted appropriate technical and organisational measures to guarantee the protection of the data processed in compliance with the relevant legislation in force, as well as an adequate security policy that includes training of the personnel in charge of processing to ensure that the processing is always carried out safely. In the event of the appointment of Data Processors (e.g. hosting providers, IT companies, suppliers in general), the Data Controller shall ensure that they constantly operate in compliance with the provisions of the Law by adopting technical and organisational measures suitable to protect the rights of the data subject.
Time and place of data storage
Personal data collected from this site are processed at the Data Controller’s premises. Data may be transferred to subjects and third countries outside the European Union only with the express consent of the user concerned and in the manner and for the purposes already indicated above. The user has the right to know in detail the security measures adopted by the Data Controller to protect data transmitted to third parties and outside the EU by sending a specific request to that effect to the contact details given above.
Rights of the user (data subject)
– The data subject always has the right to access the data concerning him or her that are processed by the website, to request their rectification and update as well as their deletion or restriction unless this conflicts with the legal obligations of the Data Controller (e.g. related to tax and fiscal purposes).
– The data subject has the right to object to processing without a legal basis and for mere marketing purposes (Art. 21 EU Regulation 679/2016).
– The data subject has the right to the portability of data concerning him or her for the purpose of transmitting them from one data controller to another, in accordance with the Law (art. 20 EU Regulation 679/2016).
– The data subject has the right to withdraw consent to the processing at any time without affecting the lawfulness of the processing based on the consent previously given and in any case unless the processing is imposed on the data controller to comply with legal obligations.
– The data subject has the right to lodge a complaint with the Garante per la Protezione dei dati personali in any case in which he/she considers that his/her rights under Italian and European Union data protection legislation have been violated.
– If in the performance of its activities and for the purposes of executing the contact, the Data Controller makes use of automated decision-making processes that produce legal effects on the data subject or affect him/her in a similar way, the data subject shall have the right to be informed at any time of the logic on which such processes are based, as well as of the importance of such processing and the consequences thereof for him/her.
– In the course of its activities, the Data Controller carries out profiling activities on the data of the data subject, understood as the use of such data to analyse or predict aspects concerning the professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of the data subject. The activities carried out by the site have been explained above, as has the fact that they are based on the consent freely given by the user.
– The controller transfers to third parties and transfers to countries or international organisations all or part of the personal data of the data subject, subject to the specific consent of the data subject and in all cases ensuring adequate data protection in accordance with the legislation in force on the protection of personal data, as specified above. The data subject shall be informed of the appropriate safeguards adopted by the Data Controller to ensure constant data protection and ensure that the data subject can exercise his or her rights, as well as of the place where his or her data are available and the means of obtaining a copy of them.
To find out more, make use of the right to be forgotten or otherwise, please contact the Controller.