1. Owner and controllers - Article 13, paragraph 1, point (a) (b) GDPR 2016/679
The data controller is Appink Srls
The joint partners of Appink SRLS are responsible for the data processing.
to whom you can contact via e-mail appink@pec.it to exercise the rights recognized by the GDPR and to know the updated list of all data processors.

2. Purpose of treatment - Article 13, paragraph 1, point (c) (d) GDPR 2016/679
The personal data you provide may only be used for the following purposes:
- management of Aristi's personal data;
- execution of the professional service requested;
- sending of service communication;
- in case of consent, sending commercial communications;
- management of e-mail addresses of registered users only with interest in using the function "Reviews"
No further processing based on the legitimate interests pursued by the holder of the treatment.
Data category Types of data
Personal data - Name, surname, physical address, nationality, province and municipality of residence, fixed and/or mobile telephone, fax, tax code, e-mail address(es) P. VAT if Artist.
- Nickname and email address if User.
Bank data iban, bank/postal/credit card details, if applicable.
Telematic traffic data Log, IP address of origin. (these data will be processed only in the event of incorrect use of the application only to users / artists who do not comply with the rules set out in the conditions of use)
Other Special Data If supplied and authorized.

3. Communication and dissemination of data - Article 13, paragraph 1, point (e) (f) GDPR 2016/679
The data may only be communicated to the person concerned and to persons explicitly indicated in the data sheet. by the interested party. The data will not be further communicated or disseminated. The data will not be transferred a third country or an international organisation.


Methods of treatment - Article 13, paragraph 2, letter (a) GDPR 2016/679

The processing of personal data consists of the collection, registration, organization, storage, communication of the same data. The processing of personal data is carried out for the purposes mentioned above, in accordance with as established by Article 5 of the European Regulation on the processing of personal data, on
- in paper form,
- password-protected computer media
- by telematic means (e-mail, sms, whatsapp, Instagram, Facebook, App, Website, systems of cloud storage)
- in compliance with the rules of lawfulness, legitimacy, confidentiality and security provided for by the regulations
current.

The data will be kept for a period of time not exceeding that necessary for the purposes of for which they were collected or subsequently processed in accordance with the provisions by legal obligations.
Categories of recipients Purpose
Accounting firm Administrative, accounting and contractual obligations
Third party suppliers and associated companies Provision of services (servicing, maintenance, delivery/shipment of products, provision of additional services, providers of electronic communications networks and services) related to the provision requested
Credit and digital payment institutions, bank/postal institutions Management of receipts and payments
External professionals/consultants and consulting firms Compliance with legal obligations, exercise of rights, protection of contractual rights, debt recovery
Financial Administration, Public Bodies, Judicial Authorities, Supervisory and Control Authorities Fulfilment of legal obligations, defence of rights, lists and registers kept by public authorities or similar bodies on the basis of specific regulations, in relation to the contractual service
Persons formally delegated or having a recognised legal title Legal representatives, curators, guardians, etc.


Processing of data of the interested party (Art. 32 GDPR)
The data controller shall have adequate security measures in place to protect the confidentiality, integrity and availability of the personal data of the data subject and shall impose similar security measures on third party suppliers and data processors.


Where we process the data of the data subject
The personal data of the interested party are stored in paper, computer and telematic archives located in countries where the GDPR is applied (EU countries).


4. Rights of the interested party - Article 13, paragraph 2, letter (b) (c) (d) GDPR 2016/679
The interested party has the right to obtain access to and rectification of personal data. The interested party for legitimate reasons has the right to obtain the cancellation of the same or the limitation of the processing of personal data concerning him or to oppose their processing. For the processing of data for commercial/promotional purposes for which the consent is The interested party has the right to revoke the consent in any of the following ways moment without prejudice to the lawfulness of the processing based on the consent given beforehand. of the revocation. The interested party has the right to lodge a complaint with the supervisory authority - Guarantor for the protection of personal data.
Certified Email
In relation to the provisions of current industry legislation, the personal data listed below will be kept for the period indicated and/or for a period of time not exceeding the achievement of the purposes for which they are processed:
Data category Types of data
Personal data Data and registration documents of the applicant, 10 years
Telematic traffic data LOG of the control newspaper 10 years


5. Nature of the provision of personal data and consequences of a possible refusal to provide Reply - Article 13, paragraph 2, letter (e) (f) GDPR 2016/679
The provision of personal data is optional. Any refusal to provide them involves The impossibility to perform the professional service. Failure to give consent commercial communications has no effect on the performance of the service professional and only involves the impossibility of using services related to communications commercial.


Art. 5 Principles applicable to the processing of personal data

1. Personal data are:
a) processed in a lawful, correct and transparent manner towards the interested party (lawfulness, correctness and transparency);
collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes;
(b) further processing of personal data for the purpose of public interest storage, scientific or historical research or for statistical purposes is not, in accordance with Article 89(1), considered incompatible with its original purpose (purpose limitation);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (minimisation of data);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that they are erased or rectified promptly any data that is inaccurate in relation to the purposes for which it is processed (accuracy);
(e) kept in a form which permits identification of data subjects for no longer than attainment of the purposes for which they are processed; personal data may be kept for longer periods of time than is necessary for the purposes for which they are processed; and
The Commission will continue to monitor the implementation of this Directive in the light of the long term scientific or historical or for statistical purposes, in accordance with Article 89(1), without prejudice to the implementation of technical measures and appropriate organisational arrangements required by this Regulation to protect the rights and freedoms of the data subject (conservation limitation);
(f) processed in such a way as to ensure adequate security of personal data, including protection, by means of measures appropriate techniques and organisation, from unauthorised or unlawful processing and from the loss, distribution or accidental damage (integrity and confidentiality)

2. The data controller is responsible for compliance with paragraph 1 and is able to prove this (accountability).


Art. 13 Information to be provided if personal data are collected from the person concerned

1. In case of collection of data concerning him/her from the data subject, the data controller shall provide the data subject with the data, when the personal data obtained, the following information:
(a) the identity and contact details of the controller and, where applicable, his representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended and the legal basis for the processing;
(d) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the data controller or by third parties;
(e) any recipients or categories of recipients of the personal data;
(f) where applicable, the controller's intention to transfer personal data to a third country or to a third party international organisation and the existence or absence of an adequacy decision by the Commission, or, in the case of transfers as per art. 46 or 47, or art. 49, second paragraph, the reference to the appropriate guarantees or appropriate and the means to obtain a copy of such data or the place where they were made available.

2. In addition to the information referred to in paragraph 1, at the time when the personal data are obtained, the controller of the treatment shall provide the data subject with the following additional information necessary to ensure treatment correct and transparent:
(a) the period of retention of the personal data or, if that is not possible, the criteria used to determine that period period;
(b) the existence of the right of the data subject to request from the controller access to and rectification of personal data o the cancellation of the same or the limitation of the treatment that concern him or to oppose their treatment, beyond the right to data portability;
(c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of processing based on consent that was lent before the revocation;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and if the data subject is obliged to provide personal data as well as possible consequences of failure to provide such data;
(f) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4); and at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the data subject.

3. Where the controller intends to further process personal data for a purpose other than that of where they were collected, prior to such further processing it shall provide the data subject with information on such further processing.
purpose and any other relevant information referred to in paragraph 2:

4. Paragraphs 1, 2, 3 shall not apply if and in so far as the information is already available to the data subject.


Article 17 Right to erasure (right to be forgotten)

The interested party has the right to obtain from the owner of the treatment the cancellation of personal data concerning him without undue delay and the controller is obliged to erase the personal data without undue delay.