Personal Data Processing Notice
The personal data of users is processed by CREA 3D S.R.L., VAT: 07957380723 | Tax Code: 07957380723, which is the data controller, in compliance with the principles of personal data protection established by GDPR Regulation 2016/679 and applicable national legislation.
Bartolomeo Paparella, Tax Code: PPRBTL89T18L109Q
Source of Personal Data
Personal data is collected by CREA 3D S.R.L. from:
Methods and Purposes of Data Processing
Your data will be processed using the following means:
- Mixed – electronic and paper-based
For the following purposes:
Compliance with legal obligations related to commercial relationships
General customer analysis
Approval of financial statements
Procurement
Promotional activities
Preparation, printing, packaging, and sending of invoices
Provision of products and services
Management of disputes (contracts, orders, deliveries, invoices)
Personnel management
Customer management (contracts, orders, shipments, invoices)
Sending courtesy communications and/or promotional/informative materials
Marketing (market analysis and surveys)
Offering goods and services via mailing lists
Profiling for promotional purposes
Planning activities (work planning and monitoring)
Promotion of editorial products and marketing
Contractual relationships with clients/suppliers
Market research, statistical studies, and customer satisfaction surveys on products
Customer satisfaction assessments
Consumer and user protection services
Payment acceptance services
Electronic payment instruments (credit and debit cards, e-money)
Mail-order or telephone sales
Specifically, for the purposes listed below, user data will be processed ONLY with explicit consent:
Legal Basis
The legal bases for processing common data, according to Article 6 of the GDPR, are:
The legal bases for processing special categories of personal data, according to Article 9 of the GDPR, are:
The company processes optional user data based on consent, through explicit acceptance of this privacy policy and according to the described purposes and methods.
Security and Spam Protection Services
Spam Protection (Google reCAPTCHA)
To protect the submission of contact forms and ensure that interactions on the website are performed by real users and not by automated scripts (bots), this website uses the Google reCAPTCHA v3 service, provided by Google Ireland Limited (for users in the European Economic Area) or Google LLC (USA).
- Purpose of processing:The service analyzes user behavior on the website (mouse movements, time spent on the page, IP address, and browser configuration) in order to generate a reliability score. This processing is necessary to prevent fraudulent activities, spam, and abuse of our systems.
- Legal basis:
The processing is based on the Legitimate Interest of the Data Controller (Art. 6, para. 1, lit. f of the GDPR) to ensure the security of the website and the proper receipt of communications.
- Data collected and transfer: The use of reCAPTCHA involves the transmission of data to Google’s servers. Such data may include the IP address and other hardware/software information necessary for Google to provide the service. For EU users, the data is handled in accordance with the applicable legal frameworks for the transfer of data to third countries (Data Privacy Framework).
- Further information:For details on how Google processes data, please consult Google’s Privacy Policy and the related Terms of Service.
Categories of Recipients
Except for communications required to fulfil legal or contractual obligations, all collected and processed data may be shared exclusively for the above purposes with the following recipients:
Banks and financial institutions
Call centres for customer support
Consultants and professionals (individually or in associations)
Authorised personnel
External managers
Internal managers
Companies and enterprises
Categories of Personal Data
According to Article 14 of the GDPR, when data is not obtained directly from the user, the categories of personal data processed include:
Tax identification codes and other personal identification numbers (health cards)
Identification data (company name or individual’s full name, address, phone, fax, email, tax information, etc.)
Data related to economic and commercial activities
Behavioural data (user, consumer, or taxpayer profiling; personality and character traits)
Name, address, or other identifying elements (name, surname, age, gender, place and date of birth, home or work address)
Other personal data
Data Retention Period
Data will be retained for the duration necessary to carry out the commercial relationship in place and for ten years thereafter from the date of acquisition.
Rights of the Data Subject
In accordance with EU Regulation 679/2016 (GDPR) and applicable national legislation, the data subject can exercise the following rights, under the methods and limits provided by law:
Request confirmation of the existence of personal data concerning them (right of access – Article 15 GDPR)
Know the origin of the data
Receive intelligible communication of the data
Obtain information on the logic, methods, and purposes of processing
Request updating, correction, integration, deletion, anonymisation, or blocking of data processed in violation of the law, including data no longer necessary for the purposes for which it was collected (right to rectification and erasure – Articles 16 and 17 GDPR)
Right to restrict or object to the processing of their data (Article 18 GDPR)
Right to revoke consent
Right to data portability (Article 20 GDPR)
For processing based on consent, receive their data in a structured, machine-readable format and in a commonly used electronic format
Right to lodge a complaint with the Supervisory Authority (right of access – Article 15 GDPR)
