INFORMATION NOTICE PURSUANT TO ARTICLES 13-14 OF EU REGULATION NO. 2016/679 ON THE PROCESSING OF PERSONAL DATA

Dear User,
T BLUSTAR S.R.L. hereby informs you that, pursuant to and in accordance with Articles 13 and 14 of the European Regulation No. 2016/679 (GDPR), the data acquired and/or provided by you will be processed in compliance with the regulations referenced below.

ROLES
The Data Controller is: T BLUSTAR S.R.L., Via Trentino Alto Adige, 6, Poggibonsi 53036 SI, accounting@tblustar.com.

PROCESSING METHODS
Processing includes, for example, operations such as the collection, recording, organization, storage, retrieval, consultation, use, communication, and deletion of personal data. It is carried out for the aforementioned purposes in accordance with the principles set out in Article 5 of GDPR No. 2016/679, including lawfulness, fairness, transparency, data minimization, and accuracy.
Data is processed using telephone, paper-based, digital, and telematic methods. Processing is conducted with appropriate tools and adequate technical and organizational measures to ensure security, integrity, and confidentiality, particularly to prevent the risks of data loss, unauthorized access, unlawful use, or disclosure. This is in compliance with Article 32 of GDPR No. 2016/679, by authorized personnel and in accordance with the provisions of Article 29 of GDPR No. 2016/679 and Article 2-quaterdecies of the Italian Privacy Code.

NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO PROVIDE DATA
The provision of data for mandatory purposes does not require explicit consent. Without such data, we will not be able to provide our services. The provision of data for other purposes is optional and requires your explicit consent. If consent is not given, you will not receive newsletters, informational materials, or commercial communications regarding services offered by the Data Controller or third-party companies. However, you will still have access to our services.
We process your personal information only when there is a legal basis for such processing. The legal bases include:
Your consent to the processing activities in question;
Compliance with legal obligations that we are required to meet;
The execution of rules dictated by laws or regulations, or by contracts, agreements, or other legal instruments;
Studies conducted by research institutions, preferably on anonymized personal data;
The execution of a contract and its pre-contractual obligations if you are a party to such a contract; The exercise of our rights in court, administrative proceedings, or arbitration;
The defense or protection of your physical safety or that of a third party;
Our legitimate interest, provided that your rights and fundamental freedoms do not override such interests; The protection of health within procedures implemented by healthcare entities or professionals; Credit protection.

DATA ACCESS
Your data may be made accessible for the purposes outlined below:
To employees and collaborators of the Data Controller in their capacity as data processors and/or system administrators;
To third-party companies or other entities (e.g., professional firms, consultants, software providers for management systems, credit institutions, insurance companies, etc.) that perform outsourced activities on behalf of the Data Controller as external data processors.
Among the personal data collected by this website, either independently or through third parties, there are: tracking tools, usage data, name, email, website, unique advertising device identifiers (such as Google Advertiser ID or IDFA), number of users, city, device information, session statistics, browser information, responses to questions, clicks, keypress events, motion sensor events, mouse movements, scrolling position, and touch events.

DATA DISCLOSURE
The Data Controller may disclose your data to public authorities, regulatory bodies, and/or judicial authorities, as well as to all other entities to whom disclosure is mandatory or necessary by law. Your data will not be disseminated.

DATA RETENTION
All personal data provided will be processed in compliance with the principles of lawfulness, fairness, relevance, and proportionality, using only the necessary methods, including digital and telematic tools, to achieve the purposes described above. Personal data will be retained for a period of six (6) years after the last contact with the data subject or until a request for deletion is made. In such cases, data related to the legitimate interest of the Data Controller or necessary for legal compliance may still be retained. Information management systems are configured from the outset to minimize the use of personal data.

DATA SUBJECT RIGHTS
As a data subject, you have the rights outlined in Articles 15 and following, and Article 77 of the GDPR, including the right to:

  • Obtain confirmation from the Data Controller as to whether or not personal data concerning you is being processed and, if so, access the personal data and the following information:
    The purposes of the processing;
    The categories of personal data concerned;
    The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly if recipients are in third countries or international organizations;
    Where possible, the expected period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
    Where personal data is not collected from the data subject, any available information regarding its source;
    The existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic involved, as well as the significance and anticipated consequences of such processing for the data subject. 
  • Obtain the rectification of inaccurate personal data concerning you without undue delay. Considering the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement;
  • Obtain information from the Data Controller regarding your personal data without undue delay if one of the following applies:
    The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    You withdraw consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing;
    You object to the processing pursuant to Article 21(1), and there are no overriding legitimate grounds for processing, or you object to the processing pursuant to Article 21(2);
    The personal data has been unlawfully processed;
    The personal data must be erased to comply with a legal obligation under Union or Member State law to which the Data Controller is subject.
  • Obtain restriction of processing when one of the following applies:
    You contest the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such data;
    The processing is unlawful, and you oppose the erasure of personal data and request the restriction of its use instead;
    The Data Controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims;
    You have objected to processing pursuant to Article 21(1), pending verification of whether the legitimate grounds of the Data Controller override yours.
  • Receive personal data concerning you in a structured, commonly used, and machine-readable format and have the right to transmit such data to another Data Controller without hindrance where processing is carried out by automated means. In exercising your right to data portability, you have the right to have personal data transmitted directly from one Data Controller to another, where technically feasible;
  • Object at any time, for reasons related to their particular situation, to the processing of personal data concerning them pursuant to Article 6, paragraph 1, letters e) or f), including profiling based on these provisions. If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such purposes, including profiling to the extent that it is related to such marketing.
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
  • Lodge a complaint with a supervisory authority pursuant to Article 77 GDPR.

EXERCISING YOUR RIGHTS
You can exercise your rights at any time by contacting the Data Controller at the following email address: accounting@tblustar.com

EXTERNAL PROCESSORS AND AUTHORIZED PERSONNEL
The updated list of external data processors and authorized personnel is kept at the registered office of the Data Controller.

CHANGES TO THIS PRIVACY POLICY
This privacy policy was drafted on February 7, 2025, and may be subject to changes over time due to legislative or regulatory updates. The data subject is encouraged to consult this page frequently.

Icons by Athlantic S.r.l. licensed under CC BY 4.0. Free to use without removing this mention.