Privacy Policy

Aste di Antiquariato Boetto s.r.l. with headquarters at Mura dello Zerbino 10R 16122 Genova (GE) as the data controller wishes to inform you on how the personal data acquired will be processed, as provided for by D. Lgs.
n.
196/2003 “Privacy Code” and by the new European Regulation no.
679/2016 “GDPR” regarding the protection of personal data, applicable as of May 25, 2018.

1. Owner and data controllers

The Data Controller is Aste di Antiquariato Boetto s.r.l. with headquarters at Mura dello Zerbino 10R 16122 Genova (GE) (Hereinafter also the Data Controller or Data Processor) and to exercise rights or communications regarding privacy provides the email address: infoprivacy@asteboetto.it.

The list of data processors, is kept at the Controller’s office and can be requested at infoprivacy@asteboetto.it.

2. Purpose of processing.

A) The personal information you provide is processed without explicit consent for:

Perform services for you (goods estimation, sales services, brokerage services);
Allow you to participate in telematic or physical auctions;
Managing access to the Web site www.asteboetto.it;
Store them in archives;
Issue invoices;
Comply with any legal and regulatory requirements;
To otherwise fulfill any obligation required by law, community regulations or an order of the Authority;
Exercise the rights of the Owner, such as the right of defense in court.

B) Only with your specific and separate consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR):

for the purpose of sending you via e-mail, sms, mms, telephone contacts, social networks, instant message, mobile applications, banners, fax, mail and telephone, for the promotion and/or sale of products and/or services and advertising material on products or services offered by the Owner.
For subscription in newsletters for marketing purposes of the data controller.

3. Personal data collected

The Owner processes, in accordance with this policy, the data provided, including;

(a) data, including personal and contact information, tax, images of documents useful for participation in auctions;

(b) the data provided when requesting information and assistance;

The above data are processed only to the extent necessary to achieve the purposes described in paragraph 2 of this policy.

4. Method of treatment.

The processing of your data is carried out by means of the operations indicated in Art.
4 Privacy Code and art.
4 n.
2 GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, use, blocking, communication, deletion and destruction of data.
Your personal data are subject to both paper and electronic and/or automated processing.
Personal data in electronic format are stored on local or remote servers, however within the EU, protected and encrypted, and copies of such data will be stored in encrypted and protected format on local devices and/or cloud servers within the EU for security purposes at the data holding (backup copies).

5. Legal basis for processing

The provision of personal data for the Purposes of using the services in point 2A is mandatory as it is necessary for the purposes of using specific services offered by the owner.
The provision of personal data for the Purpose of Law is mandatory as it is required under applicable laws.
In the event that the Client objects to the processing for the purposes in point 2A, he/she will not be able to take advantage of the services made available by the owner.

Pursuing Legitimate Interest, the Controller may send communications regarding services related to previous purchases by the data subject.

Processing of personal data for Marketing Purposes is optional and subject to explicit consent as referred to in 2B).

6. Disclosure of data

Without the need for express consent (ex art. 24 lett.
a),
b), d) Privacy Code and art. 6 lett.
b) and
c) GDPR), the Data Controller may communicate your data for the purposes set out in Art. 2.A) to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom communication is obligatory by law for the fulfillment of the said purposes. These parties will process the data in their capacity as autonomous data controllers.

Your data will also not be disclosed to third parties who have not been authorized by you in writing.

7. Data transfer

The Data Controller assures as of now that the transfer of data outside the EU will not take place under any circumstances unless the transfer is compulsory by law in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

You also have the right to data portability (Articles 16-21 GDPR) upon your express written request in the manner in Article 10.

8. Rights of the data subject

As a data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR and specifically the rights to:

I. to obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

II. Getting the indication: (a) of the origin of personal data; (b) of the purposes and methods of processing; (c) of the logic applied in the case of processing carried out with the aid of electronic instruments; (d) of the identification details of the owner, managers and designated representative under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; (e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them, as managers or appointees;

III. obtain: (a) updating, rectifying, supplementing data; (b) the deletion, blocking of data processed in violation of the law; (c) certification that the transactions referred to in subparagraphs. (a) and (b) have been brought to the attention (data breach), including with regard to their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected;

IV. object, in whole or in part: a) on legitimate grounds to the processing of personal data concerning you, even if relevant to the purpose of collection;

b) to the processing of personal data about you for the purpose of sending commercial material such as quotations and offers to purchase material.

Where applicable, he/she also has the rights set forth in Articles 16-21 GDPR (Right to rectification, Right to be forgotten, Right to restriction of processing, Right to data portability, Right to object), as well as the right to complain to the Supervisory Authoritỳ Garante.

9. Duration of treatment.

The Controller will process personal data the duration necessary to fulfill the above purposes and in any case:

data will be exclusively retained and not processed for 10 years after the termination of the relationship due to the mandatory retention of tax data associated with invoices;
unprocessed upon your express request for blocking, cancellation or deletion of processing for the Purposes in Art. 2.B;
untreated after 10 years since the last contact occurred.

10. Ways of exercising rights

For rectification, updating, blocking, attestation for letters A or B, the data subject may exercise rights at any time by explicit request to the owner, without too much unnecessary formality, or by sending an e-mail to infoprivacy@asteboetto.it.

On the other hand, the right to data deletion, the right to art20 GDPR, right to data portability to third parties must be expressed in writing, explicit, clear and with a handwritten signature.

11. Owner, manager and appointees

The Data Controller is Aste di Antiquariato Boetto s.r.l.

Your data may be made accessible for the purposes̀ referred to in Art. 2.A) and 2.B) to employees and collaborators of the Controller, in their capacitỳ as data processors and/or controllers and/or system administrators;

tò third-party companies such as credit institutions, professional firms, consultants who perform activities̀ in outsourcing on behalf of the Data Controller, in their capacitỳ as external data controllers.

The updated list of external data controllers is kept at the Data Controller’s office and can be requested by sending an e-mail request to infoprivacy@asteboetto.it.