Disclosure pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council
Council of 27 April 2016 on the protection of individuals with regard to the protection of their health and
safety at work the processing of personal data (for brevity GDPR 2016/679)
Aritsts and/or Users' rights
1. Owner and controllers - Article 13, paragraph 1, point (a) (b) GDPR 2016/679
The data controller is Appink Srls
The joint partners of Appink SRLS are responsible for the data processing.
to whom you can contact via e-mail email@example.com to exercise the rights recognized by the
GDPR and to know the updated list of all data processors.
2. Purpose of treatment - Article 13, paragraph 1, point (c) (d) GDPR 2016/679
The personal data you provide may only be used for the following purposes:
- management of Aristi's personal data;
- execution of the professional service requested;
- sending of service communication;
- in case of consent, sending commercial communications;
- management of e-mail addresses of registered users only with interest in using the function "Reviews"
No further processing based on the legitimate interests pursued by the holder of the
||Types of data
- Name, surname, physical address, nationality, province and municipality
of residence, fixed and/or mobile telephone, fax, tax code, e-mail
address(es) P. VAT if Artist.
- Nickname and email address if User.
||iban, bank/postal/credit card details, if applicable.
|Telematic traffic data
Log, IP address of origin. (these data will be processed only in the event of
incorrect use of the application only to users / artists who do not comply
with the rules set out in the conditions of use)
|Other Special Data
||If supplied and authorized.
3. Communication and dissemination of data - Article 13, paragraph 1, point (e) (f) GDPR 2016/679
The data may only be communicated to the person concerned and to persons explicitly indicated in
the data sheet. by the interested party. The data will not be further communicated or disseminated.
The data will not be transferred a third country or an international organisation.
Methods of treatment - Article 13, paragraph 2, letter (a) GDPR 2016/679
The processing of personal data consists of the collection, registration, organization,
storage, communication of the same data. The processing of personal data is carried out for the
purposes mentioned above, in accordance with as established by Article 5 of the European
Regulation on the processing of personal data, on
- in paper form,
- password-protected computer media
- by telematic means (e-mail, sms, whatsapp, Instagram, Facebook, App, Website, systems of cloud storage)
- in compliance with the rules of lawfulness, legitimacy, confidentiality and security provided for by the regulations
The data will be kept for a period of time not exceeding that necessary for the purposes of
for which they were collected or subsequently processed in accordance with the provisions
by legal obligations.
|Categories of recipients
||Administrative, accounting and contractual obligations
|Third party suppliers and associated companies
Provision of services (servicing, maintenance, delivery/shipment
of products, provision of additional services, providers of
electronic communications networks and services) related to the
|Credit and digital payment institutions, bank/postal institutions
||Management of receipts and payments
|External professionals/consultants and consulting firms
||Compliance with legal obligations, exercise of rights, protection of contractual rights, debt recovery
Public Bodies, Judicial
Authorities, Supervisory and
Fulfilment of legal obligations, defence of rights, lists and registers
kept by public authorities or similar bodies on the basis of specific
regulations, in relation to the contractual service
|Persons formally delegated or having a recognised legal title
||Legal representatives, curators, guardians, etc.
Processing of data of the interested party (Art. 32 GDPR)
The data controller shall have adequate security measures in place to protect the confidentiality,
integrity and availability of the personal data of the data subject and shall impose similar security
measures on third party suppliers and data processors.
Where we process the data of the data subject
The personal data of the interested party are stored in paper, computer and telematic archives
located in countries where the GDPR is applied (EU countries).
4. Rights of the interested party - Article 13, paragraph 2, letter (b) (c) (d) GDPR 2016/679
The interested party has the right to obtain access to and rectification of personal data.
The interested party for legitimate reasons has the right to obtain the cancellation of the same or the
limitation of the processing of personal data concerning him or to oppose their processing.
For the processing of data for commercial/promotional purposes for which the consent is
The interested party has the right to revoke the consent in any of the following ways
moment without prejudice to the lawfulness of the processing based on the consent given
beforehand. of the revocation. The interested party has the right to lodge a complaint with the
supervisory authority - Guarantor for the protection of personal data.
In relation to the provisions of current industry legislation, the personal data listed below
will be kept for the period indicated and/or for a period of time not exceeding the achievement of
the purposes for which they are processed:
||Types of data
||Data and registration documents of the applicant, 10 years
|Telematic traffic data
||LOG of the control newspaper 10 years
5. Nature of the provision of personal data and consequences of a possible refusal to provide Reply - Article 13, paragraph 2, letter (e) (f) GDPR 2016/679
The provision of personal data is optional. Any refusal to provide them involves
The impossibility to perform the professional service. Failure to give consent
commercial communications has no effect on the performance of the service
professional and only involves the impossibility of using services related to communications
Art. 5 Principles applicable to the processing of personal data
1. Personal data are:
a) processed in a lawful, correct and transparent manner towards the interested party (lawfulness, correctness and
collected for specific, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible
with these purposes;
(b) further processing of personal data for the purpose of public interest storage, scientific or historical research
or for statistical purposes is not, in accordance with Article 89(1), considered incompatible with its original purpose
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
(minimisation of data);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that they are erased or
rectified promptly any data that is inaccurate in relation to the purposes for which it is processed (accuracy);
(e) kept in a form which permits identification of data subjects for no longer than
attainment of the purposes for which they are processed; personal data may be kept for longer periods of time than is
necessary for the purposes for which they are processed; and
The Commission will continue to monitor the implementation of this Directive in the light of the long term
scientific or historical or for statistical purposes, in accordance with Article 89(1), without prejudice to the
implementation of technical measures and appropriate organisational arrangements required by this Regulation to protect the rights and freedoms of the data
subject (conservation limitation);
(f) processed in such a way as to ensure adequate security of personal data, including protection, by means of measures
appropriate techniques and organisation, from unauthorised or unlawful processing and from the loss, distribution or
accidental damage (integrity and confidentiality)
2. The data controller is responsible for compliance with paragraph 1 and is able to prove this (accountability).
Art. 13 Information to be provided if personal data are collected from the person concerned
1. In case of collection of data concerning him/her from the data subject, the data controller shall provide the data
subject with the data, when the personal data obtained, the following information:
(a) the identity and contact details of the controller and, where applicable, his representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended and the legal basis for the processing;
(d) where the processing is based on Article 6(1)(f), the legitimate interests pursued by the data controller or by third parties;
(e) any recipients or categories of recipients of the personal data;
(f) where applicable, the controller's intention to transfer personal data to a third country or to a third party
international organisation and the existence or absence of an adequacy decision by the Commission, or,
in the case of transfers as per art. 46 or 47, or art. 49, second paragraph, the reference to the appropriate guarantees
or appropriate and the means to obtain a copy of such data or the place where they were made available.
2. In addition to the information referred to in paragraph 1, at the time when the personal data are obtained, the
controller of the treatment shall provide the data subject with the following additional information necessary to ensure treatment
correct and transparent:
(a) the period of retention of the personal data or, if that is not possible, the criteria used to determine that period
(b) the existence of the right of the data subject to request from the controller access to and rectification of personal data
o the cancellation of the same or the limitation of the treatment that concern him or to oppose their treatment, beyond
the right to data portability;
(c) where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to
withdraw consent at any time without prejudice to the lawfulness of processing based on consent that was lent before the revocation;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the communication of personal data is a legal or contractual obligation or a necessary requirement for the
conclusion of a contract, and if the data subject is obliged to provide personal data as well as possible
consequences of failure to provide such data;
(f) the existence of an automated decision-making process, including profiling as referred to in Article 22(1) and (4);
and at least in such cases, significant information on the logic used, as well as the importance and expected
consequences of such treatment for the data subject.
3. Where the controller intends to further process personal data for a purpose other than that of
where they were collected, prior to such further processing it shall provide the data subject with information on such
purpose and any other relevant information referred to in paragraph 2:
4. Paragraphs 1, 2, 3 shall not apply if and in so far as the information is already available to the data subject.
Article 17 Right to erasure (right to be forgotten)
The interested party has the right to obtain from the owner of the treatment the cancellation of personal data concerning
him without undue delay and the controller is obliged to erase the personal data without undue delay.