PRIVACY INFORMATION (GDPR)
In compliance with the obligations deriving from national legislation (Legislative Decree 30 June 2003 No. 196, Code for the protection of personal data) and Community, (European Regulation for the protection of personal data No. 679/2016, GDPR) and subsequent changes, we inform you that this site respects and protects the privacy of visitors and users, putting in place every effort possible and proportionate to not affect the rights of the same.
We believe that the user must know the purposes and the type of data collected, so that he can exercise adequate control on both areas.
This site engages in the application of the current legislation from the perspective of a “by default” protection, withholding only personal data to the extent necessary and sufficient for the intended purposes and for the period strictly necessary for such purposes, and “by design “, Designing the privacy function and preventing any problems in the design field.
1 – Legal basis of processing
This site processes personal data based on consent. With the use or consultation of this site users and visitors explicitly approve this privacy statement and consent to the processing of their personal data in the manner and for the purposes described below, including any disclosure to third parties if necessary for the provision of a service.
The provision of data, and therefore the consent to the collection and processing, is for the interested party: unequivocal; free; specific; informed; verifiable; revocable.
To comply with the above parameters we inform you that:
- consent to the collection and processing of personal data requested and related to the purchase and use of our products is essential for this purpose, it can be revoked in the manner indicated by sending an email to firstname.lastname@example.org, however revoke the consent involves the impossibility of providing services and the termination of the services themselves
• on the other hand, the provision of data, and therefore the consent to the collection and processing of the same for additional purposes (see point 2), with respect to the purpose referred to in the preceding paragraph, is optional, the user can refuse consent or can revoke it in the manner indicated by sending an email to email@example.com, however, deny or revoke the consent may make it impossible to receive the services to which the processing of personal data requested is connected.
From 25 May 2018 (date of entry into force of the GDPR), this site will treat some of the data also on the basis of the legitimate interests of the data controller in respect of the interests, rights and fundamental freedoms of the data subject, taking into account the reasonable expectations of the same on the basis of the relationship with the data controller (Recital 47 of the European General Regulations).
2 – Data collected and purposes
Like all websites, this site also makes use of log files in which information collected in an automated manner is kept during user visits.
The processing of personal data is intended as enunciative but not exhaustive: registration, storage, organization, communication, consultation, selection, extraction, comparison, processing, use, blocking, cancellation / destruction, transfer / dissemination, archiving, interconnection or combination of two or more of the described operations, as well as any necessary and / or useful activity, connected and instrumental to the supply of the services offered.
In the main, therefore, the data will be processed for the management of services booked by the customer, as well as for any technical, administrative and commercial communications, by sending newsletters.
Furthermore, the processing of data collected by the site is aimed at the following additional purposes:
– Statistics and Security
The collection of data and information for this purpose takes place in an exclusively aggregated and anonymous way to verify the correct and proper functioning of the site, to improve the service and the online purchasing system and the platform. None of this information is related to the physical person / user of the site, and does not in any way allow identification.
Furthermore, the collection of data and information is carried out in order to protect the security of the site and users (through spam filters, firewalls, virus detection) and to prevent or unmask fraud or abuse to the detriment of our site. The data are recorded automatically and may possibly also include digital identification data (IP address) that could be used, in compliance with the laws in force, in order to block attempts to damage the site itself or to damage other users, or in any case harmful activities or constituting a crime. These data are never used for the identification or profiling of the User and are deleted periodically within 12 months.
– Shopping / Supply services
The collection of data and processing of the same applies to manage orders, provide products and services, process payments, communicate with users about orders, products, services and promotional offers, update the records and, in general, manage the account users and recommend products and services, provide maintenance and assistance notices, send newsletters for commercial purposes.
– Accessory activities
Communicate the data to third parties who perform functions necessary or instrumental to the operation of the service, and to allow you to perform technical, logistical and other activities on our behalf.
This site uses suppliers to carry out certain activities, such as processing orders, providing assistance, making payments with credit cards and providing services to customers. Providers only have access to the personal data that are necessary to perform their duties, and undertake not to use the data for other purposes, and are required to process personal data in accordance with applicable regulations. This category of data is retained only for the period of time necessary for the provision of the service.
3 – Data collected
This site collects and processes user data in an automated and voluntary manner as follows.
– Data provided voluntarily
The site can collect other personal data to take advantage of the various services offered such as commenting, communication, purchase.
The site undertakes to guarantee the proportionality and strict necessity of the data processing request by the owner to the user.
The data are:
• name and surname;
• date of birth;
• email address;
• address of physical residence;
• VAT number and / or tax code number;
• credit card number and / or current account number and / or IBAN;
• company and headquarters;
• copies of identity documents.
These data are voluntarily given by the User when requesting services, or entering the comment in the chat, and will be used exclusively for the provision of the service requested and processed only for the time necessary to provide the service.
Fiscal and bank data are necessary in order to take advantage of paid services, and for billing purposes.
The data collected from the site, outside the purposes and the regulation of this information, are not provided to third parties, unless they are informative obligations according to law, of legitimate request by the Judicial Authority and the obligations of cooperation with the control authorities. However, the aforementioned data may be provided to third parties if necessary for the provision of a specific service requested by the User or for tax purposes or for the performance of security checks or site optimization.
4 – Data retention period
The data collected are processed for the period necessary for the purposes for which they were collected, and in any case no later than 12 months from the termination of the service to allow disposal and cancellation.
The data necessary for tax purposes are kept until the assessments relating to the corresponding tax period are established, therefore for at least 10 years and more if the relative annuity is not yet prescribed for tax purposes.
At the expiry date the data will be deleted or anonymised, unless there are other purposes for the conservation of the same, in particular the onset of judicial and extrajudicial litigation.
5 – Transfer of data collected to third parties and countries outside the EU
The personal data of the users / customers are an essential component of our work and the assignment to third parties is not part of our activities. However, this site, in carrying out its activities, and in the performance of the services requested by users may have to transfer some data to third parties who perform specific tasks instrumental and linked to those of the site, including: order processing (eg, data analysis, credit card payments, etc.).
The owner guarantees that the third parties (partners, suppliers, etc.) have access only to the data necessary for the performance of their specific task and that they are transferred to them in compliance with the law.
For “necessary data”, for the purposes of transfer, we mean: personal identification data, address, company name, tax code / VAT number, address, in special cases attaching identity document for registration of domains in particular countries.
Where the holder needs to transfer the aforementioned data to third parties belonging to EU law or belonging to non-EU countries in relation to which a decision of adequacy pursuant to art. 44 and ss of the GDPR in force since 25/5/18 (Andorra, Argentina, Canada, Faer Oer, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay, USA – Privacy Shield, subject to updates and changes) these parties are obliged to process data in accordance with the law, without liability for the holder / assignor.
The data controller, in order to execute the contract and guarantee the services, may need to transfer the aforementioned data to third parties belonging to countries outside the EU for which the level of data protection is not guaranteed according to the regulations for which there could be risk of treatment not in accordance with the European regulation and the law of personal data supplied; of such risk, the User assumes responsibility for the holder / assignor.
In the case of transfer of company or production units or corporate connection and control, the personal data of the Clients fall within the corporate assets transferred, but remain subject to the commitments envisaged in this Information, except for requests for new consent.
We accept no responsibility for the collection, use, disclosure of information or other privacy related procedures operated by third parties (affiliates, partners, third-party service providers, trustees, etc.). The user has direct protection against these third parties.
6 – Cookie
Cookies allow us to verify the correct functioning of the site and to improve its functionality or to simplify navigation by automating the procedures (eg Login, site language) and for the analysis of the site’s use by visitors.
This site uses the following cookie categories:
Cookies in this category include both persistent cookies and session cookies. They allow us to distinguish between the connected users, preventing a service from being provided to the wrong User and therefore resulting from an express request from the user, and are also used for security purposes. of the site and of the users themselves. In the absence of such cookies, the site or some parts of it may not work properly. Cookies in this category are always sent from our domain, and no consent is required for them.
Cookies in this category are used to gather information on the correct use of the site and on the behavior of users for statistical analysis purposes, to improve the site and simplify its use.
This type of cookie collects anonymous information on the activity of users on the site and the way in which they arrived at the site and the pages visited. Cookies in this category are sent from the site itself or from third-party domains.
Generally the tracking of users does not imply identification of the same, unless the User is already registered for the service and is not already logged in, in which case it means that the User has already expressed his consent directly to the third party at the time of subscription to the relevant service (eg Facebook).
– Google Analytics: web analysis tool used in order to allow us to examine the use of the site by users, to compile reports on site activities and user behavior, to check how often users visit the site, how the site is traced and which pages are visited most frequently. The information is combined by Google with information collected from other sites in order to create a comparative picture of the use of the site compared to other sites of the same category.
Data collected: browser identification, date and time of interaction with the site, page of origin, IP. Place of data processing: USA. The data collected do not allow personal identification of users, and are not intersected with other information relating to the same person. They are treated in an aggregate and anonymised form (truncated to the last octet). Under a specific agreement, Google Inc. is prohibited from crossing this data with those obtained from other services. For more information on cookies sent through Google Analytics: https://www.google.com/analytics/learn/privacy.html . The user can disable Google Analytics by installing on his browser an additional component provided by Google Inc .: https://tools.google.com/dlpage/gaoptout
6.2 – Refusal or revocation of consent to cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: http://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
THE DISABILITY OF COOKIES COULD PREVENT THE CORRECT USE OF SOME FUNCTIONS OF THE SITE, in particular the services provided by third parties may not be accessible, and therefore may not be viewable.
7 – Security measures
The Data Controller processes the data of visitors / users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data, as well as illegal use of data. The processing is carried out through IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated, and the data are stored and stored in secure facilities with access restrictions. Access to information is strictly limited to authorized personnel. The website is constantly monitored to check for security breaches and to ensure that information is secure. In addition to the owner, in some cases, they may have access to the data categories of persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects. Our servers are protected with complex passwords, security modules, firewalls, antispam, periodic virus scans and network traffic monitoring. It is important that you take appropriate protection against unauthorized access to your password and your computer. Always make sure you are disconnected when using a computer shared with other users.
8 – Rights of the User
Pursuant to art. 7 of Legislative Decree 30 June 2003, n. 196 and of the General Regulations for the protection of personal data, the User can, according to the methods and within the limits established by current legislation:
- Oppose in whole or in part, for legitimate reasons, to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
• Request confirmation of the existence of personal data concerning him;
• Know the origin;
• Receive intelligible communication;
• Having information about the logic, methods and purposes of the processing;
• Request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
• Exercise the right to the portability of the data provided, making them available to users in an accessible and structured format, commonly used and readable by an automatic device, at the request of the interested party;
• Exercise the right to portability also by direct transfer of data to a new Data Controller at the request of the interested party;
• Deletion of data no longer necessary for the purpose or beyond the deadline;
• The right to lodge a complaint with the Supervisory Authority (Data Protection Authority);
• As well as, more generally, exercise all the rights that are recognized by the current provisions of the law.
- Exercise of user rights and various requests
All requests must be sent to the Data Controller by sending an email to firstname.lastname@example.org or by registered letter to the registered office of the company located in Via Alfredo de Luca 63 – Ischia (NA)
The request will be processed within 1 month of receipt.
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information to: email@example.com
- Rights of minors
If the user / visitor is less than 16 years old, the consent referred to in this statement and therefore to the processing of personal data will be provided by the parents or those who protect the child by sending a fax to +39.081984358 or to the following pec: firstname.lastname@example.org
12 – Updates