- INFORMATION COLLECTION
Regarding the processing of personal data, this will take place in accordance with the General Data Protection Regulation (GDPR). The Company may ask the user to send their personal information in order to get access to certain functions (such as newsletter subscriptions) or to participate in particular activities (such as promotional events and surveys). The Company may associate the information sent by the user with other personal data collected from them. The Company may also associate this information with the information received about the user from the following other sources: Google Analytics.
- SENSITIVE INFORMATION
The Company wants the user not to send, nor to disclose any personal sensitive data (e.g. personal data relating to race or ethnic origin, political opinions, religious or philosophical beliefs, health, or sexual orientation, criminal record, trade-union membership, biometrics or genetic data aimed at identifying a person in a unique way) on or through the Service or in any other way to the Company itself.
- AUTOMATIC COLLECTION AND USE OF PERSONAL DATA
The Company and its service providers may also automatically collect and use the information in the following ways:
1. From the user’s browser: the majority of browsers collect information, such as the MAC (Media Access Control) address, the type of computer (Windows or Mac), the screen resolution, the name and version of the operating system and the type and version of the Internet browser. If the user is accessing the Service from a mobile device, the Company may collect similar information, including the type of device and its identifier. The Company uses this information to verify that the Service is working properly.
2. IP Address: the IP address consists of a number that is automatically assigned to a computer by the user’s Internet service provider (Internet Service Provider, ISP). An IP address is identified and recorded automatically in the company’s server log files whenever users access the Service, together with the date and time of the visit and the pages visited. Collecting IP addresses is normal practice and it is carried out automatically by many on-line services. The IP addresses are used by the Company for various purposes, for instance to calculate the levels of use of the Service, to diagnose server problems and manage the Service. From the IP address the Company may also determine the approximate location of the user.
3. Information about the device: the company may collect information about the user’s mobile device, such as the unique device identifier, in order to understand how the user utilises the Service.
- HOW DOES THE COMPANY USE AND DISCLOSE PERSONAL DATA?
The company uses and discloses personal data in accordance with the general data protection regulation (GDPR). The user may exercise their rights as specified in the section entitled User’s rights. If required by the applicable laws in force, the Company shall take steps to obtain the user’s consent to the use of their personal data at the time of collection.
- DATA USE
The data may be used to manage the Company’s contractual relationship with the user and/or to fulfil a legal obligation. The data may be used, both with the consent of the user as well as in the company’s legitimate interest, to fulfil a legal obligation and in relation to the following purposes and relations.
1. Regarding user relationships (for example):
– to accommodate the user’s requests in order to provide them with customer service assistance;
– to answer questions and meet the requirements of the user, for example to send them documents requested or commercial or technical information via e-mail;
– to send them information regarding conditions and disclosures and/or other administrative information.
2. In order to achieve its business purposes (for example):
– To analyse the data, for example, in order to improve the efficiency of the Service.
– For checks, in order to verify that its internal processes work as they should and comply with legal, regulatory or contractual requirements. For the purposes of monitoring fraud and security, for example, to detect and prevent IT attacks or attempts to commit identity theft.
– For the development of new products and services.
– To enhance, improve or change its website or its products and services.
– To identify trends in the use of the Service, for example, thanks to an understanding of which parts of its Service are more attractive to users.
– Lastly, to determine the effectiveness of its promotional campaigns, in order to be able to adapt them to the needs and interests of its users.
3. For the analysis of personal information in order to provide customised services (for example):
– In order to better understand the user, in order to customise their interaction with the Service and provide them with information and/or offers tailored to their interests.
– In order to better understand the preferences of the user, in order to offer, through the Service, contents deemed by the company to be relevant and attractive to the user.
7. DATA DISCLOSURE
The Company discloses the information collected through the Service:
– to third-party companies for the sole purpose of customer assistance, maintenance and service operation
– business partners for any statistical, customer assistance and product improvement purposes
– to its service providers, including hosting and moderation of the website, hosting of mobile applications, data analysis, payment processing, delivery of orders, supply of infrastructure, IT services, customer service, delivery services for e-mail and regular mail, audit services and other functions that allow them to provide such services;
– in accordance with the provisions of the applicable laws in force, to third parties in the event of reorganisation, merger, sale, sharing in joint venture, assignment, transfer, or other provision of all or part of the business, the assets or shares of the Company (also in relation to bankruptcy or similar proceedings). The company may also use and disclose the user’s information when it deems it necessary or appropriate to:
(a) to comply with a legal process or with the applicable laws in force, including laws outside the country of residence of the user;
(b) in accordance with the provisions of the applicable laws in force, to respond to requests from public and governmental authorities, including those located outside the country of residence of the user;
(c) to comply with its terms and conditions; and
(d) to protect its rights, privacy, security or property and/or those of its subsidiaries, of the user or of others. In addition, with the consent of the user, the Company may use and disclose the user’s personal data in other ways.
The Company may use and disclose the personal data collected automatically, as previously described. In addition, where permitted by the applicable laws in force, the Company may use and disclose information that is not personally identifiable, for any purpose. If the Company associates non personally identifiable information with personal data (for example, by associating the name of the user with their geographical position), such associated information will be considered personal data for as long as the information remains associated.
- USER’S RIGHTS
The user may at any time exercise the rights envisaged by Art. 7 of the Privacy Code, in order to obtain confirmation as to the existence or otherwise of their personal data and to know their content and origin, to verify their accuracy or request their supplementation or updating, or amendment. Pursuant to the provisions of the same article, the User may also ask for the deletion, transformation into anonymous form or blockage of the data processed in violation of the law, as well as to object to their processing, for legitimate reasons.
The user may refuse explicitly to receive marketing communications from the Company: to stop receiving further marketing communications from the Company, the user may revoke their consent by contacting the Company via e-mail at the address firstname.lastname@example.org. Alternatively, to revoke their consent to receiving marketing e-mails from the Company, the user may follow the relevant instructions contained in every e-mail message. The Company will strive to meet the user’s request(s) in the shortest possible time. If the user decides to revoke their consent to the services described above, the Company will be unable to delete their personal data from the databases of its subsidiaries with whom such personal information had previously been shared (i.e., starting from the date on which the company renders the user’s request to revoke their consent effective). In addition, if the user decides to revoke their consent to receiving marketing messages from the Company, the latter may still send their important administrative messages and those regarding business operations, which the user cannot be exempted from receiving.
- HOW TO MANAGE YOUR PERSONAL DATA
To consult, correct, update or delete personal data or to request an electronic copy of their personal data for the purpose of transmitting it to another company (to the extent that these rights are permitted by the applicable laws in force), the user may contact us via e-mail at the address email@example.com. The company will respond to the user’s request in the shortest possible time.
- INTERNATIONAL TRANSFERS
The user’s personal data may be stored and processed in any country in which the company has facilities or service providers and, using the Service, this personal data may be transferred to countries outside their country of residence, including the United States, which may have different regulations for the protection of personal data compared to those in their own country. The Company implements contractual measures and other adequate guarantees for the protection of personal data when the same are transferred to subsidiaries or to third parties in other countries. For certain countries outside the European Economic Area (EEA), the European Commission acknowledges the achievement of an adequate level of personal data protection on the basis of the EEA standards (a complete list of these countries is available here (https://www.garanteprivacy.it/regolamentoue/trasferimenti-di-dati-verso-paesi-terzi-e-organismi-internazionali). For transfers from the European Economic Area to countries not considered to be adequate by the European Commission, the Company ensures that adequate security measures are taken, including the measure whereby the recipient is bound by [Standard EU contractual clauses, EU-US Privacy Shield Certification or a code of conduct or certification approved by the EU] for the protection of personal data. The user may obtain a copy of these measures by contacting our Personal Data Processor, as set out in the section entitled “Contact us” below.
The Company attempts to implement reasonable organizational, technical and administrative measures designed to protect the personal data under its control. If the user has reason to believe that their interaction with the Company is no longer secure, they are obliged to inform the Company itself immediately, by contacting it according to the instructions provided in the section entitled “Contact us” below.
- DATA STORAGE PERIOD
The company will store the user’s personal data for the amount of time necessary or permitted, for the purposes for which the personal data were obtained. The criteria used to establish the data storage periods include:
(i) the full duration of the relationship between the company and the user and of the provision of the Service to the user;
(ii) the possible existence of a legal obligation to which the company is subject; and
(iii) the opportunity of storage in light of the company’s legal position (for instance, with regard to the applicable laws in force relating to limitations, litigation or regulatory investigations).
For example, the Company will collect the user’s personal data for profiling and communication and will keep such data for a period of 6 months from registration. However, keep in mind that this list of data storage periods is not exhaustive. The user’s personal information may be stored for a longer period, in accordance with the criteria specified in the first paragraph of this section, in particular in points (ii) and (iii).
- WEBSITES AND THIRD-PARTY SERVICES
- CONTACT US