ARTICLES 13-14 OF EU REGULATION 2016/679
A data privacy notice or statement must be provided to the data subject prior to or concurrently with the moment when personal data are collected from him/her. Where personal data are not collected directly from the data subject, the privacy notice must be provided within a reasonable period of time, or alternatively at the time the data are communicated (but not recorded) to third parties or to the data subject. The undersigned organisation, the Data Controller, makes known the following policy, pursuant to the General Regulation for the Protection of Personal Data of Natural Persons (GDPR - Regulation (EU) 2016/679),
SOURCES AND CATEGORIES OF PERSONAL DATA
Personal data held by the undersigned organisation are gathered directly from data subjects. This Website does NOT also collect special categories of data ("sensitive” data), i.e. personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of trade unions or religious, philosophical, political or trade union associations or organisations, and revealing health-related data and sex life/orientation data;
Computer systems and software procedures that serve to keep the website operational collect - as part of their normal operation and only for the duration of the connection - certain personal and/or pseudonymous data whose transmission is implicit in the use of Internet communication protocols. Such information is not collected in order to be associated to identified data subjects, but could by its very nature enable users to be identified by means of processing and association with data held by third parties. This category includes IP addresses or the domain names of computers used by users who connect to the Website, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numeric code indicating the response status from the server (successful, error, etc.) and other parameters related to the user's operating system and computer environment. These data are used for exclusively to obtain anonymous statistical information on website usage, and also to verify its proper operation; they are deleted immediately after processing. The personal data collected could be used to ascertain liability for computer crimes committed to the detriment of the website.
Like other websites, this Website saves cookies on the browser used by the data subject to transmit information of a personal nature and to enhance the user experience. Cookies are small text-only strings of data that websites visited transmit to the user’s terminal (usually to the browser), where they are stored (sometimes for significant periods) and later sent back to the websites in question when the user next visits them.
As explained below, one can choose whether to accept cookies and which cookies to accept, bearing in mind that refusing to accept their use could compromise the ability to execute certain transactions on the Website or the accuracy and adequacy of certain customisable content offered, or undermine the recognisability of the user from one visit to the next. If no choice is made, the default settings will apply and all cookies will be activated: you may, however, notify or change your choices at any time.
VOLUNTARILY PROVIDED USER DATA
If a sender optionally, voluntarily and explicitly transmits e-mails to the addresses indicated on this Website, the sender's email address and also any other personal data included in the message will thereby be acquired, which is a precondition to responding to any requests made. The explicit and voluntary transmission of forms containing the relevant subject’s data, that can be completed on the Website, also involves data processing operations with a view to fulfilling pre-contractual obligations or providing services linked to the transmission of said forms. Such information contained in forms may include personal particulars, contact details, telephone numbers, e-mail addresses of data subjects and of identified and identifiable third party assignees of the user accessing the Website. Specific summary information will be progressively reported or displayed on the website pages dedicated to special services on request.
NEWSLETTER AND MAILING-LIST
E-mail contacts used to send communications from the Website are based on the recipient signing up voluntarily (a request for confirmation is always sent to the latter), and also based on information acquired when products or services of the Data Controller are being sold, or analogous products or services. This includes the transmission of information, promotional communications and material. Note that contacts are not obtained from public lists of subscribers. If the recipient is not interested in receiving the communications, future contacts can be cancelled by clicking on the relevant link contained in each message, or by writing to the address given at the bottom of the page and exercising one's right to unsubscribe from the newsletter.
WORK WITH US
You can send your application for a job position by sending your details and an updated CV, including an authorisation to process personal data.
The payment system requires the communication of certain data to the bank that provides the service (Paypal, GPay). The data requested are freely provided by the data subject: some of these (Name, Surname, e-mail) are mandatory; others are optional (e.g. the order transaction description, notes...).
This involves data processed for the management of shopping carts, of orders and of any registered user profile. The data requested are freely provided by the data subject: some of these (Name, Surname, shipping address, telephone or e-mail contact) are mandatory; others are optional (e.g. the order transaction description, notes...). Personal data provided will also be processed by delegated third parties (home delivery, mailing preparation and data entry companies) for the administrative management of orders and purchases; the processing of anonymous statistics to help reveal purchasing behaviour; the transmission of advertising material relating to products and offers through the possible use of e-mail or telephone messages, subject to the data subject’s consent.
The information that the user uploads in the reserved area is protected using encryption and authentication systems and is accessible only to authorised users, i.e. the data subject him- or herself and/or intermediaries involved. This information is not disseminated.
PURPOSES AND LEGAL BASIS OF THE DATA PROCESSING
Personal data are used (see Article 6(1)b) of the GDPR):
- to permit navigation on the Website and
- to potentially implement the service or performance requested as part of the undersigned organisation's normal activities.
Furthermore, all personal data may be processed:
- for purposes related to obligations provided for by applicable laws and also by provisions issued by legally authorised authorities (see Article 6(1)c) and 9(2)b), g), h) of the GDPR);
- for ascertaining, exercising or defending a right or entitlement of the undersigned organisation in judicial or extra-judicial proceedings (legitimate interest) (see Articles Article 6(1)f) and 9(2)(f) of the GDPR);
- for direct marketing purposes, based on the legitimate interest of the Data Controller in particular; for cookies, advertising ids used to show advertisements and announcements; for e-mail addresses to send messages instrumental to the provision of services; for navigation and usage logs to protect the Website and the service from cyber-attacks; in such cases the data subject can always withhold his/her consent, and the Data Controller will be required not to process the data concerned (see Article6(1)(f) of the GDPR);
- for purposes instrumental to the activity to which the data subject can consent or withhold consent, such as e.g. subscribing to the newsletter to receive information messages and promote and sell products and services, customer satisfaction surveys, communication of data to third parties to receive promotional and informational and marketing communications (see Article 6(1)(a) of the GDPR);
- with the consent of the data subject, for profiling of the data subject (see Article 6(1)(a) of the GDPR).
CONSEQUENCES OF REFUSING a DATA PROVISION
The provision of personal and pseudonymous data, collected from the data subject, is optional but necessary in order to process such data for the purposes indicated in letters a) and b) above. If data subjects do not communicate their necessary data and do not consent to data processing, it will not be possible to provide and implement the services proposed and to fulfil the contractual obligations undertaken, so that the fulfilment of regulatory obligations e.g. accounting, fiscal and administrative obligations etc. will as a consequence be compromised.
Apart from what was indicated in relation to navigation data, the user is free to provide personal data for cookies and specific requests by using forms e.g. for products and/or services. Failure to provide such data may make it impossible to fulfil requests made. For all non-essential data, including special categories of data, the data provision is optional. If consent is not forthcoming or if incomplete or mistaken data are provided, including from special categories of data, such unsatisfactory compliance could cause detriment or lead to sanctions or loss of benefits, due to the impossibility of ensuring that the data processing operations conform to the requisite obligations, and also due to the possible non-correspondence of data processing results to obligations imposed by applicable legislative and regulatory provisions, and the undersigned organisation shall be deemed exempt from all liability to sanctions or measures imposing legal burdens of any kind.
DATA PROCESSING METHODS
The data processing operations associated with the Website's web services are carried out using automated tools only for the period of time that is strictly necessary to achieve the purposes for which such data have been gathered; they take place on the server in Italy or in the EU and are handled exclusively by technical staff in charge of data processing, or by persons in charge of maintenance and administration operations. Specific data security measures are used to prevent and avert the loss of data, unlawful or incorrect use or unauthorised access, and to prevent loss of confidentiality. The facility is fitted out with anti-intrusion, firewall, log and disaster recovery devices. Specific mechanisms are used to encrypt and segregate data and to authenticate and authorise users.
Data processing means the collection, recording, organisation, storage, processing, modification, erasure and destruction of data, or the combination of two or more of these operations. Personal data are processed, for the purposes indicated above, using manual, IT or telecommunications means or tools, applying logics that are strictly related to those purposes and, in any case, in a way that ensures the secure and confidential processing of such data which will, therefore, be processed in accordance with the procedures indicated in Article 5 of Reg. (EU) 2016/679, which provides, among other things, that the data must be processed lawfully and correctly, collected and recorded for specific, explicit and lawful purposes, and must be accurate and kept up to date as necessary and be relevant, complete and not go beyond the purposes of the data processing, thereby respecting fundamental rights and freedoms and the dignity of the data subject concerned - particularly the latter’s confidentiality and personal identity, by ensuring suitable data protection and security measures are adopted. The undersigned organisation has arranged and will further improve the data security system for accessing and storing data.
Automated decision-making procedures are not carried out (e.g. profiling).
TRANSFERS OUTSIDE THE EU and DATA RETENTION PERIOD
Data processing operations take place in non-EU and non-EEA countries, when connections to the Website originate from these countries (at the request of the data subject located there).
Personal data will be retained, in general, for as long as the purpose of the data processing continues, based on the category of data processed.
Personal data (only absolutely necessary data) are communicated
- to data processors and to data handlers, both inside and outside the undersigned organisation, who carry out specific tasks and functions (site administration, analysis of browsing data and traffic and profiling data, management of e-mails and forms sent voluntarily by the user, processing of e-commerce requests and orders, etc.)
- in the cases and to the persons provided for by law.
CATEGORIES OF RECIPIENT
The data will not be disseminated or disclosed save as otherwise provided for by law, or after anonymisation. Without prejudice to the provisions applicable to cookies and third party elements, only services that do not provide for communications to third parties will be able to be provided without the data subject's prior general consent to such communications. If necessary, specific and precise consents will be requested, and those who receive personal data shall use them in the capacity of independent data controllers.
In certain cases (extraneous to the ordinary management of this Website), the Authority may request information under applicable legal rules in order to monitor personal data processing operations. A response must be received in such cases, otherwise a monetary penalty may apply.
RIGHTS OF THE DATA SUBJECT
You may, at any time, exercise your rights against the Data Controller (access, correction, erasure, limitation, portability, opposition, waiver of automated decision-making processes) when provided for, pursuant to the provisions of Articles 15 to 22 of the GDPR (link to the standard); file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it); if the processing is based on your consent, revoke such consent, although such revocation cannot compromise the legitimacy of data processing operations already carried out based on consent given prior to the revocation.
DESTABILISATION OF COOKIES
Almost all browsers offer the possibility of managing and not enabling cookies, so that users’ preferences may be respected. In some browsers rules can be set to manage cookies on a site-by-site basis, which gives the user more control over his/her data privacy; another feature available on some browsers is the incognito mode, which erases all cookies created after the session is closed.
The following instructions are available for cookie management in the relevant browsers:
Our service is not offered to people under the age of 18.
We do not knowingly collect personal identification particulars from persons under the age of 18. Please contact us if you are a parent or guardian and are aware that your child has provided us with personal data. If we learn that we have collected personal data from minors without ascertaining parental consent, we will act to remove such information from our servers.
The Data Controller is Rudy Profumi SRL.
The headquarters is in Via Einstein 4 20057, Assago, Milan, Italy.
Our contact details are: telephone +390248844436; e-mail firstname.lastname@example.org
The full list of data processors is available on request.