Information on the processing of personal data pursuant to Articles no. 13 and no. 14 of the Regulation (EU) 2016/679
we kindly ask you to carefully read the present information on the processing of your personal data.
The data controller of personal data is the Company (hereinafter, the “Data Controller”).
Personal data processed
“Personal data” (hereinafter, the “Data”) means, pursuant to Article no. 4, paragraph no. 1, of the GDPR, any information concerning an identified or identifiable natural person (hereinafter, the “Data Subject”), for example a name, an identification number, a location data, an online identifier or one or more characteristic elements of his or her physical, physiological, psychological, economic, cultural or social identity.
The Data processed by the Data Controller, provided directly or indirectly by the Data Subject, include the following:
- first and last name, e-mail address, telephone number, delivery address (home and/or residence) for purchased products and billing address;
- user or account information, including password and user ID number;
- personal information, including the purchase history of the Data Subject;
- information on the type of payment method used by the Data Subject in order to purchase the products marketed by the Data Controller;
- personal preferences and tastes.
In addition, the Data Controller may process special categories of Data pursuant to Article no. 9 of the GDPR, namely the Data concerning the health status of the Data Subject (for instance, the existence of diabetic pathologies, and so on). The processing of such special categories of Data, acquired directly from the Data Subject, is necessarily subordinated to the acquisition of the preliminary consent (optional and revokable at any time) of the Data Subject.
The Data automatically processed by the Data Controller are internet surfing data. The computer systems and software procedures designed for the functioning of the Websites, during their normal operation, acquire certain Data whose transmission is implicit in the use of Internet communication protocols. This category of Data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of the websites from which access was made, information on the pages visited by users within the Websites, the time of access, the length of time spent on the individual page, the analysis of internal routing and other parameters relating to the operating system and the IT environment of the Data Subject.
Finally, please note that the Data Controller may also collect Data through the publication by the Data Subject of contributions (containing his/her Data) on social networks managed autonomously by third parties, such as, by way of example but not limited to, Facebook, Instagram, LinkedIn, YouTube, etc. (hereinafter, the “Social Networks”). By “contributions “ we mean images, comments, catchphrases associated with the subject of the sites/apps, contents and any other information designed and published by the Data Subjects on the pages of the Social Networks dedicated to the products marketed by the Owner. The publication of contributions may also take place by means of a pseudonym (“nickname”) chosen by the Data Subject during the registration to the site/app, and possibly the image associated with that nickname. In choosing the nickname and the image associated with it, the Data Subject remains the only responsible party for any harm caused to third parties.
Purposes and legal basis
The purposes at the basis of the processing of Data may be summarised in the following terms:
- purposes related and instrumental to the conclusion and the execution of the contractual relationship. The legal basis of this processing is the execution of a contract in which the Data Subject is a party;
- purposes related to the fulfilment of obligations provided for by national and/or EU regulations issued by the Authorities empowered for this purpose. The legal basis for this processing is a legal obligation;
- profiling purposes. The legal basis for this processing is the consent of the Data Subject, which is optional and revocable at any time;
- marketing purposes. The legal basis for this processing is the consent of the Data Subject, which is optional and revocable at any time;
- sending periodic newsletters. The legal basis for this processing is the consent of the Data Subject, which is optional and revocable at any time.
The submission of Data for the purposes (1) and (2) is necessary; any refusal to give consent to such processing will entail the impossibility of establishing and continuing the contractual relationship. The submission of Data for the purposes (3), (4) and (5) is, on the other hand, optional; any refusal to give consent to such processing will not invalidate the contractual relationship but will preclude only the possibility of being informed of promotional initiatives and products offered by the Data Controller and/or third parties.
Rights of the Data Subject
The Data Subject has the right to exercise his/her rights in the ways and within the limits provided for by the GDPR.
More specifically, the Data Subject has the right to request from the Data Controller:
- the rectification: he/she may request the rectification or integration of the Data provided or otherwise held by the Data Controller, in case of inaccuracy;
- the deletion: he/she may request that his/her Data acquired or processed by the Data Controller be deleted, if they are no longer necessary for the original purposes or if there are no disputes or litigations outstanding, in case of revocation of consent or opposition to processing, in case of unlawful processing, or if there is a legal obligation to delete them;
- the restriction: the Data Subject may request the restriction of the processing of Data, if one of the conditions set out in Article no. 18 of the GDPR will applicable; in this case, the Data will only be processed, with the exception of storage, only with the consent of the Data Subject or for the reasons referred to in the same Article in paragraph no. 2;
- the objection: the Data Subject may object at any time to the processing of the Data on the basis of a legitimate interest, unless there are legitimate reasons for the Data Controller to proceed with the processing which override his/her own, for example, for the exercise or the defence of the Data Controller in judicial proceedings; if the Data are processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of Data relating to him/her carried out for such purposes;
- the portability: the Data Subject may request to receive the Data, or to transmit them to another data controller indicated by him/her, in a structured, commonly used and machine-readable format.
Furthermore, pursuant to Article no. 7, paragraph no. 3, of the GDPR, the Data Subject may at any time exercise his or her right to withdraw the consent given for marketing and/or profiling purposes, without prejudice to the lawfulness of the processing based on the consent previously given. To exercise such rights, notify problems or request clarifications on the processing of his/her Data, the Data Subject must submit a written request to the Data Controller at the following addresses:
- by e-mail, to the address: firstname.lastname@example.org;
- by certified e-mail, to the address: email@example.com;
- by post to the address: Corso Europa no. 13, (20122) Milan (MI).
Finally, the Data Subject has the right to complain to the Supervisory Authority, namely the Italian Personal Data Protection Authority (for further information, please refer to the following link: www.garanteprivacy.it).
Updates and Changes