Information pursuant to and for the purposes of Legislative Decree 196/2003 as
amended by Legislative Decree 101/2018 and art. 13-14 of EU Reg. 2016/679
(European Regulation on the protection of personal data)
We wish to inform you that the EU Reg. 2016/679 (“European Regulation on the protection of personal data”) provides for the protection of people and other subjects and respect for the processing of personal data. Pursuant to Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and art. 13-14 of the GDPR, please find below the following information on the processing of personal data:
1. Details of the Data Protection Office
The Data Protection Office is IL SALOTTO DI PENELOPE S.R.L. C.F. / P.IVA 03743381208 con sede in Via San Felice, 116 – 40122 Bologna (BO).
All content, data, images and information present on the Website are protected under the current regulations on copyright, therefore nothing, not even in part, may be copied, modified or resold for purposes to gain profit or any other benefit.
3. Purpose, processing legal basis * for which the processing of data is intended
The data collected through the eCommerce site is data relating to the purchases made directly by the User, specifically:
– User’s personal data;
– Details of the orders placed by the User;
– Credit card details provided by Users as an accepted payment method;
– Order billing addresses;
– Order delivery address;
– Contact details (telephone number – email address – etc.);
– Text messages.
The Personal Data collected is used by the Data Controller to:
– Manage the purchases made by the User and manage the delivery of products and services: The Data Controller uses this data to receive and manage orders, provide products and services, process payments and communicate with you regarding your orders, products, services and promotional offers.
– Provide and improve the Services offered by the Owner and solve any problems connected to them: The Owner uses such data to provide functionality, analyze performance, correct errors and improve the use and efficiency of the Services offered by the Owner.
– Fulfill legal obligations: In some cases, the Data Controller is legally obliged to collect and process your personal data.
– Communicate with the User: The Data Controller uses personal data to communicate with the User regarding the services offered and requested through various channels (by telephone and e-mail).
– Prevention of fraud and credit risks: The Data Controller also uses personal data to prevent and ascertain fraud and abuse in order to protect the safety of the User. The Owner may also use credit rating indices to assess and manage credit risks.
The requested data is necessary to conclude the sale with the User and to remember the items selected in the cart, using cookies to store the products placed in the cart.
By entering data in the appropriate section, the User independently decides to buy products through the eCommerce site of the Data Controller, therefore the data is necessary to conclude the sales contract with the User.
Furthermore, by entering an email address in the appropriate space, the User can decide whether or not to subscribe to the newsletter offered by the Data Controller. The newsletter is optional, requiring the explicit consent of the User, and the registration to the same allows the User to access discounts and promotions dedicated to it. To access special discounts and promotions, the User must indicate their date of birth, as the Owner may send promotional codes and gifts on the occasion of this event. Through the contact forms made available to the user and by typing their email address in the space dedicated to receiving newsletters, the User explicitly and freely decides to click on the “Subscribe” button. This action by the User is considered by the Owner as an unequivocal expression of his consent to the registration of this service.
This site processes data based on consent. By using or consulting this site, visitors explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below.
The website may contain links to third party sites for further convenience and information. When the user uses these links, he leaves the “website” of the Data Controller and then accesses a different site. The user must remember that, even if this site contains our logo, the Data Controller does not have control over the content and is not responsible for the privacy practices of that site. It is advisable to carefully examine the privacy procedures of each site that is visited. Those sites can send their “cookies” to users, collect data or request personal information.
* The legal basis of the processing means that the source / origin / justification of the processing by law, in the fulfillment of a contract, satisfying a request from the interested party.
4. Scope of communication and dissemination of data (data recipients)
The Data Controller does not disseminate and does not transfer data subject to privacy in countries where the GDPR is not applied (non-EU countries), but your personal data could be stored outside of Italy on online platforms that adopt adequate security measures in protection matter. The Data Controller guarantees compliance with adequate security measures by its authorized personnel, its Joint Controllers and its managers who process such data.
5. Processing Methods
The data processing is carried out by way of: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The data will be processed both in manual, IT, telematic and in an automated way through software programs, with the aid of electronic tools, and stored both on IT and paper supports, and on any other suitable support, in compliance with the measures of safety standards. The Data Protection Office will promptly inform the interested parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to personal data breach notifications.
6. Duration and retention of personal data collection takes place in compliance with the principles of relevance, completeness and non-excess in relation to the purposes for which they are processed. Personal data are processed in compliance with the principles of lawfulness, correctness and transparency, required by law, with the help of tools to record and store the data and in any case in such a way as to guarantee its security and protect the maximum confidentiality of the interested. Your data may be kept even after the termination of the existing relationship, for any fulfillment related or deriving from the conclusion of the contract or pre-contract itself for the time required by current legislation, national and community, in accounting matters, tax, civil and procedural, and for a maximum of 10 years.
7. Rights of the interested party
At any time, you can exercise, pursuant to articles 15 to 22 of EU Regulation no. 2016/679, the right to:
to. request confirmation of the existence or not of your personal data;
b. obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
c. obtain the correction and deletion of data;
d. obtain the limitation of the treatment;
is. obtain data portability, i.e. receive them from a Data Protection Office, in a structured format, commonly used and readable by an automatic device, and transmit them to another Data Protection Office r without impediments;
f. oppose the treatment at any time and also in the case of treatment for direct marketing purposes;
g. oppose an automated decision-making process relating to natural persons, including profiling;
h. withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
i. send a written complaint to a supervisory authority, Guarantor for the processing of personal data Piazza di Monte Citorio n. 121 00186 ROME Fax: 06.69677.3785 Telephone switchboard: 06/696771 E-mail: firstname.lastname@example.org PEC: email@example.com
You can exercise your rights by sending an official and documentable communication using one of the following channels:
– Registered handwritten certified mail to be delivered at the registered office of the Data Protection Office;
– Sending an e-mail with notification of successful delivery and reading to the email address of the Data Protection Office company.
Before providing you with information, or modifying any information, it may be necessary to verify your identity, answer some questions and fill in an official request form that will be provided to you by the owner himself. An answer will be provided in the shortest time possible.
8. Mandatory or optional nature of the provision
The provision of data is necessary in order to be able to browse the site. The data requested on the contact form marked with * is mandatory in order for the Owner to complete the requests received, while the other fields are optional. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively received or displayed on the pages of the site set up for particular requested services
9. Cookies use
Furthermore, as in most websites, the “website” collects information relating to the navigation of your computer on our site for statistical purposes only. This is “non-personal” data as they do not allow the individual identification of the user: the data collected concerns, but is not limited to, the geographical location of your internet access provider, the type of browser you use, your IP address, the pages you visit, etc. The aggregate information that is collected makes it possible to know the frequency of your visits and to collect data on the navigation performed. Over time, this can help improve the content of the site and make it easier to use. This data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website. The companies that send content to our site and those reachable through links from our pages may, at their choice, use “cookies” even persistent on users’ computers, aimed at storing the user’s navigation data, starting from when the user clicks on the relevant link. In this case, the use of “cookies” is beyond our control. Most browsers automatically accept cookies, but it is also possible to reject them completely, or selectively accept only some of them, by acting on the preferences in your browser. If the user inhibits the loading of cookies, some components of the Site may be unavailable and certain pages may be incomplete. In the following sites you can find information on the most popular browsers and how to set them with respect to cookies: Microsoft Internet Explorer: http://www.microsoft.com/info/it/cookies.htm Netscape Navigator: http: //www.netscape .com / legal_notices / cookies.html