Personal data collected
Content and information provided voluntarily by the User
- 1. Content and information provided voluntarily by the User
- Data relating to our business relationship with you, such as the types of products and services that may be to your interest, product preferences and contact details, languages, creditworthiness, marketing preferences and demographics.
Information about the way you interact with us, such as purchases, enquiries, customer account information, order and contract information, delivery information, billing and banking information, tax information, transaction and correspondence history, and information about the way you use and interact with our website. The User assumes responsibility for the Personal Data of third parties published or shared through this application and guarantees that he/she has the right to communicate or disseminate them, releasing the owner of the website from any liability towards third parties.
If the processing of Personal Data is based on the User's consent, the User may revoke it at any time.
- 2. Data and content acquired automatically during use of the application
- Technical data: the computer systems and software procedures used to operate this application may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with Data held by third parties, allow users to be identified. This category includes IP addresses or domain names used by Users connecting to the application, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained, etc.
- Use data: Data relating to the use of the website by the User may also be collected, such as the pages visited, the actions performed, the functions and services used.
- Personal data collected through cookies or similar technologies
- The Personal Data collected is used to provide services to the User or to sell products, including payment and delivery. The Personal Data collected to finalize payment may be that relating to the credit card, bank account used for the transfer or other payment instruments provided. The Payment Data collected by this website depends on the payment system used. Fulfillment of orders for products or services and related activities, such as delivery of products and services, customer service, maintaining accounting records and invoices, training and support activities, updating products and sending security warnings, as well as providing other services related to purchases.
- Managing our contractual obligations and customer relationships, in particular managing customer interactions, handling complaints, providing after-sales service, analysing and improving the products and services we offer, providing information about our products or services and communicating special offers and promotions.
- The protection of our company's websites, networks, systems and locations, and protection against fraud.
- Managing our day-to-day business needs, such as payment processing, accounting and financial management, product development, contract management, website administration, compliance, corporate governance, audits, reporting and compliance.
- Management of support and contact requests.
- Mailing List or Newsletter.
- Payment management.
- Interaction with live chat platforms.
- Interaction with social networks and external platforms.
The processing of Personal Data is carried out by computer and/or electronically, with organisational methods and logics strictly related to the indicated purposes. The data collected are processed in order to establish relationships with users, in particular to respond to emails received from contacts on the site or requests for information sent via forms. The data received will be stored on electronic devices, contact lists, software also for possible future communications between the parties. The personal data collected will not be disclosed or communicated to third parties, except in the cases provided for in the information notice and/or by law and, in any case, in the manner permitted by the latter.
4. Legal Basis
The Controller processes Personal Data relating to the User in the event that one of the following conditions is met
- the User has given consent for one or more specific purposes;
- the processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures;
- the processing is necessary for the performance of a legal obligation to which the Controller is subject;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of public powers vested in the Controller;
- the processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing operation.
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller at the following email address firstname.lastname@example.org. The third parties, subsidiaries and affiliates to whom we may disclose your personal data may be located in other countries; therefore, it is possible that data may be transmitted to countries where the privacy protection rules are different from those of your country of residence. In such cases, we will take appropriate measures to ensure that your personal data receives an adequate level of protection; these measures include our Binding Corporate Rules, which set out strict requirements for the processing of personal data that we collect and process worldwide, as well as standard contractual terms to protect your personal data.
6. Protection Measures
The Processing is carried out according to methods and with instruments suitable to guarantee the security and confidentiality of the Data, the Data Controller having adopted adequate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, unauthorised access and any other form of unlawful processing. Access to personal data is limited to authorised recipients who have a legitimate reason to know. We operate a comprehensive information security programme that is proportionate to the risks associated with the processing. This programme is periodically reviewed in order to mitigate operational risks and to protect personal data in view of accepted industry practices. We also adopt enhanced security measures for the processing of sensitive personal data. How we protect the personal data we process on behalf of our customers (as data controllers): In some cases, we process personal data as a service on behalf of our customers (as data controllers). In these cases, we collect and process personal data according to the customer's instructions, and we do not use or disclose it for our own purposes. We adopt information security control measures to protect the data collected in this way and undertake to communicate or transfer personal data only in accordance with the customer's instructions or to provide the requested service. Unless otherwise instructed by customers, the personal data we process on their behalf is processed in line with our disclosure and transfer commitments.
7. Period of Data Retention
The Data Controller will process Personal Data for the time necessary to fulfil the purposes indicated above and for the time necessary to perform the service requested by the User. When the processing of Personal Data is necessary for the pursuit of a legitimate interest of the Controller, the Personal Data will be kept until such interest is satisfied. Where the processing of Personal Data is based on the User's consent, the Controller may retain the Personal Data until revocation. Personal Data may be kept for a longer period if necessary to comply with a legal obligation or by order of an authority. All Personal Data will be deleted at the end of the retention period. Upon expiry of this period, the right of access, deletion, rectification and the right to data portability may no longer be exercised. The Data Controller will process Personal Data for the time necessary to fulfill the purposes indicated above and for the time necessary to perform the service requested by the User.
8. Data Recipients
- Third parties: we may use third parties to provide or perform services and functions on our behalf. We may make personal data available to these third parties for the purposes of performing these services and functions. Any such processing of personal data will be subject to our instructions and consistent with the original purpose.
- Required by law: We may make personal data about individuals available to public or judicial authorities, law enforcement agencies or other bodies required by law, for example, for national security or law enforcement purposes, as well as to authorities and courts in the countries in which we operate. To the extent permitted by law, we may also disclose such information to third parties (including legal counsel) as necessary to advance, exercise or defend against legal claims or otherwise enforce our rights, to protect our property or the rights, property or safety of others, or as necessary to support external audit, compliance and corporate governance functions. The data may be processed by external parties acting in their capacity as data controllers, such as, but not limited to, authorities and supervisory and control bodies and, in general, public or private parties entitled to request the data, as well as persons, companies, associations or professional firms providing assistance and advice.
- The data may be processed by the employees of the company functions assigned to the pursuit of the above-mentioned purposes, who have been expressly authorised to process the data and have received adequate operating instructions.
- The data may also be processed by external parties designated as data processors, who are given appropriate operating instructions. These parties are essentially included in the following categories:
- companies that offer e-mail sending services;
- companies that offer website and information system maintenance services;
- companies that offer support in carrying out market studies;
- companies that provide management and maintenance services of the database of the Joint Holders.
Your data may be processed, if you give your explicit consent, by third parties to whom the data is disclosed. The updated list of Data Processors and Joint Data Processors can be requested by emailing
9. Automated Decision Making Process
All Data collected will not be subject to any automated decision-making process that may produce legal effects for the individual or that may significantly affect the individual.
10. User Rights
Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, the User has the right to:
- revoke consent at any time
- object to the processing of their Data
- access their Data
- verify and request rectification
- obtain the limitation of the processing
- obtain the deletion or removal of your Personal Data
- receive your Data or have them transferred to another data controller;
- lodge a complaint with the data protection supervisory authority and/or take legal action.
In order to exercise their rights, Users may address their request to our Privacy Office by writing to email@example.com at the contact details of the Data Controller indicated in this document. Requests are made free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.
11. Policies Cookies
12. Consent and Revocation of Consent