Notice pursuant to European privacy laws - Regulation (EU) 2016/679 – “GDPR”
The following Notice is issued pursuant to the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data ("GDPR"). This document contains a description of all the processing carried out by the Data Controller, as defined below, through the Website: https://www.scatoladeltempo.com
Please note that the Notice only concerns the Website; therefore, any web page to which the User may be redirected from the Website is deemed to be excluded.
THE DATA CONTROLLER
The Data Controller is: Scatola del Tempo S.r.l.
For any information or to exercise the rights referred to Articles from 15 to 22 of EU Regulation No. 2016/679, you can contact the owner at the following addresses:
Address: Via Don Luigi Sturzo 65 – 22066 Mariano Comense (CO);
tel: +39 031 360982;
email: gdpr@scatoladeltempo.com
GENERAL INFORMATION VALID FOR ANY TREATMENT
All the treatments carried out through this Website are based on the principles of lawfulness, correctness and transparency.
At any time, it is possible to exercise the rights set forth in the above-mentioned law articles by explicitly requesting to the Data Controller or the external Data Controller Officer. Furthermore, it is possible to request precise information about the subjects that process the data on behalf of the Data Controller (managers, assignees, etc ...).
During the treatment operations, a level of protection and confidentiality will be guaranteed in compliance with the provisions of art. 32 of the GDPR.
In the event that the Website should use personal information for purposes other than those established in this statement, the User will be asked for a specific consent.
SPECIFIC INFORMATION IN RELATION TO EVERY KIND OF PROCESSING
a. Browsing data: we can collect information on the services displayed and / or used by the User, as well as on how to use them (for example when the User interacts with our content). This category of data includes IP addresses or domain names of computers and terminals used by users, the URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used in the submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data, necessary for the use of web services, are also processed for the purpose of:- To obtain statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
- To check the correct functioning of the services offered.
The navigation data do not persist for more than seven days and are canceled immediately after their aggregation (except for any need for the investigation of crimes by the Judicial Authority).
b. Cookies and similar technologies: Our Website use different technologies to collect and store information when one of our services is visited. This could include the use of cookies and/or similar technologies to identify the User's browser or device; we also use these technologies to collect and store information when the User interacts and/or purchases our services and/or the services of our partners. For more information, visit our Cookie Policy.
d. Data use for promotional purposes: The Website allows the User to be constantly updated about new offered products, promotions and/or offers through the User's email communication (correlated by the relative consent to the processing for marketing purposes). Only with the express consent of the User, the Website may use the personal provided information which is non-compulsory to send personalized promotional communications. The provision of data for Marketing purposes is optional: The User could therefore decide not to grant any data or subsequently to deny the possibility of processing data already provided; in this case, he may not receive newsletters, commercial communications and advertising material relating to the services offered by the Data Controller. The information collected for this purpose will be kept for 24 months.
e. Registration on the Website: it takes place by creating a profile (which is associated with a user name and a password chosen by the user) linked to the user's e-mail address; the provision of data is not mandatory, but it is strictly essential for the conclusion of the registration and to be able to use the services reserved for registered users, therefore, a refusal to communicate such data is equivalent to the impossibility to complete the registration. The personal data communicated and not strictly necessary for registration will be used for statistical analysis and profiling, as well as to improve the service offered by the Website. The information collected for this purpose will be kept until the user requests cancellation.
f. Registration and online purchases: The data that we request to insert in our online store through various forms to be filled out, are collected in order to finalize the purchase operations (products and/or services for post-service assistance) that can be placed in our Website. To conclude the transactions, only personal information such as name, surname, shipping address, billing address will be required; the obligatory fields are marked with the symbol *. Other personal data such as mobile or landline numbers are not considered as obligatory; however, they may be useful to allow us to provide the best possible assistance. Any refusal to send us own fixed personal data during registration will make it impossible for the holder to complete the purchase transactions. The information collected for this purpose will be kept until the User’s request of cancellation. Invoicing data will be stored within the legal term period (10 years). If the User applies the personal profile to make purchases, the legal basis is the need to fulfill the obligations of a contract or pre-contract of which the involved User is a part (art. 6.1b). In the case of purchase without registration, the legal basis is the legitimate interest of the data controller (Article 6.1f). In all other cases, explicit consent will be requested to the interested party on which the legal basis for processing will be related (Article 6.1a).
INFORMATION WE SHARE
The Website provides personal data to third parties in the following cases:
A - With the User’s consent: The Website, in case of need to share sensitive personal data with companies, organizations and persons unrelated to the Website itself, requires the User’s authorization;
B - To domain administrators: the domain administrator and/or third-party resellers who provide assistance in using the service, may have access to the personal data of the interested party;
C - For external treatments: The Website provides personal information to its affiliates and/or companies and/or trusted persons to treat them according to the provided instructions and in compliance with the privacy regulations applied by the Website itself (as well as in respect of any other appropriate measures related to confidentiality and security);
D - For legal reasons: The Website provides personal information to companies, organizations and/or people who are not part of the Website team if it believes that access, use, protection or disclosure of such information is necessary for:
- Respecting the laws or regulations in force, a judicial procedure and/or a mandatory government request;
- Applying the current terms of service, including measurements regarding potential violations;
- Detecting, preventing or managing fraudulent activities or problems relating to safety or technical nature;
- Protecting the rights, property and/or security of the Website, our Users or the community, as required and permitted by the Law.
The Website may share information that do not allow personal identification with its partners, for example to show trends related to the general use of our services and/or purchase preferences.
Should the Website Owner be involved in a merger, acquisition and/or transfer, the same will continue to guarantee the privacy of personal information and will notify interested Users of the transfer of personal information or the application of privacy regulations different from those here adopted.
PARTIES TO WHICH THE DATA COULD BE COMMUNICATED
Where necessary, the communication of the data will be carried out only towards competent authorities, trusted subjects appointed by the Website Owner for the performance of technical and/or organizational tasks (legal, accounting, tax and consulting services, etc...).
Personal data are not subject to disclosure.
USER’S RIGHTS (Arts 15-21 EU Regulation 679/2016)
1. The interested party has the right to obtain confirmation that his or her personal data is being processed, even if not yet recorded, and their communication in an intelligible form.
2. The interested party has the right to obtain access to personal data and to the following information:
A - the indication:
- about the purpose of the processing;
- about the categories of personal data in question;
- about the recipients or categories of recipients to whom personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
- about the foreseen period of storage of the personal data or the criteria used to determine this period;
- about the existence of the right of the interested party to request the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their processing;
- about the right to issue a complaint with a supervisory authority;
- if the data are not collected from the interested party about all available information on their origin;
- about the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the used logic, as well as the expected importance and consequences of this treatment for the interested party.
B - the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
C - the cancellation of personal data concerning the User without unjustified delay; the data controller has the obligation to cancel personal data without unjustified delay if one of the following reasons exists:
- personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- the interested party revokes the consent on which the treatment is based and if there is no other legal basis for the treatment;
- the User opposes the processing and there is no legitimate prevailing reason to proceed with the processing;
- personal data have been processed illegally;
- personal data must be deleted in order to fulfill a legal obligation provided by the EU law or the Member State to which the data controller is subject;
- personal data has been collected regarding the offer of services of information society.
D - the limitation of processing when one of the following hypotheses occurs:
- the User complaints about the accuracy of the personal data during the period necessary for the data controller to verify the accuracy of such personal data;
- the processing is illegal and the User opposes the removal of personal data and requests instead that its use is limited;
- although the User no longer needs personal data for the purposes of processing, details could be necessary to ascertain, exercise or defend a right in court;
- the interested party has opposed the processing as pending the verification regarding the possible prevalence of the legitimate reasons of the data controller in relation to the interested party’ ones.
- the User who has obtained the limitation of the treatment is informed by the data controller before the said limitation is revoked.
3. The data controller shall inform each of the recipients who received the personal data about any adjustments or cancellations or limitations of the processing.
4. The User has the right to receive in a structured format, commonly used and readable by automatic devices, his personal data which were provided to a data controller, and has the right to transmit such data to another data controller without impediment. In exercising his rights with respect to data portability, the User has the right to obtain direct transmission of personal data from one data controller to the other, if technically feasible.
5. The User has the right to oppose:
- at any time and for reasons related to his particular situation, to the processing of personal data, including profiling. The data controller refrains from further processing of personal data unless he demonstrates the existence of legitimate strong reasons for processing data and that prevail over the interests, rights and freedoms of the User or for the verification, exercise or defense of a right in Court;
- if personal data are processed for direct marketing purposes, including profiling to the extent that is connected to such direct marketing;
- if the User opposes the processing for direct marketing purposes, the personal data are no longer processed for these uses.