Information pursuant to EU Regulation 2016/679(“GDPR”)
Last update [18-07-2019]
1. TREATMENT OF DATA
Franco Liberali Impresa Individuale in the person of his legally representative pro-tempore, with registered office in Tollo, via Don Morosini 33, C.F. and P.IVA n. 02664990690 (referred as the “Company “, “us”, “our”, “we”).
We have appointed a Data Protection Officer in accordance with art. Article 37 of the General Data Protection Regulation No. 2016/679 (“GDPR”). We remind you that you can at any time contact the DPO and send any question or request regarding your personal data and the respect for your privacy by writing to the following email address firstname.lastname@example.org.
Your personal data may be disclosed to our employees or collaborators, belonging to the categories of administrative, commercial, legal and accounting employees or IT administrators, which, according to the processing, acting under our direct authority, are appointed in charge of the processing and receive appropriate operational instructions in this regard. Among the recipients of your data are included third party service providers for payments, shipments, marketing services, hosting providers and IT engineering service providers, IT companies or companies specialized in market research and data processing with which we enter into agreements requiring them to take appropriate technical and organisational measures to protect your personal data. Your data may also be transmitted to the police and judicial and administrative authorities in accordance with the law.
We may also transfer your personal data in case of sale or transfer in whole or in part of our business or property (including in case of reorganization, hive-off, dissolution or liquidation).
Under no circumstances we do give up or sell your personal information.
2. DATA COLLECTED
For personal data we mean all information about the user that allows us to identify him, such as his name, contact details, payment details and information about his access to the Site. When you subscribe to our Site, create an account, use our services or contact our support service, we collect some of your personal information. Some of the above data is provided voluntarily by the user himself while others are collected automatically. The Site let the user to voluntarily provide personal information through, for example, the creation of an account, the purchase/sale of products through our Site, the insertion of a review or a comment, filling out the return service, filling in the contact forum or using the messaging and chat service with our customer service or how many times you contact us to leave your comments or opinions. In the event that you need to contact us by phone, we record the call for training and improvement of our services and we take notes with regards to your call. We remind you that you can subscribe to the Site and create an account also using an account of a social network, such as a Facebook account. In the event that you sign up through this method by issuing the permissions requested on registration, we will receive the information of your social network account, such as your name and surname, location, basic biographical data.
When you use the Site as Seller, the contents and images included in your online showcase will also be visible to other users; In the same way, when you leave comments and reviews in the appropriate sections of the Site, the contents of your reviews, your name and your photo (if uploaded) will be visible to those who access the Site.
We do not process sensitive data, as well as details about physical health or mental health, the alleged commission of crimes or criminal convictions, however, you should, spontaneously share with us such information, we will only process such data with your explicit consent.
Where you decide to provide third-party data be sure that they have been informed in advance and in an appropriate manner about the processing methods and purposes herein indicated. In relation to this hypothesis, you place yourself as the independent controller, assuming all legal obligations and responsibilities.
In this regard we remind you that if you are less than 16 years old you cannot provide us with any personal data, and in any case we do not assume any responsibility for any false statements you provide. If we find that there are false statements, we will proceed with the immediate deletion of any personal data acquired.
We collect the following data through the services you use:
- technical data: This category of data includes IP addresses or computer domain names that you use when you connect to the Site, URI notation addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to your operating system and computer environment. These data are used only for statistical information (therefore they are anonymous), to check the proper functioning of the Site and are deleted immediately after processing. The data could be used to ascertain liability in case of hypothetical cyber crimes against the site: except in this case, the data on web contacts do not persist for more than 7 days.
- data collected using cookies or similar technologies.
3. WHY WE PROCESS YOUR DATA?
a) To guarantee you access to our website and the use of our services
When you use our Site and its services, we will use your personal data to allow you to register on the Site and create a personal account, to verify your identity as a user of the Site, to enable you to purchase/sell products and, where appropriate, to return the purchased products, to provide you with customer service and to solve any problems you have reported, to send you necessary communications (such as confirming the purchase order or confirming the good purpose of payment or remembering products on your cart) as well as to provide you with all the additional services described in the General Conditions.
b) To inform you about products, services, events and other promotional purposes
If you have expressly given us your consent or if we have a legitimate interest (under applicable law), we will use your data to update you about products and services offered by us as well as for information about promotional, commercial and advertising activities of the Company or third-party trading partners by email, sending SMS or Whatsapp; only if you are a professional we could advise you of such promotions and events by telephone through operator or customer care service consisting in the offer of services dedicated to the sales and after-sales. In addition, always with your consent or if we have a legitimate interest (according to applicable law) we will be able to use your data in the course of market research and surveys to find your satisfaction by email, SMS or Whatsapp, in order to improve our services and the relationship with our users
c) To offer you a personalized service
If you have expressly given us your consent, we use your data to analyze your habits and consumption choices, in order to offer you a personalized service consistent with your interests and to improve our business offer.
d) To improve the services we offer through the Website
We will use the data provided to improve the services we offer through the Site and your experience in purchasing/selling products. In particular, we will be able to analyze the use and measure the effectiveness of our Site and our services for a better understanding of how it is used in order to improve it as well as engage and retain users.
e) To guarantee our rights, our ownership or data security
We may also use personal data in connection with the use of our Site to prevent or detect fraud, abuse, illegal use, violations of our General Conditions, and to comply with court orders, to government requests or to comply with applicable legal provisions.
4. LEGAL BASIS
We will only process your personal data in cases where we have a legal basis to do so.
In most cases we will process your data to ensure you have access to the Site and the services offered there. In addition, we may process your data for one or more of the following reasons:
- Subject to your express consent (for example to inform you about our products, services, events and other promotional purposes, as well as to offer you a personalized service)
- To ensure compliance with legal obligations, EU regulations and standards (e.g., to comply with court orders, government requests or to comply with applicable law)
- For our legitimate interest (for example to improve the services we offer through the Site or to guarantee the ownership and security of the data we process).
5. IS THE PROVISION OF DATA MANDATORY?
The provision of personal data is required only for the processes necessary to guarantee you access to our Site and the services we offer through it. Any refusal to provide the personal data requested for this purpose makes it impossible to register for the Site and use the related services. All other provisions of your information are optional but conferring them allows us to offer you a better experience.
6. HOW DO WE PROCESS YOUR DATA AND FOR HOW LONG?
The storage of personal data will take place in paper and/or electronic form and for the time strictly necessary to the pursuit of the purpose referred to in point 3 (“For what purposes do we process your data?”).
In particular, when you register with the Site and create an account, we process and store most of your information in our possession for as long as you actively use the services we offer through the Site. After closing your account, we will keep your personal information for a maximum of 24 months from the date of deletion of the account for defence purposes and/or to enforce our right in court and/or out of court in the event of legal disputes linked to the execution of our services; your further personal information regarding transactions made through the Site is kept for 10 years under the law (including tax obligations).
For direct marketing and profiling purposes, we keep your data for a maximum period equal to that established by the applicable legislation, of 24 months and 12 months respectively from the last interaction, of any kind on your part with the Site.
For purposes of analysis aimed at improving the service, the personal data of the user will be subject to a maximum storage period of 24 months from the date of their registration.
After the expiry of the maximum storage period, we will automatically delete your personal data or anonymise it permanently and irreversibly.
We remind you that in case you do not exercise any active action (such as, use of the services offered by the Site, navigation, searches and/or any other way of using the Site) for a continuous period of 36 months, you will be classified as an inactive user and, subject to written notice regarding the deactivation of your account, we will proceed to store your personal data for the maximum retention period provided therein.
7. HOW CAN YOU EXERCISE YOUR RIGHTS?
In accordance with the provisions of the GDPR, you have the right to request, at any time, access to your personal data, rectification or deletion of your personal data, to oppose to their processing or to exercise the right to portability. The applicable legislation on the protection of personal data also allows you to exercise the right to request the limitation of processing in the cases provided for in art. Article 18 of the GDPR, and to obtain in a structured, commonly used and machine-readable format the data concerning you, in the cases provided for in art. 20 of the GDPR.
Requests can be made to the e-mail address email@example.com In particular, if you want to authorize the activities referred to in letters b) (Marketing purpose) to point 3 above (“Why we process your data?”) and thereafter you would not wish to receive any further communications from us or to limit the means by which I would be contacted, you can at any time interrupt these communications by writing us at the e-mail address firstname.lastname@example.org
Finally, please note that you are always entitled to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data), in accordance with art. 77 of the GDPR, if you consider that the processing of your data is contrary to the law in force.
8. HOW DO WE ENSURE THE PROTECTION OF YOUR DATA?
Your personal data are processed by the persons mentioned in point 1 above (“Treatment of data”), in accordance with the provisions of the law in force. In particular, to ensure the security of your data taking into account the state of the art and the costs of implementation, as well as the nature, object, context and purpose of the processing, as well as the risk of varying probability and gravity for the rights and freedoms of natural persons, we have taken appropriate technical and organisational measures to ensure a level of security appropriate to the risk.