Extended information under articles. 12, 13 and, taking into consideration, 14 of the GDPR – Regulation (EU) 2016/679 on the protection of natural persons, with regard to the processing of personal data (hereinafter the GDPR)
The holder of the treatment reports, hereinafter, the information within the meaning of the articles. 12, 13 and, if necessary, 14 of the GDPR relating to the processing of personal data provided by the client/person concerned through the compilation and subscription of the contract to purchase the products/services offered for sale by the owner of the treatment, loading Spontaneously in this web site personal data (especially through the compilation of forms) or just browsing in it.
1. Data controller and contact details
The owner of the treatment is LAVORAZIONI ARTIGIANA MARCHE S.R.L., located in 63900 Campiglione di Fermo (FM), Via Po 6/A, VAT 09979301000, tel. + 39 0734 805790, e-mail firstname.lastname@example.org, Web http://www.francesconishoes.it (hereinafter the site).
2. Principles applicable to treatment in accordance with the requirements of the GDPR, the data controller shall constantly endeavour to ensure that personal information is:
a.Treated in a lawful, correct and transparent manner;
b.Collected for specific, explicit and lawful purposes, and subsequently treated in such a way that it is not incompatible with such purposes;
c.appropriate, relevant and limited to what is necessary in relation to the purposes for which they are treated;
d.Accurate and, if necessary, updated;
e.Retained for a period of time not exceeding the attainment of the purposes for which they are treated;
f.By appropriate technical and organizational measures in order to ensure their safety;
g.Treated, if in consensus, by decision freely assumed by the client/interested party, on the basis of request made clearly distinguishable from the rest, in a comprehensible and easily accessible form, using a simple language and clear.
The data controller shall take appropriate technical and organizational measures to ensure the protection of personal data from the point of view of the design and to ensure that only the information necessary for each specification is processed by default treatment purposes.
The data controller shall collect and take the utmost account of the indications, observations and opinions of the client/interested party sent to the contact details above, in order to implement a dynamic privacy management system that ensures effective protection of people, with regard to the processing of their data.
This statement may be changed, in line with the evolution of the reference legislation and the technical and organizational measures adopted by the data controller; The client/interested person is, therefore, requested to visit periodically this section of the site, to see the updates and the informative in the text time for time in force.
3. Procedures for the processing of personal data
The processing of personal data is carried out manually and with electronic tools, with logic closely related to the following purposes and, in any case, to guarantee the security and confidentiality of the data.
4. Purpose of the processing of personal data
(4a) purposes for which the processing of data is necessary
The personal data provided by the client/interested are mainly processed for the execution of the contract and the management of the credit and, more generally, of the relationship rising from the contract itself.
The conferral of data in the contract or later, in the course of the contractual relationship, for the purposes of processing in question is compulsory; Therefore, the failure, partial or inaccurate conferral of such data makes it impossible to stipulate and/or execute the contract and, for the client/interested party, to take advantage of the products/services offered by the treatment holder, potentially exposing the customer /interessato itself to liability for contractual failure.
The personal data provided by the client/person concerned may also be treated if this is necessary to fulfil a legal obligation to which the owner of the treatment is subject, to safeguard the vital interests of the client/interested party or of another natural person, for the execution of a task of public interest or connected with the exercise of public powers of which the data controller is invested, or for the pursuit of the legitimate interest of the holder of the treatment itself or of Third parties, provided that the interests or fundamental rights and freedoms of the client/person concerned do not prevail; Even in these cases, the conferral of the data is obligatory and, therefore, the failure, partial or inaccurate communication of the data may expose the customer/interested in any liability and penalties provided by the legal system.
(4b) Further purpose of the treatment following specific and express consent of the client/interested party
In addition to the above treatment purposes, the personal data conferred/acquired can be processed, subject to the consent of the client/interested party, to be expressed by checking the box on the contract or on the site (or by using other social applications or web of the data processing holder), also for the conduct of market surveys and to carry out commercial and promotional communications, by telephone (also using the mobile phone number provided) and automated contact systems (e-mail, SMS, MMS, faxes, etc.), on the products/services of the data controller or company of the group to which the data controller may belong.
The consent for the processing purposes referred to in this section (4b) is optional; Therefore, as a result of any refusal, the data will be processed for the sole purposes indicated in the preceding paragraph (4a), except as specified below with reference to the legitimate interests of the holder of the treatment or of third parties.
5. Categories of personal data processed
The data controller deals mainly with identification/contact details (name, surname, address, type and number of recognition documents, telephone numbers, e-mail addresses, of a tax/ Invoicing, unless otherwise) and, in the case of commercial transactions, financial data (of a banking nature, in particular identification of current accounts, credit card numbers, unless otherwise related to the aforementioned commercial transactions).
The treatment which the holder of the treatment carries out, both for the execution of the contract and by virtue of express consent of the client/interested party, does not generally concern particular categories of personal data, known as sensitive (which They reveal racial or ethnic origin, political opinions, religious beliefs, health status or sexual orientation, etc.), or genetic and biometric data or so-called judicial data (related to criminal convictions and offences).
However, it cannot be excluded that the holder of the treatment, in order to execute the obligations descending from the contract, must retain and/or have the need to treat sensitive, genetic and biometric or judicial data, of the client/interested party or of third parties, which the client/person concerned has as the holder of the treatment; In the hypothesis, the treatment by the data controller takes place under the conditions and within the limits set out in the appointment of the same holder of the treatment to the person responsible for the treatment, by the client/interested party.
The owner of the treatment treats, as the owner of the treatment with reference to the site, and, potentially, as the person responsible for the treatment in charge (in the above terms) by the customer/interested, also the so-called navigation data. The computer systems and the software procedures for the operation of the Internet sites acquire, during their normal exercise, certain personal data, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified subjects, but which, by their very nature, could allow to identify the person concerned. This category of information is geolocation data, IP addresses, browser type, operating system, domain name, and Web site addresses from which you have accessed or exited, information about pages visited by users Within the site, access time, permanence on the single page, internal path analysis and other parameters related to the operating system and the user’s computer environment. It is, therefore, information which, by their very nature, allows, through elaborations and associations also with data held by third parties, to identify the users.
6. Source of personal data
The personal data that the holder of the processing is collected directly from the owner of the treatment at the client/interested at the time of, and during the, navigation of this on the site (or using other Social or Web applications of the data controller), that is, even through its own commercial, at the time of, or after, the subscription of the contract, at the time of execution of the same, or from public sources.
As stated above, the data controller, as the person responsible for the treatment in charge, in order to execute the obligations descending from the contract, may retain and/or deal with information, in particular of navigation, potentially even sensitive, Genetic and biometric or judicial, of third parties, of which the client/person concerned has as the holder of the treatment, acquired, after the consent of those third parties, at the time of, and during, the navigation of the same third parties on the site (or by using other Social or Web applications referred to the data controller).
7. Legitimate interests
The legitimate interests of the data controller or third parties may constitute a valid legal basis for the treatment, provided that the interests or fundamental rights and freedoms of the person concerned do not prevail. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the owner of the treatment and concerned, for example when the person concerned is a customer of the holder. In particular, it constitutes a legitimate interest of the data controller to deal with personal information of the client/person concerned: for the purpose of preventing fraud, for direct marketing purposes, to ensure the free movement of the same data Within the entrepreneurial group to which the holder of the treatment possibly belongs, or relating to traffic, in order to ensure the security of networks and information, i.e. the capacity of a network or a system to withstand unforeseen events or unlawful acts which may impair the availability, authenticity, integrity and confidentiality of the data.
8. Movement of personal data
(8a) Communication of personal data-categories of recipients as well as from employees and collaborators in various ways of the owner of the treatment (who are the owner of the treatment himself authorised to the treatment under adequate operating instructions Written, in order to guarantee the confidentiality and the security of the data), some processing operations may also be carried out by third parties, to whom the owner of the treatment entrusts certain activities, or part of them, functional to the purposes of which In point (4a), therefore, so much in execution of contractual obligations as legal, among which deserve mention, in any case, inevitably, not exhaustively: commercial and/or technical partners; Companies providing banking and financial services; Companies carrying out document archiving services; Debt collection Company; Auditing and certification of financial statements; Rating Company; Persons who carry out, in favour of the data controller, professional assistance and consultancy activities; Companies that carry out customer care activities; Companies of factoring, securitisation of receivables or other transferees of receivables; Company of the group to which the owner of the treatment may belong; subjects providing commercial information; Computer services company. The subjects belonging to the aforementioned categories shall treat the personal data themselves as autonomous holders of the treatment, or as controllers, with reference to specific treatment operations falling within Contractual services which the parties themselves perform in favour of/in the interest of the data controller; The data controller is responsible for the processing of the treatment, providing appropriate written operating instructions, with particular reference to the adoption of the minimum safety measures, in order to guarantee the confidentiality and security of the information.
Some processing operations may be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, even functionally to the purposes set out in point (4b), including, for the purpose, mention, Inevitably, not exhaustive: commercial and/or technical partners; Companies that are institutionally providing marketing services; Advertising agencies; Subjects that provide assistance and consultancy activities with reference to competitions and prize transactions. The subjects belonging to the aforementioned categories shall treat personal data as self-employed persons, or in the capacity of treatment managers, with reference to specific treatment operations which fall within the performance which the parties themselves perform in favour of/in the interest of the data controller; The data controller is responsible for the processing of the treatment, providing appropriate written operating instructions, with particular reference to the adoption of the minimum safety measures, in order to guarantee the confidentiality and security of the information.
It is available, upon written request to be sent to the premises of the data controller, the list, subject to periodical updating, of the persons responsible for the treatment with which the owner of the treatment maintains relations.
The personal data may also be communicated, in case of request, to the competent authorities, in fulfilment of obligations arising from mandatory rules of law.
(8b) Transfer of personal data to third countries
The personal data of the client/person concerned may also be transferred abroad, both in countries of the European Union and in countries outside the European Union and, in the latter case, or on the basis of a Decision of adequacy, or within and with the appropriate guarantees provided for by the GDPR (in particular, in the presence of contractual clauses such as data protection approved by the European Commission), or, outside the above-mentioned assumptions, Using one or more of the derogations provided for by the GDPR (in particular, by virtue of explicit consent of the client/person concerned, or for the execution of the contract concluded by the client/interested party, or for the execution of a contract concluded between the holder of the Treatment and another natural or legal person in favour of the client/interested party, in particular for the execution of activities to be sent by the holder of the same treatment for the execution of the contract concluded with the client/interested party). In the case of transfers of data to countries outside the European Union, the customer/interested party is permitted, upon written request to be sent to the head of the treatment holder, to know the appropriate guarantees, i.e. the derogations, which They legitimize cross-border treatment. It is understood, in the case of the transfer of data to countries outside the European Union, that for each request concerning the data, also for the exercise of the rights recognized by the GDPR to the client/interested, this can always validly apply to the Owner of the treatment.
9. Criteria for determining the retention period of personal data for the purposes set out in point (4a) above, The retention period of personal data issued by the client/person concerned, and the consequent potential treatment thereof, coincides with the Period of limitation of the rights/duties (legal, fiscal, etc.) descendants of the contract: basically 10 years, therefore, except for the occurrence of interruttivi events of the limitation which could prolong, in fact, that period.
For the purposes set out in point (4b) above, the retention period of the data issued by the client/person concerned, and the consequent potential treatment thereof, ends with the withdrawal of the prior consent issued by the client/person concerned or, In the absence of this, however, one year after the cessation of any relationship between the owner of the treatment and the client/interested party.
10. Customer’s rights/interested party
The data controller recognizes – and facilitates the exercise by the client/interested party of – all rights provided by the GDPR, in particular the right to request access to their personal information and to extract copies ( Art. 15 GDPR), to the rectification (art. 16 GDPR) and to the cancellation thereof (art. 17 GDPR), to the limitation of the treatment that concerns it (art. 18 GDPR), to the portability of the data (art. 20 GDPR, where the conditions are met) and to oppose the treatment that concerns it ( Arts. 21 and 22 GDPR, for the assumptions mentioned therein and, in particular, to the treatment for marketing purposes or to translate into an automated decision-making process, including profiling, which produces legal effects affecting it, where the conditions are met).
The data controller also recognizes to the customer/interested party whether the treatment is based on consent, the right to revoke such consent at any time, without affecting the lawfulness of the treatment based on the prior consent of the revocation. To do this, the customer/interested party may unsubscribe at any time on the site (or on other social or Web applications of the data controller) or by using the appropriate link at the bottom of any commercial communication received, or by contacting the Owner of the treatment to the contact details above.
The holder of the treatment shall also inform the client/person concerned of the right to propose a complaint to the supervisory authority for the protection of personal data, as a supervisory authority operating in Italy, and to propose judicial action, as opposed to a Decision of the supervisory authority, as regards the holder of the treatment and/or a controller.
11. Security of systems and personal data
Taking into account the state of the art and the costs of implementation, the nature, the object, the context and the purpose of the treatment, as well as the risk, in terms of probability and severity, for the rights and freedoms of natural persons, the holder of the Treatment adopts technical and organizational measures deemed appropriate to ensure a level of safety appropriate to the risk, in particular by ensuring, on a permanent basis, the confidentiality, integrity, availability and resilience of systems and Treatment services (including by encrypting personal data, where necessary) and the ability to promptly restore data availability in the event of a physical or technical accident, and by adopting internal procedures aimed at testing, verifying and Regularly assess the effectiveness of the technical and organizational measures employed.
In assessing the appropriate level of safety, account shall be taken of the risks posed by the treatment arising, in particular, from destruction, loss, modification, unauthorized disclosure or access, in an accidental or illegal manner, to Personal data transmitted, stored or otherwise processed.
The holder of the treatment shall endeavour to ensure that whoever acts under his authority and has access to personal data does not treat such data unless it is instructed in that way by the same holder of the treatment.
That said, the client/interested acknowledges and agrees that no security system guarantees, in terms of certainty, absolute protection; Therefore, the holder of the treatment does not answer for acts or deeds of third parties who, despite the appropriate cautions, have access to the systems without the necessary authorizations.
12. Automated decision-making processes, including profiling
The data controller may perform automated processing, including profiling, in relation to the purposes set out in point (4b) above, in order to optimise the navigability of the site (or The usability of other social or Web applications of the data controller) and to improve the purchasing experience, except as specified above with respect to the rights of opposition and withdrawal of consent by the client/interested party.
Profiling shall mean any form of automated processing of personal data directed at evaluating certain aspects of a natural person, in particular to analyse or foresee aspects concerning, for example, personal preferences, Interests or the location of such person, also in order to create profiles, or homogeneous groups of subjects for characteristics, interests or behaviours.
The holder of the treatment shall not perform any automated treatment which produces legal effects affecting the client/person concerned or affecting in a similar way significantly on his or her individual, unless this is necessary for the conclusion or The execution of the contract is authorized by law or is based on the explicit consent of the client/interested party, in any case always recognizing to the latter the right to obtain human intervention, to express his opinion and to contest the decision.
The information is made only for the site mentioned above and not for other websites or sections/pages/spaces of ownership of third parties – which may be consulted by the user through special links within the website.
1. Type of processed data and finality of treatment
1.1. Navigational data
The computer systems and applications dedicated to the operation of this website acquire, during their normal exercise, certain personal data whose transmission is implicit in the use of Internet communication protocols.
It is information that is not collected to be associated with identified interested persons, but which by their very nature could, through elaborations and associations with data held by third parties, allow to identify the users who connect to Site. The data collected includes the IP addresses or domain names of the computers used by users, the addresses in the Uniform resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request To the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to the user’s operating system and computer environment.
These data are processed, for the time necessary to reach the purpose for which they are collected, in order to obtain anonymous statistical information on the use of the site (accesses to the same) and to control its regular functioning.
The data could be used for the assessment of liability in case of hypothetical cyber crimes against the site.
1.2. Data voluntarily provided by the user
If users of this site are required, in order to access certain services, to confer their personal data, it will be previously issued, in the pages relating to the individual services, specific and detailed information on the relevant treatment under of art. 13 of the Privacy code that specifies limits, purposes and modalities of the treatment itself.
What are cookies?
Cookies are small text files that are sent from the Web site visited by the user on the user’s device (usually to the browser), where they are stored so that they can recognize the device at the next visit. At each subsequent visit, in fact, cookies are sent back from the user’s device to the site.
Each cookie generally contains: the name of the server from which the cookie was sent; The expiration and a value, usually a unique number randomly generated by the computer the Web site server that transfers the cookie uses this number to recognize you when you return to visit a site or navigate from one page to another.
Cookies can be installed not only by the same site manager visited by the user (first-party cookies), but also by a different site that installs cookies through the first site (third-party cookies) and is able to recognize them. This is because on the visited site there may be elements (images, maps, sounds, links to web pages of other domains, etc) that reside on different servers than that of the visited site.
According to the purpose, cookies are distinguished in technical cookies and in profiling cookies.
The technical cookies are those used for the sole purpose of “making the transmission of a communication on an electronic communication network, or to the extent strictly necessary to the provider of an information society service explicitly Requested by the Subscriber or the user to provide such service “(see art. 122, CO. 1, of the Privacy Code, as amended by D. LGs. 69/2012). In particular, such cookies are usually used to allow efficient navigation between pages, store preferences (language, country, etc.) of users, make computer authentication, manage the shopping cart or allow Online shopping, etc. Some of these cookies (essential or strictly necessary) enable functions without which it would not be possible to do some operations. Pursuant to the above art. 122, CO. 1 of the Privacy code the use of technical cookies does not require user consent.
Cookies are assimilated to technical cookies. Analytics when used directly by AI site Manager to gather aggregated information about the number of users and how they visit the site itself. These cookies allow owners and/or Web site managers to understand how users interact with the site’s content for the purposes of optimizing the website.
Profiling cookies serve to trace the user’s navigation, analyze his behavior for marketing purposes and create profiles on his tastes, habits, choices, etc in order to convey targeted advertising messages in relation to the interests Of the user and in line with the preferences expressed by them in online browsing. Such cookies may be installed on the user’s terminal only if it has expressed its consent with the simplified modalities indicated in the measure.
Depending on their duration, cookies are distinguished in persistent, which remain stored, until they expire, on the user’s device, save removal by the latter, and session, which are not stored persistently on the device Of the user and vanish with the closing of the browser.
What cookies are used by this site?
A. Technical cookies.
This site makes use of technical cookies, installed by the site in order to monitor the operation of the site and allow efficient navigation on the same.
Below, for each technical cookie that could be used, the name, the purpose of use and the type/duration are reported.
NAME AIM TYPE/DURATION
E-commerce form session cookies
CMS Management Cookie
CMS Management Cookie in relation to Mailchimp
These cookies cannot be disabled using the functions of this web site, but can be turned off via your browser’s settings at any time (in the following ways). Their deactivation could preclude the optimum enjoyment of certain areas of the site.
B. Performance and analytics cookies
Cookies are also used in order to statistically analyze the traffic on the site, count the accesses or visits to the site itself and allow the owner, also thanks to the estimates on numbers and patterns of consumption, to improve the structure, the Logical navigation and content, to adapt it to the interests of users, to speed up searches, etc.
Below, for each analytics cookie used, the name, purpose of Use, type/duration and origin.
NAME AIM TYPE/DURATION ORIGIN
AIM= Collect statistical information
about the use of the site by users,
in particular, know how many have
returned and where they came from,
how many have arrived from the search
engines, how many have arrived directly
to our URL, know which pages Have visited etc
For more information about the Google Analytics service see Http://www.google.it/analytics and Https://www.google.com/analytics/learn/privacy.html?hl=it
AIM: Collect statistical information about the use of the site by users, in particular, know how many have returned and where they came from, how many have arrived from the search engines, how many have arrived directly to our URL, know which pages They visited etc…
ORIGIN= Psmstats.com by Piwik
For more information about the Piwik service see http://piwik.org/privacy/
C. Profiling Cookie.
Third-party profiling cookies
Below, we report the name of the third party cookies that could be installed by the latter through the site, the purpose, the name of the third party and the link to the site of this last.
NAME AIM THIRD PARTY Link to the site where to view the privacy statement of the third party
For information and preferences management
For information and preferences management
Twitter uses these technologies to provide, evaluate and improve their services in different respects.
For information and preferences management: Https://support.twitter.com/articles/20170519
Alternatively, view the deactivation page of the Network advertising Initiative http://www.networkadvertising.org/managing/opt_out.asp
Users who want to prevent the installation on their terminal for Google Analytics cookies can download and install the browser add-on to the Https://tools.google.com/dlpage/gaoptout address to disable Google Analytics, developed by Google, following the instructions provided
For information and preferences management
t is reported in any case that users can manage their preferences on online behavioral advertising (CD. “On line behavioural advertising”) through the site www.youronlinechoices.com/it, which lists the main providers of behavioral advertising. Through these sites, users can disable or activate all companies or alternatively adjust their preferences individually for each company.
How do I disable cookies?
By default almost all Web browsers are set up to automatically accept cookies. You can still change this default configuration by using browser settings. The disabling/blocking of cookies or their deletion could preclude the optimal enjoyment of certain areas of the site, prevent the use of certain services and make navigation slower.
Configuring cookie management depends on the browser you are using. Usually, the configuration of cookies is made from the menu “preferences”, “Tools” or “options”.
Below are the links t Internet Explorer: http://support.microsoft.com/kb/278835
Internet Explorer [Mobile version]: http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy-and-other-browser-settings
Safari [Mobile Version]: http://support.apple.com/kb/HT1677
Android: http://support.google.com/mobile/bin/answer.py?hl=en&answer=169022o the cookie management guides of the main browsers:
2. Mode of treatment
The processing of personal data is carried out through automated means (e.g. using procedures and electronic media) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data have been collected and, in any case, in accordance with the relevant regulations.
3. Data controller
The owner of the processing of personal data is LAVORAZIONI ARTIGIANA MARCHE S.R.L.
4. Rights of interested parties
The persons covered by the personal data have the right, at any time, to obtain confirmation of the existence or not of the same data, to know its content and origin, to verify its accuracy or to ask for its integration or updating, or rectification within the meaning of art. 7 of the Privacy code. Under the same article, the parties concerned shall also have the right to request the deletion, the anonymous processing or the blocking of the data concerning them treated in violation of the law, and to oppose in any case, for legitimate reasons, their Treatment.
For any information regarding the processing of the data and for the exercise of the former rights. Art 7 of the Privacy code, users can forward special request (also by e-mail) to the addresses indicated on line on the contact page accessible from the site footer.