UNDER EU REGULATION 2016/679 – GDPR
In compliance with the obligations arising from the legislation on the protection of personal data, we inform you that this site www.foppa.it respects and protects the confidentiality of visitors and users. Provided that the Data Controller will be in possession of data relating to you, qualified as personal by the aforementioned Regulation, we communicate the following:
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The data controller is Ottica Foppa Srl, Via Roma n. 18, Grassobbio (BG), tel: 035.526496, pec: firstname.lastname@example.org, mail: email@example.com
PROCESSED DATA AND FINAL TREATMENT
Your personal data and browsing data are the subject of processing. As in all websites, some information is collected in an automated way during user visits: Internet Protocol (IP) address, type of browser and parameters of the device used to connect to the site, name of internet service provider (ISP), date and time of visit, web page of origin of the visitor (referral) and exit, possibly the number of clicks. The data collected by the site during its operation are used exclusively for the purposes indicated below and stored for the time strictly necessary to carry out the specified activities. The legal basis that legitimizes the processing of such data is the need to make the features of the company site usable as a result of the User’s access. The data voluntarily provided by the User instead, such as name and surname, business name, tax code and VAT number, address, telephone/fax, e-mail, bank and payment references, are instead those necessary to the Data Controller to provide the available services and are processed lawfully and correctly, moreover they are collected and registered for the specific, explicit and legitimate purposes indicated below, and are used in processing operations that are not incompatible with these purposes.
Personal data are collected and processed for the following purposes: analysis of site visits for statistical purposes, collection of data of contacts to the site for the purpose of processing the requests of the user /visitor and for future commercial initiatives, activities of relationship with the customer on the basis of pre-contractual and contractual agreements, administrative, tax or internal accounting purposes related to the customer-supplier relationship and to fulfill the obligations generally provided for by laws or regulations, by Community legislation, by requests of the judicial authority or to exercise the rights of the Data Controller (for example the right of defense in court), in the presence of specific distinct consent of the User, for marketing purposes: sending (by e-mail, mail, sms or telephone contact) of newsletters , updates on the Owner’s activities, advertising material or commercial communications – possibly also personalized on the basis of the User’s consumption habits (profiling)– on products or services offered by the Data Controller that the User may consider to be of interest to you and to detect the degree of satisfaction on the quality of the services, including requests for participation in analysis or market research, in the case of sending curriculum vitae, exclusively for the purpose of personnel selection and for the establishment of an employment relationship.
SAFETY MEASURES AND METHODS OF TREATMENT
This site treats user data in a lawful and correct manner, taking appropriate security measures aimed at preventing unauthorized access, disclosure, modification, theft or destruction of data. The processing is carried out through IT and /or telematic tools, with organizational methods and with logics closely related to the indicated purposes. In addition to the owner, in some cases, categories of persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third-party technical service providers, commercial agents, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
The processing of your personal data is carried out through the operations of: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. The personal data of the User are collected as a result of sending directly to the Data Controller, through the compilation of forms or forms generally prepared for this purpose, also included in contractual documents. The data collected are recorded and stored by the Data Controller in computer and paper archives, as well as stored and controlled in such a way as to minimize the risks of destruction or even accidental loss, unauthorized access and unauthorized processing or non-compliant with the purposes of the collection. The data are processed by employees or collaborators of the Data Controller, duly instructed in this regard.
NATURE OF DATA COMMUNICATION AND LEGAL BASIS OF PROCESSING
The provision of personal data relating to the processing is optional. However, failure to provide data, partial or total, may result in the partial or total impossibility of establishing or continuing the relationship with the User, to the extent that such data are necessary for the execution of the same. The provision of data for marketing purposes is also optional. The User may therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case he will not be able to receive newsletters, commercial communications and advertising material generally related to the services and products offered by the Data Controller.
The legal basis that legitimizes the processing of data with reference to pre-contractual and contractual agreements and administrative, accounting or tax purposes is the execution of a contract for the provision of services of which the User is a party, or the carrying out of pre-contractual activities at the request of the User. In cases of marketing and profiling as well as curriculum vitae, the legal basis is the consent freely given by the User.
ANY RECIPIENTS OF PERSONAL DATA AND TRANSFER OF DATA TO A THIRD COUNTRY
The processing of the User’s data is carried out by internal staff of the Data Controller (employees, collaborators, System Administrators), identified and authorized to process according to instructions that are given in compliance with current legislation on privacy and data security. If this is necessary for the above purposes, your personal data may be processed by third parties appointed as professionals, companies, associations or professional firms that provide the Data Controller with assistance or advice for administrative, accounting, tax, legal or personnel selection purposes, entities provided for by current accounting and tax legislation as recipients of mandatory communications, banking institutions for collections and payments, professionals for analysis services and market research, for the management of payments by credit cards or electronic payment instruments in general, commercial agents, postal couriers. This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorised under EU Decision 1250/2016 Privacy Shield, so no further consent is required, guaranteeing you the companies mentioned above your membership.
The processing of personal data is to be considered necessary so that the Data Controller can perform the service of management and delivery of the order.
The processing of your personal data for account management is based on consent when you create the account. The processing of personal data to provide relevant product data is based on our legitimate interest. Your data may be disclosed to external partners such as address validation companies, order confirmation communication agencies, warehouses and suppliers-distributors for order delivery, payment service providers for payment, credit reference agencies for identity and credit location verification. We store personal data as long as you are an active customer. You have the right to withdraw your consent to the processing of personal data, to delete your account and to object to the processing of data at any time. So the account will cease to exist, all the data will be eliminated and the data controller will be unable to provide the above mentioned services.
YOUR RIGHTS AND HOW TO EXERCISE YOUR RIGHTS
In your capacity as interested party and in relation to the processing described in this Policy, you have:
- Right of access– Article 15 GDPR: right to obtain confirmation that personal data concerning it are being processed or not and, in this case, to obtain access to such personal data, including a copy of them;
- Right of rectification – Article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning the User and/or the integration of incomplete personal data;
- Right to deletion (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the deletion of personal data concerning it;
- Right of limitation of processing– Article 18 GDPR: right to obtain the limitation of processing when : the Data Subject disputes the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such data; the processing is unlawful and the Data Subject opposes the deletion of personal data and instead requests that its use be limited; personal data are necessary for the Data Subject for the verification, exercise or defense of a right in court; the Data Subject has opposed the processing pursuant to art. 21 GDPR, during the waiting period for verification regarding the possible prevalence of legitimate reasons of the Data Controller compared to those of the Data Subject;
- Right to data portability– article 20 GDPR: right to receive, in a structured format, common use and readable by an automatic device, personal data concerning it provided to the Data Controller and the right to transmit them to another Data Controller without hindrance, if the processing is based on consent and is carried out by automated means;
- Right of objection– Article 21 GDPR: right to object, at any time for reasons related to his particular situation, to the processing of personal data concerning him based on the condition of lawfulness of the legitimate interest or execution of a task of public interest or the exercise of public authority, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing that prevails over the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of a right in court. In addition, the right to object at any time to processing where personal data is processed for direct marketing purposes, including profiling, to the extent that it is connected to such direct marketing;
- Right of revocation– Article 7 GDPR: you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of consent-based processing prior to revocation;
- Right of complaint– article 77 GDPR: the User has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza di Montecitorio 121, 00186, Rome (RM).
For the exercise of rights as indicated in this Policy as well as to receive any information relating to them, the User may contact in writing the Data Controller who will take charge of the request and provide the User, without unjustified delay and in any case, at the latest, within one month of receipt of the same, the information relating to the action taken with regard to the request. The exercise of rights by the User is free of charge pursuant to article 12 GDPR, however, in the case of manifestly unfounded or excessive requests, also for their repetitiveness, the Data Controller may charge you a reasonable contribution, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.
RETENTION PERIOD OF PERSONAL DATA
Your personal data will be processed and stored by the Data Controller for the fulfillment of the user’s request or for the entire duration of any contractual relationship as well as for the relative warranty period of the product; at the end of the same will be kept for the expected time – for each category of data – the current legislation on accounting, taxation, civil and procedural matters. For marketing and profiling purposes only, your personal data will be processed and stored by the Data Controller for a period of 24 and 12 months respectively. For the sole purpose of searching for personnel, the User’s personal data may be processed and stored by the Data Controller for a maximum period of 12 months from the date of receipt.
ONLINE PURCHASES AND ACCOUNTS
Trattiamo le seguenti categorie di dati personali: nome, indirizzo, indirizzo e-mail, telefono, username e password, dati di pagamento, storico dei pagamenti e degli acquisti, informazioni sul credito e sugli ordini.
We use your personal data to manage online purchases on our site, process orders and returns, send notifications about the status of your shipment, manage payments, complaints and product guarantees, identify the legal age for online purchases, create and manage your personal account, providing you with order history and order details, allowing you to save items to your shopping cart , to manage your account settings and keep your data up to date.
UNDER EU REGULATION 2016/679 – GDPR
The collection and use of the information obtained through the plugin are regulated by the respective privacy policies of the social networks, to which please refer.