Personal data processing
The Website is owned by LAMBERTO LOSANI S.R.L., Case Sparse 48/G, Località Villa, Magione (PG), tel. +39 075 847711, e-mail firstname.lastname@example.org (hereinafter the “Controller”).
The disclosure is only given by the Controller for the Website and not also for other websites or sections/pages/spaces owned by third parties as may potentially be consulted by the user via specific links.
This disclosure aims to allow users to become aware, even before accessing the various sections of the Website, of how the Controller processes the users’ personal data. In any case, the user must view it before conferring personal data upon registering with the Website.
Data Controller and Data Supervisors
The Data Controller is LAMBERTO LOSANI S.R.L., Case Sparse 48/G, Località Villa, Magione (PG), Italy.
In addition to employees of the company, personal data may also be processed by third parties to whom the company assigns such activities (or part thereof), connected or instrumental to the processing or supply of services offered. In this event, the same subjects will be appointed Data Supervisors or processors.
Purpose of processing
According to the needs as expressed each time by the user accessing the various sections of the Website, below are indications of the purpose of the personal data processing, i.e. that conferred directly by users through the completion of on-line forms (see the section below entitled “Nature and method of conferral of users’ Personal Data”) or that acquired automatically (see the section below entitled “Categories of Personal Data processed”) (hereinafter the “Personal Data”):
- to allow for registration with the Website, where necessary to access specific sections of the Website;
- to stipulate and enforce the contract for the purchase of goods and/or services offered on the Website;
- by user consent and until such consent is revoked, to carry out marketing activities such as sending out promotional and advertising materials of the Controller, including by e-mail, MMS and SMS;
- to answer users’ requests regarding the products of the Controller, the advertising or generic information (e.g. in the section “Contact us” or “Customer Services” of the Website);
- in compliance with the legal requirements and in order to customise the users’ experience on the Website and improve the services and products offered by the Controller to its customers, by user consent and until such is revoked, to carry out analyses of the habits or browsing or consumer choices and to define the profile of data subjects using the information supplied by the latter at the time of registration, i.e. when filling in questionnaires or on the basis of action taken or information supplied when browsing the Website.
Processing will be carried out using automated tools (e.g. using electronic procedures and supports) and/or manually (e.g. on paper) for the time strictly necessary to achieve the ends for the which the data was collected and, in any case, in compliance with current applicable regulatory provisions.
Nature and method of the conferral of users’ Personal Data
The conferral of personal data is optional but for the Controller to satisfy the user’s demands under the scope of Website functions, for some personal data, conferral is mandatory (i.e. necessary for data whose fields are marked with an asterisk). Failure, partial or inexact conferral of Personal Data marked with an asterisk, insofar as necessary to the provision required, shall make it impossible to do so; failure, partial or inexact conferral of optional Personal Data shall instead have no consequences.
Personal Data is conferred by means of the completion of specific fields in the various sections of the Website. If the user has failed to confer one or more mandatory item of data, an error message of the Controller will be brought up, listing the missing mandatory Personal Data.
In particular, we collect the personal data necessary to conclude and enforce your Website purchase: name and surname, e-mail address and telephone number, delivery address, billing address, payment data, password, etc.
Categories of Personal Data processed
In addition to the Personal Data conferred directly by users (such as name, surname, postal address, e-mail address, telephone number, etc.), when connecting to the Website, the computer systems and software procedures used for the Website function automatically and indirectly supply and/or acquire certain information that may constitute personal data, transmission of which is implicit in the use of internet communication protocols, such as, merely by way of example, cookies (as better specified below), IP addresses, the domain names of computers used by users connecting to the Website, the URL addresses of the resources requested and the time of server request.
Children aged under 16 years old must not confer information or Personal Data without the consent of the person having parental responsibility for them. The Controller asks all those with parental responsibility for children to inform them about the secure, responsible use of the internet and the web.
Cookies are strings of text that act as computer markers sent by a server (in this case that of this Website) to the user’s equipment (generally the internet browser) when they access a given page of a website; the cookies are saved automatically by the user’s browser and re-sent to the server that generated them each time the user accesses the same internet page. In this way, for example, the cookies allow and/or facilitate access to certain internet pages to improve user browsing, or allow for pages visited and other specific information, such as the pages consulted most frequency, connection errors, etc., to be saved. Therefore for the easy, complete use of this Website, it is best for the user to configure their browser to accept such cookies.
Often, browsers are set to automatically accept cookies. However, users can alter the predefined configuration so as to disable or eliminate cookies (each time or once and for all), with the consequence, however, that the optimal use of certain areas of the Website, may be precluded. It is also possible to verify the methods and types of cookies saved to the browser by altering the settings on the browser cookies.
Cooke types and management
Strictly necessary cookies: these are necessary to browse a Website and use its functions, such as, for example, to allow for a correct display or access to reserved areas. Therefore, if these cookies are disabled, these activities will not be possible.
Performance cookies: these collect anonymous information about the efficiency of responses of a Website to user’s requests, purely in order to improve the Website functions; for example, which pages are most frequently visited by users and if there are any errors or slowing in the provision of the web pages.
Functionality cookies: these allow the Website to remember the user’s choices and re-proposed them at subsequent accesses, thereby offering better, more personalised services; for example, they can be used to propose contents similar to those already requested by the user previously.
These are used to offer users advertising that may potentially be of interest to them, as noted during browsing. They are used, for example, to limit the administration of a given advertisement or deduce the effectiveness of a campaign from the frequency with which the related advertising is viewed. These cookies can also be supplied by third parties, including on behalf of advertisers. The user can choose whether or not to accept such cookies by giving consent (“opt in”) prior to their administration. This Website uses this type of cookies (see also the “Google Adwords” section and “Social media cookies”).
By using the Website, the user agrees to the processing of their data by Google for the methods and purposes specified above.
This Website uses third party cookies to publish advertisements defined according to users’ interests. This information is collected during the user’s browsing and is in no way connected with the account with which the user accesses the Websites. More specifically, Google Adwords of Google Inc. uses the browsing data within its on-line advertising circuit to propose advertisements that are more relevant to the user’s interests. The Controller exploits this technology and uses the data on browsing within its Website to offer the user advertising targeting their interests.
The user can prevent the saving of cookies by altering the software settings of their browser. The user may also prevent the recording of data produced by the cookies in relation to their use of the Website (including their IP address) on Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in available from: http://tools.google.com/dlpage/gaoptout?hl=en. By using the Website, the user agrees to the processing of their data by Google for the methods and purposes specified above.
Social media cookies
These third party cookies – if links are present on the website – are used to supplement some widespread functions of the main social media and offer them within the website. More specifically, they allow for registration and authentication on the website through Facebook and Google connect, the sharing and commenting of website pages on social networks, enabling the functions of “Like” on Facebook and “+1” on G+. Facebook and Instagram may install cookies for profiling purposes. These are used to offer users advertising that may potentially be of interest to them, as noted during browsing.
Below are the addresses of the respective cookies policy pages to manage consent.
Facebook – https://www.facebook.com/about/privacy/
Instagram – https://help.instagram.com/196883487377501
G+ – https://www.google.com/intl/en/policies/
Youtube – https://www.youtube.com/static?template=privacy_guidelines
Twitter – https://twitter.com/privacy
Linkedin – http://www.linkedin.com/legal/privacy-policy
Pinterest – https://about.pinterest.com/it/privacy-policy
Disabling (“opt-out”) cookies
Rules on the protection of personal data establish that the user can disable cookies already supplied (“opt-out”). Opt-out is envisaged for technical cookies (Art. 122 of the Code) and for cookies not classed as “technical cookies”, which were previously accepted (“opt in”) by the user.
By virtue of this distinction, the user may proceed to disable and/or erase cookies (“opt-out”) through the related settings of their browser and disable and/or erase individual non-technical cookies supplied by third parties, accessing, if the user is in the European Union, the website managed by the European Interactive Digital Advertising Alliance (EDAA) at www.youronlinechoices.eu and, if the user resides in the United States of America, http://www.aboutads.info//. These websites are not managed by the Controller, which therefore refuses all liability in relation to the respective contents.
How to enable or disable cookies in your browser
The user can block acceptance of cookies by their browser. However, this may prevent some functions of the web pages from being correctly performed.
Below are the methods offered by the main browsers to block acceptance of browsing cookies:
Internet Explorer: http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11
Categories of subjects who may become aware of users’ Personal Data
Employees or collaborators of the Controller may be made aware of the Personal Data, as may third parties who, operating under the direct authority of the latter, are appointed as data supervisors or processors in accordance with Arts. 29 and 30 of the Code and who will receive suitable operating instructions in this regard; this will take place – by the Supervisors appointed by the Controller – with regards to employees or collaborators of the Supervisors.
More specifically, categories of employees involved in the organisation of the Website (administrative, commercial, marketing and legal staff and system administrators) or external subjects (third party technical service suppliers, postal couriers, hosting providers, IT companies and communication agencies) may have access to the data.
Transfer of data abroad
The Website may share some of the data collected with services located outside the European Union. In particular with the Hosting Provider; Google, Facebook and Microsoft (LinkedIn) through the social plug-ins and the Google Analytics service. Transfer is authorised and strictly regulated by Article 45, paragraph 1, of EU Regulation 2016/679, for which no additional consent is needed. The above companies guarantee their adhesion to the Privacy Shield.
Data will never be transferred to third countries that do not comply with the conditions envisaged by Article 45 et seq. of the EU Regulation.
Security of data supplied
The Website processes users’ data lawfully and correctly, adopting security measures aimed at preventing any unauthorised access, disclosure, amendment or unauthorised destruction of the data. Processing is carried out by means of computer and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
The rights of users recognised by Art. 7 of the Code
“Article 7 – Right to access personal data and other rights”
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed of:
a) of the source of the personal data;
b) of the purposes and methods of processing;
c) of the logic applied to the processing, if this is carried out with the help of electronic means;*
d) of the identification data concerning the data controller, data processors and the representative designated as per subsection 2 of article 5;
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative in the State’s territory, data processors or persons in charge of the processing.
3. The data subject has the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymisation or blocking of any data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data was communication or disclosed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. The data subject has the right to object, wholly or partly:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
Method exercising the rights pursuant to Art. 7 and for finding out a list of Data Supervisors
The user may, at any time, exercise the rights pursuant to Art. 7 of the Code, sending an e-mail or letter by routine mail to the Data Controller concerned.
The user may also, if he or she has consented thereto, object to processing carried out by means of the user’s e-mail address by clicking on a specific link present in each e-mail message.