Information for the processing of data pursuant to articles 13 and 14 GDPR (EU Reg. 679/2016)
1. GENERAL PROVISIONS
1.1. This privacy statement, provided pursuant to articles 13 and 14 GDPR, describes the management methods of the website “www.ciessepiumini.com and www.ciessepiuminiproject.com” with specific reference to the processing of personal data of visitors and customers who consult it (the “Users” or in the singular “the user”).
1.2. The information is provided only for the use of the website “www.ciessepiumini.com and www.ciessepiuminiproject.com” and not for other websites that may be consulted by the User via links.
1.3. By visiting the website “www.ciessepiumini.com and www.ciessepiuminiproject.com” (the “Internet site”) you accept all the terms and conditions set out below. If the User does not accept these terms, he is requested not to access or use the contents and services offered through our website.
2. DATA PROCESSING OWNER
The data controller and manager of the website is the Company
Sport Fashion Service Srl
Via Matteo Bandello 8 – 20123 Milan (MI)
VAT id e Tax id: IT09238561006
3. TYPE OF DATA PROCESSED
3.1. Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes in particular:
the IP addresses or domain names of the computers used by users who connect to the site;
the addresses in URI (Uniform Resource Identifier) notation of the requested resources;
the time of the request;
the method used in submitting the request to the server;
the size of the file obtained in response;
the numerical code indicating the status of the response given by the server (successful, error, etc.);
any parameter relating to the User’s operating system and IT environment.
3.2. Data communicated voluntarily by the User
While browsing the Website, the User may also voluntarily communicate some personal data (collectively the “Personal Data”) in order to be able to access the services offered such as: the Newsletter service; the ability to register on the site by creating a personal account; the online purchase of products sold by the Data Controller. By way of non-exhaustive example, such data includes:
– name, surname, e-mail address; mailing address; User’s telephone number;
– data necessary to access the account such as Username, E-mail address, Password in a recoverable format.
3.3. Data shared on social networks
The Owner of the Internet Site may acquire the personal data present on the User’s Facebook profile, if such data have been made accessible by the latter to third parties. These data are, by way of example and not limited to: name; surname; email address; profile photo; friends list. These data are acquired by the site owner every time the User interacts with the Facebook profile of the Data Controller (for example, every time the User writes on the social network profile or downloads content on the managed social network profile by the Data Controller). In order to verify the possibility of exercising the opt-out on the sharing of data on your Facebook profile, it is advisable to visit the social network site in the section dedicated to privacy settings.
3.4. Data collected through cookies
4.PURPOSE OF THE PROCESSING OF PERSONAL DATA
4.1. The processing of the User’s Navigation Data acquired by the Owner will be carried out exclusively for the purposes listed below.
4.1.1. Proper functioning and management of the Website
The Navigation Data will be automatically acquired by the computer system as they are necessary for the Owner of the Website in order to allow the User to navigate and use the Website itself. The personal data acquired in this way could also be used by the Data Controller to ascertain responsibility in the event of hypothetical computer crimes against the Data Controller.
4.1.2. Marketing purposes
The Navigation Data, subject to the acquisition of the User’s consent, are also used for carrying out marketing activities in order to send advertising messages.
4.2. The processing of the User’s Personal Data acquired by the Data Controller following the User’s creation of a personal account following the registration procedure and by subscribing to the Website’s mailing list will be implemented for the purposes listed below .
4.2.1. Newsletter services and creation of an account on the Website.
The Personal Data will be used to allow the User to use the free update service through the newsletter as well as to allow the Data Controller to manage any problems connected to the same (such as password recovery activities and/or problems in receiving e-mails).
4.2.2. Execution of contractual or pre-contractual measures
The User’s Personal Data is used by the Owner to follow up on the stipulation and execution of distance contracts for the purchase of goods or services marketed by the Owner or to follow up on any pre-contractual measures requested by the User. By way of example, but not limited to, the processing in this area has the purpose of allowing the conclusion of contracts, making payments, checking the status of orders; to fulfill orders; to provide feedback on questions and complaints about the products, or more generally to implement any fulfillment required by remote contact or by law.
4.2.3. Marketing purposes
The Data Controller, after obtaining consent, will process the User’s Personal Data for the purpose of carrying out advertising and information activities and promoting new products and/or services marketed by the Data Controller. The Owner may use, for the purpose of direct sale of its products or services, the e-mail coordinates provided by the User in the context of the sale of a product or service, without the need for further consent from the User, provided that these are services similar to those being sold. In any case, the user has the right to refuse such use initially or on the occasion of subsequent communications. The User may revoke consent to the processing of data for marketing purposes and/or oppose such processing at any time by sending an email to firstname.lastname@example.org
4.2.4. Purposes of defense in court
The User’s Personal Data could be processed by the Data Controller to defend himself in the event of the establishment of a possible judgment and/or in the preparatory phases for it.
5. FURTHER DETAILS RELATING TO THE SERVICES USED BY THE HOLDER IN RELATION TO THE PURPOSES OF DATA COLLECTION
More information is provided below regarding the services that the Data Controller provides to the User in relation to the purposes for which the Personal Data and Navigation Data are processed
5.1. Facebook permissions requested by the Website
The Website may ask for some Facebook permissions which allow it to perform actions with the User’s Facebook account and to collect information, including Personal Data, from it. The Personal Data collected by the Website are only those that the same User has made manifestly public through their privacy settings on Facebook (such as, for example, ID, name, profile picture, and, in some cases, the “Friends” of Facebook). These are services that allow access to the User’s primary email address and to the “About me” section of the Facebook profile.
5.2. Access to accounts on third-party services (Login to Facebook account)
The Website uses some services that allow it to acquire Personal Data from Users’ accounts on third-party services and perform actions with them. These services are not activated automatically, but require the express authorization of the User. The “Login to Facebook account” service allows the Website to connect with the User’s account on the Facebook social network. To use this service, the Owner has requested the following permissions from Facebook: E-mail and “About me”.
5.3. Newsletter activity
By registering with the mailing list or newsletter, the User’s email address will be automatically added to a list of contacts to which email messages containing information, including commercial and promotional information, relating to the Website may be sent. The User’s email address could also be added to this list as a result of registering on this Website or after making a purchase.
5.4. Payment management activities
The Website uses payment management services that allow it to process payments by credit card, bank transfer or other instruments. The data used for payment are acquired directly by the manager of the requested payment service without being processed in any way by the Website. Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or payment notifications. Below is a list of the services used for this purpose, referring for each of them to the respective privacy policies.
5.5. Email address management
The services listed below allow the Website to manage a database of email contacts, telephone contacts or other contact details used to communicate with the User and spontaneously provided by the latter. These services could also allow the collection of data relating to the date and time of viewing of messages by the User; the User’s interactions with these same services; information on clicks on links inserted in messages.
Mailchimp is an address management and email message sending service provided by Mailchimp Inc..
5.6. Registration and authentication
By registering or authenticating, the User allows the Website to identify him and to allow him access to dedicated services. The services indicated could be provided with the help of third parties, as indicated below. If this occurs, the Website will be able to access some Data stored by the third party service used for registration or identification. – Facebook Authentication (Facebook, Inc.)
Google OAuth (Google Inc.)
5.7. Telephone communications
Users who have provided, at the time of purchasing a service, their telephone number may be contacted by telephone by a business partner of the Owner for support purposes related to this site, as well as to satisfy any requests for support expressed by Users.
If the User does not wish to be contacted, he is asked not to provide his telephone contact. In this case, however, the Data Controller may not be able to provide all or part of the requested Service.
Without prejudice to the User’s right to object at any time to marketing activities carried out by telephone.
6. LEGAL BASIS OF THE TREATMENT
6.1. Navigation Data and Personal Data are legitimately processed by the Data Controller in compliance with the provisions of the GDPR and any other applicable legal provision according to the legal bases provided for by art. 6 of the GDPR as detailed below.
6.1.1. Navigation data
6.1.2. Personal Data processed for marketing purposes
The User’s Personal Data and the Navigation Data used for marketing purposes are processed on the basis of the latter’s consent pursuant to art. 6, paragraph 1, letter a) of the GDPR and this until the User has exercised the rights of revocation or opposition to the treatment. The User’s Personal Data provided when purchasing a service from the Owner may be used for marketing purposes relating to products or services similar to those acquired by the same on the basis of the legitimate interest of the Owner pursuant to art. 6, paragraph 1, letter f) of the GDPR, until the User has revoked the initial consent and/or has not exercised the right to object to the processing for marketing purposes.
6.1.3. Personal Data acquired for subscription to the newsletter service
The User’s Personal Data provided when registering for the Website’s newsletter service are processed on the basis of the latter’s consent pursuant to art. 6, paragraph 1, letter a) of the GDPR and this until the User has exercised the rights of revocation or opposition to the treatment. Such Personal Data will also be used by the Website on the basis of a legitimate interest of the Data Controller for the service requested by the User pursuant to art. 6, paragraph 1, letter f) of the GDPR.
6.1.4. Personal Data acquired to implement contractual or pre-contractual measures
The personal data acquired by the Data Controller to execute the contract of which the User is a party or to implement pre-contractual measures adopted at the request of the same User and used to manage online purchases are processed pursuant to art. 6, paragraph 1, letter b) of the GDPR as well as on the basis of the legitimate interest of the Data Controller, pursuant to Art. 6, paragraph 1, lett. f) of the GDPR given by the possible need to protect a right in court.
7. PROCESSING METHODS
The Personal Data collected through the Website are processed with automated tools.
8. TRANSFER OF DATA TO NON-EU COUNTRIES
Personal Data will not be transferred outside the territory of the European Union.
9. DATA RETENTION PERIOD
9.1. The Navigation Data will be deleted immediately and/or kept for a maximum period of seven days from their acquisition.
9.2. The Personal Data collected for the execution of contracts in which the User is a party are kept until the expiry of the terms in which by law proof of the commercial transaction entered into with the User must be kept, for accounting, administrative or tax purposes and in any case within the expiry of the limitation periods within which any actions deriving from contractual or non-contractual liability can be carried out, with respect to which it is necessary to be able to demonstrate the exact execution of the contract and the related legal obligations by the Owner.
9.3. Personal Data collected for the purpose of sending newsletters will be kept for the duration of the service.
9.4. Personal Data collected exclusively for marketing purposes will be kept for a period of 24 months from the time of their acquisition.
9.5. The Personal Data acquired in the context of the conclusion of a distance contract with the User will be used for marketing purposes for a maximum period of 24 months after the termination of the possibility of using the purchased service.
This Internet Website and the links to other Internet sites present on it have been examined by the Data Controller and do not contain dangerous contents. In any case, the Data Controller is solely responsible for the content of its sites and cannot be held liable for the content of the third-party sites with which there is an authorized link.
The Data Controller will process the Navigation Data and the Personal Data acquired by preparing the security measures necessary to prevent access, disclosure, modification or destruction of the same that have not been authorized.
11. OBLIGATION TO COMMUNICATE PERSONAL DATA
11.1. Navigation data is automatically acquired from the website. The provision by the User of the Personal Data that is requested on the various collection occasions is always optional. However, failure to provide Personal Data will make it impossible for the Owner to provide the newsletter service or to conclude and execute contracts with the User.
11.2. Some data may be required as mandatory at the time of purchase, as specifically marked with an asterisk, as necessary for the Data Controller to be able to provide the services purchased by the User on their Website.
12. COMMUNICATION OF PERSONAL DATA TO THIRD PARTIES
12.1. The Data Controller communicates the users’ personal data to third parties only when this is necessary and functional to the achievement of the data processing purpose pursued according to the service requested by the User.
12.2. In general, the data collected through the individual services and for the purposes indicated in this information are communicated exclusively to: (i) subjects to whom the right to access the same is granted by provisions of the law or by regulations (public security authorities and of police); (ii) data processing and IT services companies (e.g. web hosting, data entry, communication agencies; management and maintenance of IT infrastructures and services); (iii) shipping company; (iv) administrative services; (v) system administrators; (vi) lawyers, (vii) accountants, (viii) commercial partners (e.g. advertising agencies). Some of these subjects will be appointed, where deemed necessary, “Data Processors” pursuant to art. 28 of the GDPR.
Where the User requests it, the Data Controller will provide the periodically updated list of data processors.
12.3. The personal data provided by the User may be known and processed by the assigned personnel (for example the administrative staff) of the Data Controller specifically in charge of the processing to the extent that this is necessary for the performance of their duties, carrying out only the operations necessary for the execution of the same.
13. RIGHTS OF THE INTERESTED PARTY
In compliance with the provisions of Chapter III, Section I, GDPR, the User can exercise the rights indicated therein and in particular:
Right to withdraw Consent – Withdraw consent at any time to the Processing of Personal Data (Art. 7 GDPR),
Right of access – Obtain confirmation as to whether or not your Personal Data is being processed and, if so, receive information relating, in particular, to: purpose of the processing, categories of personal data processed and retention period, recipients to which these can be communicated (article 15, GDPR),
Right of rectification – Obtain, without unjustified delay, the rectification of inaccurate Personal Data concerning you and the integration of incomplete personal data (article 16, GDPR),
Right to cancellation – Obtain, without unjustified delay, the cancellation of Personal Data concerning you, in the cases provided for by the GDPR (article 17, GDPR),
Right of limitation – Obtain from our Company the limitation of the treatment, in the cases provided for by the GDPR (article 18, GDPR),
Right to portability – Receive the Personal Data concerning you provided to our Company in a structured format, commonly used and readable by an automatic device, as well as obtain that the same are transmitted to another holder without impediments, in the cases provided for by the GDPR ( article 20, GDPR),
Right to lodge a complaint with the supervisory authority – Propose a complaint to the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).
The User may exercise these rights by simply sending a request via e-mail to the PEC address email@example.com of the Società Sport Fashion Service S.r.l. as data controller as indicated above.
14. RIGHT TO OBJECT
The User has the right to oppose the processing of personal data concerning him, unless there are legitimate reasons for the Data Controller to continue the processing (article 21, GDPR).
In particular, the User has the right to object to the processing of personal data carried out for direct marketing purposes, according to the methods prescribed in the previous point.
15. PLACE OF DATA PROCESSING
The processing of personal data connected to the web services of this site takes place at the operating offices of the Data Controller and is handled by its technical personnel in charge of processing. If necessary, the data may be processed by the company personnel who take care of the maintenance of the technological part of the Internet site at the company headquarters.
16. AUTOMATED PROCESSES AND PROFILING
Ultima modifica: 08/10/2020