Information pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council
Del Mare 1911 wishes to inform you that, pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data (hereinafter “European regulation”), needs to process some personal data collected automatically or provided by browsing or using the website https://www.delmare1911.com/ (below “Website”).
This Privacy Notice, therefore, refers exclusively to the Website and does not also apply to other sites, pages or services online reachable via link hypertextuals possibly published within it.
1. HOLDER OF THE TREATMENT
The Data Controller is Del Mare 1911 SPA in the person of its legal representative, domiciled at the registered office in Via Mecenate 75, Milan,(below “ Del Mare 1911 SPA ” or “Holder of the treatment”).
2. DATA PROTECTION OFFICER
Del Mare 1911 SPA considering the protection of personal data of primary importance, it has appointed a Data Protection Officer (DPO) that you can contact by writing to the email address email@example.com for any issue concerning the protection of personal data.
3. DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
To allow the use of the Website and its services, the Data Controller needs to know and process some of your personal data that will be collected by completing and submitting the forms on the Website. In particular, when browsing or purchasing on the Website, Del Mare 1911 processes the following personal data (hereinafter, collectively, “Services”):
- to purchase the products on the Website: email, name, surname, address, telephone number, billing address;
- to receive our newsletter or commercial communications: the email address; name, surname, day and month of birth, gender;
- to receive personalized commercial communications: the email address; name, surname, day and month of birth, sex as well as the number, type, value and frequency of product purchases made through the Website, over a 12-month period;
- to use the Call Center assistance services: personal data that will be communicated to provide the requested assistance;
- to register in the personal area “my account”: name, surname, email, password, day and month of birth.
For the simple navigation of the Website, however, the types of data processed and the relative specific information for "cookies" are specified below.
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers used by users who connect to the Website, addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and others parameters relating to the operating system and the user's IT environment.
These data, necessary for the use of the Website, are processed for the sole purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.) and to check the correct functioning of the services offered.
The navigation data do not persist for more than seven days and are deleted immediately after their aggregation, without prejudice to the possible need for the investigation of crimes by the judicial authorities.
The Website uses the following types of cookies.
- Technical cookies
Technical cookies (session or persistent) are used, or small text files containing a certain amount of information exchanged between the Website and the terminal (or better with the browser used), that allow the proper functioning and use of the same or a better experience within the Website. For example, they help us to indicate the Store closest to your location, to know and remember your preferences with respect to the language of the Website. So when a country and language is selected on the splash page or via ip geo location, we save this value within the cookies for subsequent sessions. Cookies are also used to show / hide the newsletter subscription banner.
- Analytical cookies
- Profiling cookies
No cookies are currently used for user profiling, nor are other tracking methods used.
- Third part cookies
AThird parts can also install cookies on your device. We do not control the use of third-part cookies and, therefore, we are not responsible for their use. Third parts have their own privacy policies and data collection methods. Below is the list of third-part cookies used:
Facebook - https://it-it.facebook.com/policies/cookies/
To withdraw consent to these cookies, you can refer to the following sites: http://www.youronlinechoices.com/uk/your-ad-choices or http://www.allaboutcookies.org/manage-cookies/index.html
However, the delivery of all cookies can be deactivated by changing your browser settings. It should be noted, however, how intervening on these settings could make the Website unusable if the cookies essential for the provision of our services are blocked. However, each browser has different settings for disabling cookies. Links to instructions for the most common browsers are here Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
For more information on cookies on this site, click here.
Any phone calls or email communications with the CUSTOMER SERVICE indicated on the Website may involve the processing of the personal data of the caller, in order to provide the services requested by the same, such as, by way of example, the personal data useful for the management of requests for returns or after-sales assistance.
Del Mare 1911, through its data processors, it can also make use of third party call centers that operate, always in full compliance with the privacy legislation, with a specific service contract on behalf of the Data Controller, as data processors pursuant to Article 28 of European regulation.
4. PURPOSE OF THE PROCESSING AND LEGAL BASIS
The personal data that the Data Controller is in possession of are exclusively those provided when browsing the Website and during the use of its Services.
Personal data are processed for the following purposes:
A) Conclude and execute the purchase contract for the goods offered through the Website. The provision of your personal data for this purpose is mandatory, as, in the event of failure to provide it, Del Mare 1911 would not be able to process your order and therefore you would not be able to purchase any of our products. The legal basis on which the processing is based is the need to execute a contract to which you are a party and the need to fulfill legal obligations.
B) Allow registration in the personal area “my account” within the Website and the use of the services reserved for registered users. The provision of your personal data for this purpose is optional. However, in the absence of this provision, it will not be possible to enjoy the convenience and all the services offered to you through the personal area. The legal basis on which the processing is based is the need to execute a contract to which you are a party.
C) Manage requests forwarded to the Call Center. The provision of your personal data for this purpose is optional. However, in the absence of this provision, it will not be possible for Del Mare 1911 to process the requests it decides to put to our Call Center. The legal basis on which the processing is based is the need to execute a contract to which you are a part.
D) Send commercial and promotional communications containing commercial proposals for products and services similar to what you have already purchased (“soft spam”) using the email address provided at the time of the previous purchase. The provision of your personal data for this purpose is optional and you can object at any time. The legal basis on which the processing is based is the legitimate interest of the Data Controller to develop relationships with its customers and increase the volume of sales of products in which you have already expressed an interest.
E) Subject to your express consent, use your email address to send commercial communications about our products and services, updating you on news, new arrivals, exclusive products, our offers and promotions. The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible for Del Mare 1911 SPA to keep it constantly updated on offers and promotions reserved for our customers. The legal basis on which the processing is based is your explicit consent to the processing of personal data.
F) Subject to your express consent, use your email address to propose advances and commercial offers in line with your tastes and purchasing preferences. This personalization will be carried out by analyzing previous purchases and other information described in the previous paragraph "Definition and type of personal data processed". The provision of your personal data for this purpose is optional. However, in the absence of such consent, it will not be possible for Del Mare 1911 SPA to send you offers in line with your tastes and preferences. The legal basis on which the processing is based is your explicit consent to the processing of personal data. Personal data may be processed both through IT tools and on paper.
5. PERIOD OF STORAGE OF PERSONAL DATA
The Data Controller intends to keep personal data for a period of time not exceeding that necessary to achieve the purposes for which they were collected and processed. With this in mind, in compliance with the regulatory provisions in force, including the accounting one, Del Mare 1911 SPA will keep your personal data acquired through the sale of its products for a period not exceeding 10 years. Subsequently, we will provide for their cancellation, or their transformation into anonymous form in a permanent and non-reversible way. Regarding the processing of your personal data for direct marketing purposes, if it has been explicitly authorized by you, in compliance with regulatory requests and with the General Provision of the Guarantor for the protection of personal data adopted on 24 February 2015, Del Mare 1911 SPA has established to provide for the cancellation of your personal data processed for direct marketing purposes within 24 months of their registration. Personal data processed for profiling purposes, on the other hand, will be deleted after 12 months from registration. The data collected by you for personnel selection activities will be kept for a period not exceeding 24 months.With regard to other personal data, not being able to accurately determine the retention period of your personal data, the Data Controller undertakes from now on to inspire the processing of your personal data to the principles of adequacy, relevance and data minimization, so as required by the European Regulation, annually verifying the need for their conservation. Therefore, once the purposes for which they were collected and processed have been achieved, we will remove them from our systems and registers and / or we will take appropriate measures to make them anonymous, so as to prevent you from being identified. This, except in the case in which we need to keep such data to comply with regulatory obligations, or to ascertain, exercise or defend our right in court..
6. CATEGORIES OF DATA ADDRESSEES
The personal data processed will not be disclosed to third parties. However, they may become aware of your personal data in relation to the processing purposes set out above:
-the subjects who can access the data by virtue of the law provided for by the law of the European Union or that of the Member State to which the Data Controller is subject;
- subjects who perform, within the borders of the European Union, in total autonomy, as separate Data Controllers, or as Data Processors appointed for this purpose by Del Mare 1911 SPA, purposes auxiliary to the activities and services of referred to in paragraph 4., i.e. banking operators, internet providers, couriers and shippers, companies that carry out marketing activities, companies that offer IT infrastructures and IT assistance and consultancy services as well as design and implementation of software and Internet sites, law firms, companies that offer useful services to customize and optimize our services, companies that offer data analysis and development services (including those relating to user interactions with our services), service centers, companies or consultants in charge of providing additional services to the Data Controller of the processing, within the limits of the purposes for which they were collected;
- the company issuing the credit card used by you, the anti-fraud control service providers connected to the payment process and (where necessary) for the activation of the anti-fraud control procedure.
Furthermore, you may also our employees become aware of your personal data, provided that they are previously designated as a subject acting under the authority of the Data Controller pursuant to art. 29 of the European Regulation or as System Administrator.
In addition, our employees may also become aware of your personal data, provided that they are previously designated as a subject acting under the authority of the Data Controller pursuant to art. 29 of the European Regulation or as System Administrator pursuant to the provision of the Guarantor for the protection of personal data adopted on 27 November 2008.
Any communication of your personal data will take place in full compliance with the legal provisions of the European Regulation and the technical and organizational measures prepared by the Data Controller to ensure an adequate level of security.
7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The entire processing of personal data takes place in Switzerland and in countries within the borders of the European Union.
For the provision of its Services, the Data Controller may transfer personal data to third countries. In that case, we are committed to:
- make sure that the country to which your personal data will be sent guarantees an adequate level of protection, as required by Article 45 of the European Regulation; or
- use the standard contractual clauses for the protection of personal data approved by the European Commission for the transfer of personal information outside the EEA (these are the clauses approved under Article 46.2 of the European Regulation); or
- make sure, if we were to transfer your personal data to the United States, that the third party is registered with the Privacy Shield.
For more information on the rules for data transfers to third countries, click qui.
8. ANY AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not use automated decision-making processes, including the profiling referred to in Article 22, paragraphs 1 and 4, of the European Regulation, without your consent. If you consent to profiling, the data you provide may be used to analyze or predict preferences and behaviors, as well as to detect your GPS location, in order to be able to customize the content of commercial communications and offer only products and offers dedicated to you and in in line with his tastes and preferences. In particular, they could be detected and analyzed:
- the number and type of requests for information on products on the Website over the last 12 months;
- the number and type of expenses incurred for products on the Website over a 12-month period;
- the number and type of visits to the Website over a predetermined time horizon, including through profiling cookies;
9. RIGHTS OF THE INTERESTED PART
In relation to the processing of your personal data, pursuant to the European Regulation, the interested party has the right to:
- withdraw consent to processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal, as required by art. 7, paragraph 3, of the European Regulation;
- ask the Data Controller for access to personal data, as required by art. 15 of the European Regulation;
- obtain from the Data Controller the correction and integration of personal data deemed inaccurate, even by providing a simple supplementary declaration, as required by art. 16 of the European Regulation;
- obtain from the Data Controller the deletion of personal data if there is even only one of the reasons provided for by art. 17 of the European Regulation;
- obtain from the Data Controller the limitation of the processing of personal data if one of the hypotheses provided for by art. 18 of the European Regulation;
- receive from the Data Controller the personal data concerning you in a structured format, commonly used and readable by an automatic device,
- request the Data Controller to transmit personal data to another data controller without hindrance, as required by art. 20 of the European Regulation;
- object at any time, for reasons related to your particular situation, to the processing of personal data carried out pursuant to art. 6, paragraph 1, letters e) o f), including profiling on the basis of these provisions, as required by art. 21 of the European Regulation;
- not be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning him, if he has not previously and explicitly consented, as required by art. 22 of the European Regulation; moreover, in relation to the automated processing, the interested party has the right to obtain human intervention by Del Mare 1911, to express his opinion or to contest the decision, as provided for by art. 22, paragraph 3 of the European Regulation.
- propose a complaint to a supervisory authority (Article 77) or take the appropriate judicial offices (Article 79), if you believe that the processing that concerns you violates the European Regulation. The complaint can be lodged in the Member State in which you usually reside, work or in the place where the alleged violation has occurred.
To exercise each of your rights, you can contact the Data Controller, in the person of the legal representative, by sending a communication to the address 20138 – Milano, via Mecenate 75, o all’email firstname.lastname@example.org providing the following personal data:
-Name, surname and postal address;
-Photocopy of a valid identity document
10. CONSENT OF MINORS IN RELATION TO THE SERVICES OF THE INFORMATION SOCIETY
It is explicitly forbidden for minors under the age of sixteen (16) to use the services provided through the Website. By registering or purchasing on the Website, you confirm that you have reached the age of majority in your country of residence.
11. DATA BREACH POLICY
In the event that a personal data breach occurs, Del Mare 1911 SPA has set up a crisis team and provided specific intervention procedures, in order to quickly resolve the problem and give the user an appropriate communication so as to allow him to adopt suitable precautions, aimed at minimizing the potential damage deriving from the violation itself.
In the communication of the violation, the user will be specified:
- the name and contact details of the Data Protection Officer or other contact point from which to obtain more information;
- the possible consequences of the breach of personal data;
- the measures adopted or proposed to be adopted by the Legal Representative to remedy the violation of personal data and also, if necessary, to mitigate its possible negative effects.
Del Mare 1911 SPA will proceed to a public communication, or similar measure, and will not be obliged to inform the user if adequate technical and organizational measures are put in place to protect the data subject to the violation, when measures are subsequently adopted to avoid new high risks for the user rights, when communication would require disproportionate efforts. In any case, it will evaluate the opportunity, even if not strictly mandatory, to keep the user updated.
Del Mare 1911 SPA will also proceed to communicate, within 72 hours and where necessary, the violation to the Privacy Guarantor.
For this reason, if an external data processor or sub-responsible becomes aware of the violation, they are required to report the violation, the first within 24 hours, the second within 12 hours from the discovery of the fact.
Any violations of personal data can be communicated by writing to email@example.com