Pursuant to art. 13 of EU Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data (hereinafter, the “Privacy Regulation”), and in relation to personal data of which Santa Sofia srl, Via Ca ‘Dedé 61, San Pietro in Cariano (VR), Italy, VAT IT 00224320234, +390457701074 firstname.lastname@example.org (hereinafter, the “Company”), will come into possession through access to the website www.storiedivalpolicella.it (hereinafter, the “Site”), we wish to inform you on how the personal data of users are collected, processed and protected.
Owner of the user data processing
The owner of the processing of personal data is Santa Sofia s.r.l., Via Ca ‘Dedé 61, San Pietro in Cariano (VR), Italy, VAT number IT 00224320234, +390457701074 email@example.com
Source of personal data – Information collected automatically by the Site
Our Site uses log files, which allow you to acquire and store a series of information that is automatically collected during navigation. More specifically, the following information is collected:
– Internet Protocol (IP) address or domain name of the device used;
– type of browser and device parameters used to connect to the Site;
– the URI (Uniform Resource Identifier) addresses of the requested resources or the method used to submit the request to the server;
– name of the internet service provider (ISP);
– date and time of visit;
– the numerical code indicating the status of the response given by the server (successful, error, etc.);
– other parameters relating to the operating system and the IT environment of the device used by the user.
Cookies are information (small text strings) placed on your browser when a website is visited.
They perform various and important functions within the network (execution of computer authentication, session monitoring, storage of information on specific configurations regarding users who access the server, storage of preferences, etc.).
During navigation, the user may also receive cookies from different sites on his terminal (so-called “third party” cookies), set directly by the managers of said websites and used for the purposes and in the manner defined by them.
The Site uses technical cookies, for which, in accordance with the privacy regulations in force, no consent is required from the user. In particular, these are cookies that are used to browse or provide the requested service, and without which certain operations could not be performed.
Some profiling cookies are also installed on the Site, including from third parties, or sent from different sites or servers, including profiling ones, which are activated by clicking “Accept” on the banner that is displayed when the website is opened.
Profiling cookies, in particular, are aimed at creating profiles relating to the user and are used in order to send advertising messages in line with the preferences expressed by the user while browsing the Site.Per l’installazione di questa tipologia di cookies è richiesto il consenso dell’utente. Si precisa, in ogni caso, che la disattivazione dei cookies di profilazione potrebbe impedire l’utilizzo di alcune funzioni del Sito.
Below are the individual cookies, including those of third parties, present on the Site:
Social network buttons and widgets
The Social buttons are the “buttons” on the Site that depict the icons of social networks (for example, Facebook, Linkedin, Youtube and Twitter) and allow users who are browsing to interact directly with social platforms with a “click”.
The social buttons used by the site in the Footer (lower part of the website) on all pages are links that refer to the Owner’s accounts on the social networks depicted. By using these buttons, third-party cookies are therefore not installed on the site.
In any case, the links are shown where the user can view the privacy information relating to the management of data by the social networks to which the buttons refer.
https://help.instagram.com/477434105621119/?helpref=hc_fnav&bc Balcone0reste=Centro%20assistenza%20di%20Instagram&bc Balcone1reste=Centro%20per%20la%20privacy%20e%20la%20sicurezza
Disabling cookies Without prejudice to the foregoing with regard to cookies strictly necessary for navigation, the user can delete other cookies through the functionality made available for this purpose by the Data Controller through this information or directly through their browser.Ciascun browser presenta procedure diverse per la gestione delle impostazioni.
Click the 3 dots in the upper right corner and select ‘settings’. Scroll to the ‘Delete browsing data’ section, then click on ‘choose the items to delete’ Here you can adjust the settings of your cookies.
Click the 3 dots in the upper right corner and select ‘Settings’. At this point, select ‘Show advanced settings’ (“Under the hood'”) and change the ‘Privacy’ settings.
From the drop-down menu in the upper left corner, select ‘Options’. In the pop up window, select ‘Privacy’. Here you can adjust the settings of your cookies.
From the drop-down setting menu in the upper right corner, select ‘Preferences’. Select ‘PRIVACY’ and here you can adjust the settings of your cookies.
Third party sites
The third-party sites that can be accessed through this Site are not covered by this information. The Data Controller declines any responsibility regarding them. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information provided by them.
Purpose of the processing
The collection or processing of personal data is carried out to allow the user to access the Site and use the related services.
More precisely, the user’s data are processed for the following purposes:
- a) management of purchases made through the Site and execution of the related administrative and accounting obligations (processing of orders, payments, invoicing, etc.) as well as management of delivery and related activities (requests for information, communications regarding the status of the shipping, complaints, etc.);
- b) fulfillment of the obligations established by laws, regulations, community regulations and provisions issued by authorities:
- c) sending promotional and marketing communications, including direct, by sending material through automated tools and / or traditional methods of contact, for example through push notifications, e-mails (the “Newsletter”) and / or by sending sms, mms (the “Marketing Services”);
- d) analysis of preferences, habits, interests and consumption choices, including the type, frequency, location of purchases, in order to compile statistics and create specific user profiles (hereinafter, the “Profiling Activity”);
- e) creation of a personal account that contains the history of orders placed and that allows you to save the items in the cart in anticipation of a future and possible purchase, and that allows the user to change settings and preferences at any time, even in privacy area (hereinafter, “Account Creation”).
- g) Request after 7 days from the shipment of the product to review the products / products purchased, the review is not mandatory, the review will be published on the product page.
The processing of personal data will be carried out in a lawful and correct manner and in any case in compliance with the aforementioned legislation, using tools suitable for guaranteeing their security and confidentiality and may also be carried out through IT tools designed to store, manage and transmit the data. .
The processing of personal data takes place, under the authority of the Data Controller, by persons specifically appointed, authorized and instructed in the processing pursuant to art. 29 of the Privacy Regulation, using manual, IT or telematic tools, with logic strictly related to the purposes and in any case in order to guarantee the confidentiality and security of personal data. The processing of personal data may also take place, on behalf of the Data Controller, by specially designated Data Processors pursuant to art. 28 of the Privacy Regulation.
The Data Controller also observes the security measures referred to in Articles. 3 and 32 of the Privacy Regulation.
The storage of personal data will take place in a form that allows the identification of the user for a period of time not exceeding that necessary for the purposes for which they are collected and processed.
Nature of the provision and consequences of any refusal
With reference to the purposes referred to in paragraph 7, letters a), b) and e) above, the provision of personal data is mandatory and is a necessary requirement for the execution of the requested service, or purchase through the Site; in fact, failure to provide it determines the impossibility of receiving the service covered by the service itself.
The legal basis of the processing, in this case, is the execution of the sales service of the products on the Site.
Consent to the purposes indicated in paragraph 7, letters c) and d) above is optional, and failure to provide personal data for the aforementioned purposes will prevent the Data Controller from carrying out the Newsletter, Marketing, and Profiling Activity services.
The legal basis of the processing in relation to these latter purposes is the consent expressed in a clear and free manner pursuant to Article 6 of the Privacy Regulation.
At any time it will be possible to request the deletion of user data by means of a specific communication to be sent to the addresses referred to in point 1 of this information.
Duration of treatment
The personal data being processed will be kept for the time strictly necessary with regard to the contractual relationship, as well as, subsequently, for the fulfillment of all legal obligations related to or deriving from the service provided.
With regard to the processing purposes referred to in paragraph 7, letters c) and d), the processing is valid until the user unsubscribes, present in each email, or after 12 months from the last communication of which there is evidence of interaction direct (click, open, answer).
Recipients of personal data
Without prejudice to the communications made in fulfillment of a legal obligation, regulation or community legislation, the communication, even by simply consulting or making personal data available, may intervene towards the following subjects:
- a) bodies, supervisory bodies, authorities or public institutions;
- b) credit institutions for payment orders or other financial activities instrumental to the execution of the service;
- c) external structures and / or companies that the Owner uses, responsible for carrying out related, instrumental or consequent activities to the execution of the service;
- d) to external consultants, if not designated in writing as Data Processors;
The subjects referred to in points a) and b) operate as independent Data Controllers.
We reassure you that, in any case, the personal data necessary and pertinent to the purposes of the processing for which they are in charge are transferred exclusively, if not aggregated personal data and in anonymous form.
The list of these third parties will be constantly updated and accessible upon request to the Company.
By virtue of the existence of links with them by telematic, computer or correspondence means, personal data may be made available abroad, possibly even outside the countries belonging to the EU in consideration of the existence of the relative authorization, or based on standard contractual clauses.
Personal data will not be disclosed in any case.
Articles 15 and ss. of the Privacy Regulation give the user the right to obtain:
– confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form;
– the indication of the origin of personal data, of the purposes and methods of treatment, of the logic applied in case of treatment carried out with the aid of electronic tools, of the identification details of the owner;
– updating, rectification, integration, cancellation, transformation into anonymous form or blocking of data processed in violation of the law – including those that do not need to be kept for the purposes for which the data are collected or subsequently processed – the attestation that these operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a manifestly disproportionate use of means with respect to the protected right.
The user also has the right:
– to revoke the consent given to the processing of personal data at any time, where provided (without prejudice to the lawfulness of the processing based on the consent given before the revocation);
– to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
– to object, in whole or in part, to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
– to propose a complaint to the Guarantor for the protection of personal data in the cases provided for by the Privacy Regulation
– to the portability of personal data within the limits of art. 20 of the Privacy Regulation.