Privacy Policy (English Version)
Privacy Policy on the Processing of Personal Data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). In force as of 2 April 2022
PREMISE
This Privacy Policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the “GDPR”) and with the Italian Privacy Code (Legislative Decree No. 196 of 30 June 2003). The document has also been drafted in accordance with the Guidelines of the Italian Data Protection Authority (in particular, the Guidelines against spam issued by the Authority on 4 July 2013).
Data Controller: Dolcezze di Riviera S.r.l.
Website covered by this Privacy Policy: www.lavoratti.com (hereinafter, the “Website”).
The Data Controller has not appointed a DPO. Therefore, you may send any request for information directly to the Data Controller.
GENERAL INFORMATION
This document describes how the Data Controller processes the personal data you provide on the Website.
Below are the main types of processing of your personal data. In particular, the legal basis for processing is explained, whether the provision of data is mandatory, and the consequences of failing to provide personal data. To best describe your rights, we have also specified, where necessary, if and when a specific processing of personal data is not carried out.
Registration on the Website
Your personal data will be processed to allow you to make purchases on the Website. In the case of an online purchase order, your data will be processed to enable the conclusion of the purchase contract and the proper execution of all related operations (and, if required by law, to fulfil fiscal obligations). The legal basis of processing is the obligation of the Data Controller to perform the contract with the data subject or to comply with legal obligations. In addition, regardless of your consent, the Data Controller may process your data for so-called “soft spam” purposes, as provided for by Article 130 of the Italian Privacy Code. This means that, limited to the email address you provide during a purchase on the Website, the Data Controller may use it to offer you similar products/services, provided you do not object to such processing in the ways indicated in this Privacy Policy. The legal basis of processing is the legitimate interest of the Data Controller in sending this type of communication, which can be considered equivalent to the interest of the data subject in receiving “soft spam” communications. The Data Controller may also send you emails reminding you to complete a purchase. The legal basis of this processing is the legitimate interest of the Data Controller in sending this type of communication.Purchases on the Website
Responding to Your Requests
Your data will be processed to respond to your requests for information. The provision of data is optional, but refusal will make it impossible for the Data Controller to answer your queries. The legal basis of processing is the legitimate interest of the Data Controller in responding to user requests, which is equivalent to the user’s interest in receiving replies.
General Marketing
Subject to your consent, the Data Controller may process the personal data you provide in order to send you advertising material and/or newsletters regarding its own products or those of third parties. The legal basis of this processing is your consent. The provision of personal data for this purpose is optional. Failure to consent will prevent you from receiving advertising material relating to the Data Controller’s and/or third-party products/services, as well as from participating in market surveys (including customer satisfaction surveys) or receiving newsletters. These communications will be sent to the email address you provide on the Website.
Profiling
Subject to your consent, the Data Controller may process your personal data for profiling purposes, i.e. to analyse your consumer choices by detecting the type and frequency of purchases you make, in order to send you advertising material and/or newsletters relating to its own or third-party products of specific interest to you. The legal basis of this processing is your consent. The provision of data for this purpose is optional. Failure to consent will prevent the Data Controller from creating your commercial profile, monitoring your purchasing choices and habits, and sending you advertising materials specifically tailored to your interests. Such communications will be sent to the email address you provide on the Website.
Data Transfer
The Data Controller does not sell your personal data to third parties.
Geolocation
The Website does not implement tools for IP address geolocation.
Disclosure of Personal Data
In the course of its ordinary activities, the Data Controller may disclose your personal data to certain categories of recipients. Article 2 below lists the entities to whom the Data Controller may disclose your personal data. For greater clarity regarding your rights, Article 2 may also specify in some cases when your data is not disclosed to third parties.
“Disclosure” of personal data to third parties is different from “transfer” (described above). In disclosure, the third party may only use the data for the specific purposes described in its relationship with the Data Controller. In a transfer, the third party becomes an independent Data Controller. Moreover, the transfer of your personal data to third parties always requires your consent.
Notwithstanding the above, it is understood that the Data Controller may still use your personal data to properly fulfil its legal obligations.
SPECIFIC PRIVACY POLICY
Art. 1 – Methods of Processing
1.1 The processing of your personal data will mainly be carried out using electronic or otherwise automated means, with methods and tools suitable to ensure its security and confidentiality in compliance with the GDPR.
1.2 The information collected and the methods of processing will be relevant and not excessive in relation to the type of services provided. Your data will also be managed and protected in secure IT environments, appropriate to the circumstances.
1.3 The Website does not process “special categories of data”. These are data that may reveal racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership of political parties, trade unions, associations or organizations of a religious, philosophical, political, or trade union nature, as well as data concerning health or sexual life.
1.4 The Website does not process judicial data.
Art. 2 – Disclosure of Personal Data
The Data Controller may disclose your personal data to specific categories of recipients, including:
Public Authorities entitled to access personal data by virtue of statutory or administrative measures.
Public and/or private entities, individuals and/or legal entities (legal, administrative and tax consultants, Judicial Offices, Chambers of Commerce, Labour Offices, etc.) whenever disclosure is necessary or useful for proper compliance with legal obligations.
Employees and/or collaborators of the Data Controller in any capacity.
Companies, consultants, or professionals responsible for the installation, maintenance, updating, and general management of the Data Controller’s hardware and software or those used to provide its services. External companies engaged in sending communications (CRM platforms). In particular, your personal data (especially your email address) may be disclosed to these companies. Companies engaged to provide customer care services. The Data Controller reserves the right to modify the above list according to its ordinary operations. You are therefore invited to consult this Privacy Policy regularly to check the recipients of your personal data.
Art. 3 – Retention of Personal Data
3.1 This article describes how long the Data Controller may retain your personal data. Personal data will be kept only as long as necessary to ensure the proper provision of the services offered via the Website. For marketing purposes, personal data will be retained until consent is withdrawn. For inactive users, personal data will be deleted one year after the last email viewed. For contract performance purposes, data will be retained for 10 years from the date the purchase order is received, to allow the Data Controller to exercise its right of defence and prove proper contract execution. For customer care purposes, data will be deleted once the assistance service is completed. In accordance with Article 2220 of the Italian Civil Code, invoices and all accounting records are kept for at least 10 years from the date of registration, to be available in case of inspection.
3.2 Without prejudice to Article 3.1 above, the Data Controller may retain your personal data for the period required by specific regulations, as amended from time to time.
Art. 4 – Transfer of Personal Data
4.1 The Data Controller is based within the European Union. Therefore, the processing of your data is legally secure as governed by the GDPR. If the transfer of your personal data takes place to a non-EU country for which the European Commission has issued an adequacy decision, such transfer is considered secure from a legal standpoint. This Article 4.1 specifies, where applicable, the countries to which your personal data may be transferred and for which an adequacy decision has been issued. Users are invited to consult this Article regularly to verify whether such transfers are occurring.
4.2 Notwithstanding the provisions of Article 4.1, your data may also be transferred to non-EU countries for which the European Commission has not issued an adequacy decision. You are therefore invited to regularly review this Article 4.2 to verify whether your data is transferred to such countries.
4.3 In this Article, the Data Controller specifies the countries in which it specifically directs its activities. This may imply the application of the relevant national law in addition to the GDPR. Upon request, the Data Controller will apply to the processing of personal data the most favourable legislation applicable under the user’s national law.
Art. 5 – Rights of the Data Subject
Pursuant to Article 13 of the GDPR, the Data Controller informs you that you have the right to:
- request from the Data Controller access to your personal data, as well as rectification, erasure, or restriction of processing, or object to processing, and the right to data portability;
- withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawal;
- lodge a complaint with a supervisory authority (e.g. the Italian Data Protection Authority).
These rights may be exercised by submitting a request to the contacts indicated in the Premise.
Art. 6 – Amendments and Miscellaneous
The Data Controller reserves the right to amend this Privacy Policy at any time, notifying Website users accordingly and in any case ensuring adequate and equivalent protection of personal data. To view any changes, you are invited to consult this Privacy Policy regularly. In case of substantial changes, the Data Controller may also notify you by email.