CA’ DA MOSTO S.p.A., headquarter based in Scorzè (VE), Via Venezia, 146, VAT identification number 02037210271, email: firstname.lastname@example.org gives maximum importance to the rights of its customers with regards to the protection of personal data and to its legal obligations, in its capacity as Data Controller for the Processing of Data (hereafter: “Data Controller”).
In accordance with (EU) Regulation n. 2016/679 (hereafter “GDPR”, general provisions concerning the protection of physical persons relating to the processing of personal data and the free circulation of such data), this Privacy Declaration (“Declaration”) describes the ways in which we process the personal data of customers, gathered via www.seventy.it (“Site” or “Website”) and using other tools (e.g. social media, cookies, etc.), in compliance with the regulation cited above and with the principle of transparency stipulated in art. 5 of the GDPR. We invite you to read this declaration carefully.
TYPES OF PERSONAL DATA GATHERED REGARDING THE CUSTOMER
The personal data gathered by this Website, either autonomously or through third parties, for the purposes described in this Policy, includes:
Contact information (for example, name, surname, date of birth, nationality, email address, postal address, telephone number and any other personal data) provided by the Customer through completion of the forms present on the Site, including those allowing subscription to the newsletter, registration and the creation of an account on the Site;
Information relating to any electronic commercial transactions that take place, including the sending of purchasing forms, as well as any linked to pre-sale and post-sale assistance
Personal data that may be contained within communications sent by the Customer, for example to signal a problem or to voice a request, uncertainty or comment relating to the Site and/or its content;
Information deriving from questionnaires and/or surveys that we may carry out from time to time on the Site for the purposes of research, if the Customer decides to respond or to take part;
The provision of such data is not obligatory. Personal Data can be provided freely by the Customer, or, in the case of Usage Data, gathered automatically during use of this Website.
Communication of personal data (especially personal information, email address, postal address and telephone number) is necessary to provide the services offered by the Site at the Customer’s request, to conclude transactions, or, when necessary, to meet obligations stipulated by law or regulations in force. A refusal to provide personal data that is required to meet the aims described above may prevent us from complying with legal provisions and other standards in force. Consequently, a failure to provide personal data may, in some cases, legitimately and justifiably preclude us from providing the services offered on the Site.
The provision of further personal data beyond that which is necessary for the aims of complying with legal or contractual obligations and correct consultation of our services with necessary data relating to navigation is, by contrast, optional, and will not have any effect on your use of the Site and its services. We will always inform you as to whether the provision of personal data is obligatory or optional, indicating data that is obligatory for the provision of services requested on the Site with an appropriate symbol (*).
The Customer assumes responsibility for third party Personal Data that is obtained, published or shared through this Website, and guarantees that they have the right to communicate or disseminate such data, freeing the Data Controller from any responsibilities regarding third parties.
LEGAL BASIS OF PROCESSING
Processing is necessary to execute a contract and/or to execute pre-contractual measures;
Processing takes place based on the prior and explicit consent of the Customer, for example to carry out marketing activities;
Processing is necessary to comply with a legal obligation to which the Data Controller is subject;
Processing is necessary to perform a task carried out in the public interest or to exercise public powers in which the Data Controller is invested;
Processing is necessary to pursue legitimate interests of the Data Controller or third parties;
It must be noted that, on the basis of its main legitimate interest, CA’ DA MOSTO S.p.A. may contact you with the aim or suggesting services and products similar to those that you have already acquired. It should be noted that, based on current legislation, this type of contact (so-called “soft spam”) does not require the provision of consent. The Customer may, in any case and at any time, request an interruption to the processing of their data in this way, which the Data Controller must put into effect without delay.
It is, furthermore, always possible to request that the Data Controller clarifies the concrete legal basis of every processing operation, and in particular to specify whether the processing has a basis.
PURPOSES OF PROCESSING
The personal data provided by you is processed:
Without your explicit consent, pursuant to art. 6 lett. b) and e) of the GDPR, for the following service purposes:
a) Management and execution of pre-contractual and contractual obligations, including the correct execution of acquisitions through the “Site”;
b) Insertion of data into the company’s database to monitor the execution of the contract, including for invoicing aims;
c) Stipulation and execution of the contract and all related activities and consequences, including, by way of example, the correction and modification of products and services offered;
d) Management of fiscal and accounting compliance and all related activities, including, by way of example, invoicing, documentation, refunds in the event of tax free shopping, credit protection, administrative services, management services, and functional services relating to execution;
e) Compliance with legal obligations stipulated by law, regulations and community legislation;
f) The exercising of the rights of the Data Controller, including rights that are enforceable in a court of law.
Subject to specific consent, for the following additional purposes:
g) Direct marketing carried out by the Data Controller, using traditional and/or automated means, which may not entail the intervention of the operator, with the aim of improving the range of products and services offered and receiving communications, newsletters, informative and/or promotional materials, assessing the level of customer satisfaction or concerning events and initiatives, market research or other trade research and direct sales, information and updates regarding products, sales, promotional campaigns, events and other initiatives via automated (email, SMS, newsletter, MMS and/or instant messaging) and traditional (telephone calls with operators and/or post) means of contact;
h) Direct marketing carried out by third parties, via traditional and/or automated means, which may not entail the intervention of the operator, with the aim of receiving communications, newsletters, informative and/or promotional materials, assessing the level of customer satisfaction or concerning events and initiatives, market research or other trade research and direct sales, statistics, interaction with social networks and external platforms, comments on content, through automated (email, SMS, newsletter, MMS and/or instant messaging) and traditional (telephone calls with the operator and/or post) means of contact, in their capacity as Commercial Partners operating within the relevant product sector;
i) Profiling activities carried out via automated means, which aim to improve the range of products and services offered and, partly through the electronic processing of data and the profile and through analysis of the habits and consumption choices of the Customer, enable the identification of preferences, behaviour and interests relating to products and services used, with the aim of rendering the products and initiatives more relevant to the tastes and needs of the Customer.
j) Research activities, using non-automated means, investigating consumption habits with the aim of making products and initiatives more relevant to the tastes of the Customer. Such activities have the exclusive aim of offering customers and users products, services and initiatives that are more relevant to their needs, using methods that do not invade their personal sphere.
At any time and free of charge, data subjects can exercise their right to object, either in full or in part, to the processing of their data for the purposes described in points g), h), i) and j).
The provision of personal data relating to the purposes described in points g), h), i), and j) is optional and its use is subject to the provision of explicit consent. If you refuse to provide consent, this will make it impossible for you to subscribe to the “Newsletter”, to the “Joy of Life Club”, and will preclude you from receiving informative and promotional information, brochures and communications relating to products, promotions and services offered by our Company.
Within the context of the sending of publicity material, promotional material, informative material and/or brochures, please note that consent to the processing of personal data can be withdrawn at any time by selecting the relevant “delete” box, which you can access via a link contained within the communications sent.
Such data (especially personal details, email address, postal address, telephone number and bank details – in the case of payment via credit card) is necessary to conclude contracts for the acquisition of products via the site, or for some “pre”-sale and “post”-sale services, or to comply with obligations driving from legal or regulatory standards. As indicated above, a failure to provide this data may constitute a legitimate and justified reason for not executing a contract for the acquisition of products online and/or the provision of linked services, depending on the case in question.
We also inform you that our Company uses the IP addresses of visitors, in an entirely anonymous way, to monitor traffic on the Site.
MEANS AND LOCATION OF THE PROCESSING OF PERSONAL DATA GATHERED
Means of processing and security
In some cases, in addition to the Data Controller, the following may have access to Data: other subjects involved in the organisation of this Website and companies affiliated and/or linked to CA’ DA MOSTO S.p.A., (administrative, commercial, marketing and legal staff and system administrators) or external subjects (such as third party providers of technical services, postal couriers, advisors, hosting providers, information companies, communication agencies, credit institutions for the management of payments via credit card) who have been appointed, including, if necessary, Data Processors operating on behalf of the Data Controller. An updated list of Data Processors can always be requested from the Data Controller.
The Location of the Processing and Transfer of Data
Data is processed at the operational headquarters of the Data Controller and in other locations where parties involved in processing are located. For more information, contact the Data Controller.
Personal Data is saved on servers located in the member states of the European Union, but, pursuant to art. 44 and ss. of the GDPR, the Data Controller, where necessary, reserves the right to transfer such servers, including to third countries that do not belong to the European Union, in compliance with applicable legal provisions.
The Customer has the right to obtain information relating to the legal basis of the transfer of Data outside the European Union or to an international organisation of public international law or consisting of two or more countries, as well as information relating to the security measures adopted by the Data Controller to protect Data.
PERIOD OF PRESERVATION
In compliance with principles of lawfulness, limitation of purposes and minimisation of data, pursuant to the GDPR, the period of preservation of the personal data of users is determined for a period of time no greater than that which is required to fulfil the purposes for which the data is gathered and processed, in compliance with time-frames stipulated by law and by provisions of the Italian Data Protection Authority. Therefore:
Personal data gathered for aims linked to the execution of a contract between the Data Controller and the User will only be processed until this contract has been executed. Personal data gathered for sales purposes is preserved for a period of no longer than 10 years, in compliance with fiscal and civil regulations.
Personal data gathered for purposes linked to the legitimate interest of the Data Controller will be processed until such interest has been satisfied. The User can obtain further information relating to the legitimate interest pursued by the Data Controller in the relevant sections of this document, or by contacting the Data Controller.
When processing is based on consent from the User, the Data Controller can preserve Personal Data for a longer period, until such consent is withdrawn. Furthermore, the Data Controller may be obliged to preserve Personal Data for a longer period, to comply with a legal obligation or an order emanating from a relevant authority. At the end of the period of preservation, Personal Data will be deleted. Therefore, at the expiration of this period, the rights to access, to deletion and to rectification, as well as the right to the portability of data, can no longer be exercised.
THE RIGHTS OF THE DATA SUBJECT
The Data Subject may, at any time, exercise the following rights:
The right to withdraw consent at any time. The data subject may withdraw consent to the processing of their Personal Data that has previously been given. The data subject should contact us directly as the following address: email@example.com. To withdraw consent to the receiving of our newsletter, you can do this automatically by following the link that you will find at the bottom of each communication;
The right to access your own Data. The data subject has the right to obtain information on the Data processed by the Data Controller, on certain aspects of processing, and to receive a copy of the Data processed. He/she can contact us directly at the address: firstname.lastname@example.org
The right to rectification. The data subject can verify the correctness of his/her Data and request the updating and/or correction of this Data. He/she can contact us directly at the address: email@example.com
The right to the limitation or processing. Under certain conditions, the data subject can request the limitation of the processing of his/her Data. In this case, the Data Controller will not process the data for any other reason than its preservation.
The right to the deletion or removal of your own Personal Data. Under certain conditions, the Data Subject can request the deletion of his/her Data by the Data Controller.
The right to the portability of data. The Data Subject has the right to receive his/her Data in a structured, commonly used and machine-readable format, and, where technically feasible, to obtain the transfer of this Data without hindrance to another data controller. This provision is applicable if the Data is processed with automated tools and the processing carried out is based on the consent of the Customer, on a contract to which the Customer is party, or on contractual measures linked to this.
The right to make a complaint. The data subject can make a complaint to the relevant supervisory authority for the protection of personal data, or engage in legal proceedings.
The right to oppose the processing of data for commercial purposes. At any time, the data subject has the right to object to the processing of his/her data if this is used for direct marketing and commercial purposes.
MEANS OF EXERCISING RIGHTS
At any moment, you can exercise your rights as described above in written form, by sending a registered letter (with acknowledgement of receipt) to the company CA’ DA MOSTO S.p.A. – Servizio Clienti, Scorzè (VE), Via Venezia, 146 CAP 30037, or, alternatively, via electronic post to the email address firstname.lastname@example.org. Requests are handled free of charge and processed by the Data Controller within the shortest period possible, and in any case within one month.
THE RIGHTS OF MINORS
The services offered by the Data Controller and the Site managed by the Data Controller are not targeted at minors below 16 years of age (or below the age limit established by legislation in the User’s country of residence), from whom the Data Controller does not intentionally gather (and then use) information and personal data. In order to protect the security and privacy of minors, wherever such information is involuntarily gathered and/or recorded, the Data Controller undertakes, upon request, to delete it promptly. Registration with the Site implies confirmation that the User has reached the age of majority in his/her country of residence.
MODIFICATIONS TO THIS DECLARATION
If modifications are made that affect processing operations whose legal basis is consent, the Data Controller undertakes to gather the User’s consent again, if necessary.
FURTHER INFORMATION REGARDING THE PROCESSING OF DATA
The Personal Data of the User may be used by the Data Controller for legal action or in the preparatory phases for the eventual establishment of a defence against misuse of this Website or connected Services on the part of the User.
The User declares that he/she is aware that the Data Controller may be obliged to divulge Data by order of public authorities.
System Log and Maintenance
For reasons linked to its functioning and maintenance, this Site and eventual third party services used by the Site may collect system Logs, or files that register interactions and that may also contain Personal Data, such as the User’s IP address.
Information that is not contained in this Policy
Further information relating to the processing of Personal Data can be requested at any time from the Data Controller, using the contact details provided.