Dear Visitor / User, compliance with the Privacy Law is particularly important to us.
In particular, the “General Data Protection Regulation” (EU Regulation 2016/679, known by the English acronym “GDPR”) requires us to provide you with the following information on the processing of your Personal Data, pursuant to art. 13 of the aforementioned Regulation.
The “Processing of Personal Data”, in simple terms, is any operation concerning any “information relating to an individual, identified or identifiable”. For example, name and surname, or an e-mail address with a “username” that identifies it (eg. Mariorossi @ …. ), is considered “Personal Data”, and the actions of collection, registration with us and use to send you a communication, they are considered “Treatment” operations; so also (always for example) the communication of Personal Data to other organizations and storage.
Our organization is defined as the “Data Controller”, as a person who establishes how and for what purposes to process information relating to natural persons.
You, if a “natural person to whom the Personal Data refers”, is defined “Interested”, and has the right to receive the following information on who we are, what Personal Data we process, why, how and for how long we process them, and what rights and obligations you have in this regard. If, on the other hand, you work on behalf of a private organization (e.g. partnership, joint stock company, association, etc.), the Data Subjects are the natural persons who use the Site, and / or the Online Store, and / or use of the Services under the authority of the same (eg you and / or your Workers). Information strictly related to the organization (e.g. tax code or VAT number) are not considered Personal Data.
Depending on whether you are a simple Visitor, have made purchases on the Online Store, or use any of the Services that may be available on the Site, we collect and / or need you to provide us with some Data, which are necessary for us to allow you to browsing the Site, and / or making purchases from the Online Store, and / or using the Services. When you just visit the Site, we do not acquire information that allows your direct identification.
The following grid and clauses explain how the Company, as Data Controller, will process your data.
|Who are we (“Data Controller”)?|
|IDT SpA, with registered office in Via Quittengo 35, 10154 Turin (TO), Tax Code and VAT number 10010450012, registered in the Turin business register, REA number TO-1098199.|
|What are the categories of data subjects to which this information is addressed?|
|Visitors and Buyers|
|What categories of Personal Data do we process?|
|Navigation Data and Common Data to the minimum extent necessary to achieve each of the Purposes indicated below.
Please do not enter any “sensitive” information in the texts of communications and in the description fields of our online forms (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs are considered sensitive information, o trade union membership, as well as genetic data, biometric data and data relating to the health or sexual life or sexual orientation of the person).
|What is the origin of your Personal Data?|
|As a rule, it is you who transmit them, or another natural person who is part of the organization for which you work authorized for the purpose.|
|Why do we process Personal Data (Purpose) and what is the Processing (Legal Basis) of each category of Data based on, and what is the Retention Period?|
|n°||Purpose||Categories of Personal Data||Legal basis||Retention period|
|1||Analyze the traffic on the Site (e.g. detect the most visited pages, the number of visitors per hour or day, the geographical origin, the average connection time, the browsers used, the origin of the visitor – from search engines or others sites -, phrases and words searched, etc.) to understand how it is used and manage it, optimize and improve it, or even just for statistical purposes; solve operational problems (eg anomalies in loading pages); carry out monitoring activities to reject and / or prevent cyber attacks and fraud.||Browsing Data, anonymous information (which does not allow us to trace your identity) and Common Personal Data (e.g. complete IP address)||The need to make the Site available in accordance with the terms of service or other legal text having a similar function available on the Site on the date of access considered (Article 6.1.b GDPR)||1 week from the date of your last access to the Site.|
|2||Satisfy the requests you want to send us using the contact details on the Site.||Common data||The need to adopt pre-contractual measures at your request (Article 6.1.b GDPR)||For a maximum of 2 years from your last request.|
|3||Provide access to your profile page and reserved area||Common data||The need to execute your service request governed by the terms of service or other legal text having a similar function available on the Site on the considered access date (Article 6.1.b GDPR)||For a maximum of 2 years Your last request|
|4||Perform operations relating to purchases of products from our Online Store made by you||Common data||The need to execute the sales contract (Article 6.1.b GDPR)||For a maximum of 10 years from the date of your last purchase.|
|5||Marketing purposes, after profiling. In particular, it is specified that the Data, even with the help of Cookies, will be used to re-target subjects who are already users of the Site, even if only as Visitors, or to find new ones based on the characteristics of the subjects who are already users of the Site. Direct marketing activities, including but not limited to the newsletter, have the sole purpose of making users aware of the news, commercial and otherwise, proposed by the Site and the Company, and do not include the promotion of goods or services offered by third parties.
The Company does not transfer the Data to third parties so that such third parties can offer their products to the users of the Site.
|Navigation Data and Common Data||Express consent, also with respect to the installation of Cookies (Article 6.1.a GDPR).||Until withdrawal of consent to treatment.|
|Clarifications on the maximum retention period|
|Your Personal Data will be processed for the maximum periods indicated above for the respective related processing purposes, unless the Applicable Law requires us to keep them for a longer period or allows it to protect our rights and / or legitimate interests.|
|To whom do we communicate the Data (Categories of Recipients)?|
|To the minimum extent necessary to achieve each of the Purposes, on the basis of the Applicable Regulations and / or a contractual agreement with the Data Controller, to:
The Data Controller does not disseminate Personal Data, except for the hypothesis in which it is requested, in compliance with the law, by Authorities, information and security organizations or other public subjects for defense or security purposes of the State or of prevention, detection or repression of crimes.
|Do we transfer Personal Data outside the European Union?|
|Yes, for the provision of the Site and the Online Store, the Company makes use not only of subjects located in the territory of the European Union, but also of subjects located outside that territory, with particular reference to the storage of the servers on which they are stored the Personal Data of Users (located in the United States).
The Data Controller ensures that the transfer of non-EU data takes place in compliance with the applicable legal provisions and that the transfer is carried out to subjects (third countries and / or international organizations) for which there is an adequacy decision by the European Commission pursuant to of article 45 of the GDPR, or by stipulating, where necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by the European Commission, and in any case in compliance with the other guarantees or exceptions provided for by chapter V of the Regulation EU 2016/679 (GDPR).
Furthermore, in compliance with the principle of minimization, the data will be processed outside the territory of the European Union as indicated above exclusively for the purpose of applying, through a plug-in installed on the Site, discounts or other benefits in favor of Buyers, and therefore such cross-border processing will only last for the duration of the purchase session.
If you do not agree that your Personal Data may be transferred to non-EU countries, we invite you not to sign any Contract with the Company and to stop using the Site, the Online Store and the Services.
|Are you obliged to provide us with your personal data?|
|Due to the functioning of the Internet, it cannot refuse the communication of the Browsing Data; the refusal of communication of some Personal Data (such as the IP address of your device) is not envisaged.|
|What happens if you refuse to communicate your data?|
|If you refuse to communicate Personal Data for the contractual purposes indicated above in numbers 2, 3 and 4, we will not be able to establish the contractual relationship and fulfill your request, sell the products, or provide the Service.|
|What communications do we send you?|
|We will only send you communications necessary for the execution of the Contract, based on the contractual purpose applicable among those indicated above. For example, we will communicate with you to respond to your general request (Purpose 2), or we may send you notifications to inform you of issues concerning access to your profile page / reserved area, as well as to update you about the purchase orders you have forwarded. .|
|What rights do you have as an “interested party”?|
|You, as the person to whom the data refer (“Interested”), has the right to:
The exercise of the above rights may also be delayed, limited or excluded in the cases provided for by art. 2-undecies d. lgs. 196/2003.
|Who can you contact with questions or to exercise your rights?|
|You can contact the Data Controller for questions relating to the processing of your Personal Data and to exercise your rights by sending an email to [email@example.com], or by post to the address [Via Quittengo 35, 10154, Turin – Italy] .|
We do not intentionally collect personal information referring to natural persons who, according to their national system of origin, do not have the legal capacity to act for the purpose of stipulating contracts, except for requests relating to minors advanced by subjects exercising parental authority or custody. on the minors in question. In the event that information on these subjects were registered, we will delete them in a timely manner, at the request of the interested party or of whoever exercises authority over it.
” Supervisory Authority “: the independent public authority established by a State of the European Union, or by the European Union itself, in charge of supervising the application of the Privacy Law (for Italy, the Guarantor for the Protection of Personal Data , http://www.garanteprivacy.it ).
“ Authoritỳ ”: body or organization, public or private, with administrative, judicial, police, disciplinary, supervisory powers.
” Authorized “: the natural person, placed under the direct authority of the Data Controller, who receives from the latter instructions on the Processing of Personal Data, pursuant to and for the purposes of art. 29 of the GDPR.
” Privacy Code “: Legislative Decree 196/2003 and subsequent amendments and / or additions (in particular by the Legislative Decree no. 101/2018).
” Committee ” or ” EDPB “: the European Data Protection Committee, established by art. 68 of the GDPR and governed by art. from 68 to 76 of the GDPR, which replaces WP29 from 25/5/2018.
” Buyer “: the natural or legal person who makes purchases from the Online Store or who uses any of the other Services that may be available on the Site.
” Communication “: “the disclosure of personal data to one or more specific subjects other than the interested party, the owner’s representative in the territory of the European Union, the manager or his representative in the territory of the European Union, the authorized persons, pursuant to article 2-quaterdecies, to the processing of personal data under the direct authority of the owner or manager, in any form, including by making them available, consulting or by interconnection “(as defined in art. 2 -ter, paragraph 4, letter a of the Privacy Code).
” Contract “: agreement entered into with the Customer User, through acceptance by the latter of the Terms and Conditions.
” Cookies “: short fragments of text (letters and / or numbers) that allow the web server to store information on the browser to be reused during the same visit to the site (Session cookies) or later, even after days (Cookies persistent). Cookies are stored, according to the User’s preferences, by the single browser on the specific device used (computer, tablet, smartphone). The following categories are considered:
” Common Data “: Personal Data concerning your general information, including, but not limited to, name and surname, e-mail address, telephone number, tax code, VAT number, as well as any other data that you may provide us , for example through the forms or contact details of our organization available on the Site.
” Browsing data“: Are the data that the computer systems and software procedures used to operate the site acquire, during their normal operation, and the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the User. These data, necessary for the use of web services, are also processed for the purpose of: obtaining statistical information on the use of the Services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.); check the correct functioning of the Services offered. number of visitors by time or day, geographical areas of origin, etc.); check the correct functioning of the Services offered. number of visitors by time or day, geographical areas of origin, etc.); check the correct functioning of the Services offered.
” Personal Data “: “any information concerning an identified or identifiable natural person (” interested party “); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social “, as defined by art. 4, subparagraph 1, no. 1, of the GDPR).
” Data ” or ” Data “: one or more of the categories indicated as Personal Data.
” Recipient “: “the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party”, as defined by art. 4, subparagraph 1, no. 9, of the GDPR.
” Dissemination “: “the disclosure of personal data to undetermined subjects, in any form, including by making them available or consulting” (as defined in art. 2-ter, paragraph 4, letter b of the Privacy Code) .
” GDPR “: EU Regulation 2016/679 “concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46 / EC (general regulation on data protection) “.
” Interested “: “identified or identifiable natural person”, as defined by art. 4, subparagraph 1, no. 1, of EU Regulation 2016/679 (so-called “GDPR”).
” Limitation “: “the marking of personal data stored with the aim of limiting their processing in the future”, as defined in art. 4, subparagraph 1, no. 3, of the GDPR.
” Regulations ” or ” Regulations “: one or more of the sets of regulations indicated, in this Act, as Privacy Regulations and Applicable Regulations.
” Applicable Law “: any provision, of any rank, belonging to Italian law or to that of the European Union, in any way applicable to the Site and / or the Contract.
” Privacy Law “: EU Regulation 2016/679 (“GDPR”), Legislative Decree 196/2003 and subsequent amendments and / or additions (“Privacy Code”), as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR and the Privacy Code, and the additional applicable legislation, of any rank, including the opinions and guidelines developed by the Committee.
” Profiling “: “any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health , personal preferences, interests, reliability, behavior, location or travel of said natural person “, as defined in art. 4, subparagraph 1, no. 4, of the GDPR.
” Publication “: the action with which the Owner communicates information on the Site, without implementing procedures that require the Visitor to view it.
” Responsible “: “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller”, as defined by art. 4, subparagraph 1, no. 8, of the GDPR.
” Services “: indicates the services offered by the Company through the Site, including the provision of the Site itself.
” Site “: the web pages exposed through www.ducadimorrone.com , including subdomains .
“ Company ”: the company IDT SpA, with registered office in Via Quittengo 35, 10154 Turin (TO) , Tax Code and VAT number 10010450012, registered in the Turin business register, REA number TO-1098199.
” Online Store “: indicates the section of the Site acting as an e-commerce with which you can purchase our products sold online.
” Third “: “the natural or legal person, public authority, service or other body other than the data subject, the data controller, the data processor and the persons authorized to process personal data under the authority direct of the owner or manager “, as defined by art. 4, subparagraph 1, no. 10, of the GDPR.
” Owner “: “the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data”, as defined by art. 4, subparagraph 1, no. 7, of the GDPR.
” Treatment “: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction “, as defined by art. 4, subparagraph 1, no. 2, of the GDPR.
” User “: indicates, without distinction, Visitors and Buyers.
” Visitor “: the natural or legal person who uses a device and surfs, through the Internet, on the public pages of the Site.
” WP29 “: the Working Group for the protection of individuals with regard to the processing of personal data, established pursuant to art. 29 of Directive 95/46 / EC, whose tasks are set out in art. 30 of directive 95/46 / EC and art. 15 of Directive 2002/58 / EC.