INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to and for the purposes of Art. 13 of the New European Regulation 2016/679 relating to the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR)
As required by the European Union General Data Protection Regulation (GDPR 2016/679, Article 13), before proceeding with the processing, the interested party (user of the website www.banderari.com) is informed that the personal data collected through the site, they are processed by the Company using IT and / or telematic tools, for the purposes indicated in this statement.
Holder of the treatment
The Data Controller is Officina del Papillon di Pinzaglia Angela, with registered office in Via delle Valli 3, Amelia (TR), VAT number: 01567650559.
The Company has identified a Data Protection Officer pursuant to articles 37 and following of the European Regulation 2016/679, which is identified in Dr. Laura Pernazza.
This person may be contacted for clarifications and questions regarding the processing of personal data at the address: [email protected]
For further information relating to the rights of the interested party, please consider the paragraph called “Rights of the interested parties” of this information.
The personal data being processed are collected directly by Officina del Papillon di Pinzaglia Angela or by third parties expressly authorized by it, or communicated by the Company to these third parties for the pursuit of the purposes described below.
Legal basis and purpose of the processing
The personal data provided by the user when browsing the website www.banderari.com are processed by the Data Controller in accordance with current regulations regarding the protection of personal data.
The legal basis of the processing is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible termination of the online sales contract concluded between the parties and in the obligations under the same contract connected and / or directly and / or indirectly deriving from the same.
The processing of personal data by BANDERARI is aimed at pursuing the following purposes:
1) REGISTRATION TO THE BANDERARI.COM NEWSLETTER: if the user decides to subscribe to the “BANDERARI Newsletter”, only following a possible and specific consent, personal data will be processed by the Data Controller for sending commercial or promotional communications, updates relating, for example, to the latest trends, new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the unsubscribe link at the bottom of the e-mails received or by writing to the address [email protected]
2) REGISTRATION ON BANDERARI.COM: in the event that the user decides to register on the banderari.com site, only following a possible and specific consent, personal data will be processed by the Data Controller for the purpose of registration on banderari.com. In particular, against the conferment of your name, surname, e-mail address and the setting of an access password, these will be processed for the creation of a personal account, to speed up the purchase procedure, to allow the user to view the status of orders and receive updates on purchases made, change personal settings and update the account, view the history of returns and requests for exchange of goods, save favorite items in the Wishlist and to offer the possibility to join in a next moment, if the user wishes, to the BANDERARIGOLD loyalty program.
3) ONLINE SHOPPING ACTIVITIES: the personal data provided will be used for the establishment, management, execution and / or conclusion of the online sales contract. The data provided will be processed by the Data Controller for the purpose of managing the purchase order with reference, by way of example, to the activity of payment, shipping, taking charge of any returns, for customer assistance, for the execution of the purposes. administrative – accounting related to the management of the order, for the fulfillment of obligations under current legislation. In case of payment by credit card, the fundamental information for the execution of the transaction (credit / debit card number, expiry date, security code) will be processed by Banca Sella – Worldpay – Adyen or, possibly, by companies in charge of anti-fraud control through an encrypted protocol and without third parties being able in any way have access to it. However, this information will never be displayed or stored by the seller (Officina del Papillon di Pinzaglia Angela).
4) PROFILING OF THE PHYSICAL PERSON: only after a possible and explicit consent, the personal data provided can be processed by the Data Controller for profiling activities, or rather of analysis of preferences aimed at creating personalized contents and offers.
Nature of the treatment
In relation to the purposes referred to in point 1) of the previous paragraph, the provision of personal data and consent to their treatment is optional. Failure to provide consent will make it impossible for BANDERARI to allow you to subscribe to the “Banderari Newsletter”, send commercial or promotional communications, updates relating, for example, to the latest trends, new arrivals, exclusive offers. , special events and promotions.
If the user decides to proceed with the subscription to the newsletter through the section of the site solely dedicated to this activity, the provision of personal data and consent to their treatment is mandatory.
Failure to provide consent will make it impossible for BANDERARI to allow you to subscribe to the “Banderari Newsletter”, to send commercial or promotional communications, updates relating, for example, to the latest trends, new arrivals, exclusive offers. , special events and promotions.
In relation to the purposes referred to in point 2) of the previous paragraph, the provision of personal data and consent to their treatment is mandatory. Failure to provide consent will make it impossible for BANDERARI to allow registration on banderari.com, the creation of a personal account, speeding up the purchase procedure, displaying the status of orders and receiving updates on purchases made , the possibility for the user to change personal settings and update the account, to view the history of returns and requests for exchange of goods, to save favorite items in the Wishlist and to join at a later time, if desired, to the BANDERARIGOLD loyalty program.
In relation to the purposes referred to in point 3) of the previous paragraph, the provision of personal data and consent to their treatment is mandatory. Failure to provide consent implies the impossibility for BANDERARI to proceed with the establishment, management, execution and / or conclusion of the online sales contract, therefore the impossibility to perform, for example, the activities related to payment, shipping, taking charge of any returns, customer support activities, the execution of administrative and accounting purposes related to the management of the order, and the fulfillment of obligations under current legislation.
In relation to the purposes referred to in point 4) of the previous paragraph, the provision of personal data and consent to their treatment is optional.
Failure to provide consent makes it impossible for BANDERARIES to carry out profiling activities, or to perform analysis of preferences aimed at creating personalized content and offers.
Personal data processed
The personal data processed by the Data Controller are those provided by the user when browsing the website www.banderari.com, on the occasion of any registration / subscription to the services / programs made available to BANDERARI and / or the possible purchase of products made available to BANDERARI, such as, for example: name, surname and e-mail address, in addition to the data necessary for the provision of the online sales service such as, for example, those functional to the execution of the payment and shipping / exchange of purchased products.
Data processing and storage methods
The processing of personal data is carried out by the Data Controller in compliance with the provisions of the current Privacy legislation. The Data Controller performs the processing of personal data using IT and / or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this statement, as well as adopting the appropriate security measures in order to prevent access, disclosure, unauthorized modification or destruction of personal data, their loss and their illegal and incorrect use. However, the Company cannot guarantee its own
users that the measures taken for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or dispersion of data by devices belonging to the user. For this reason, users of the site are advised to make sure that their computer is equipped with adequate software to protect the transmission of data on the network (for example updated antivirus) and that their Internet Provider has adopted suitable measures for the security of the transmission. of data on the network. The Company also undertakes to process data according to the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and exact for processing and to allow their use only by personnel for the authorized purpose. The management and storage of the personal data acquired will take place in archives or on servers located within the European Union owned by the Data Controller and / or by third-party companies appointed as External Data Processors and, in any case, currently located in Italy.
In relation to the various purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve them and, in any case, in accordance with the current regulatory provisions on the subject.
In any case, the Company will take care to avoid the use of the data indefinitely by proceeding, periodically, to adequately verify the actual persistence of the interest of the subject to which they refer.
Recipients and Data Processors
The collected data will not be disseminated in any way, but will be processed within the limits and for the purposes described by the employees of the Company on the basis of adequate operating instructions (for example, administrative, commercial, marketing, legal, system administrators, etc. .). Some data processing may also be carried out by third parties, appointed as External Data Processors, of which the Data Controller makes use or could make use of in the context of the management of the contractual relationship, the provision of the services offered and for organizational needs of its business. In particular, the data could be communicated to:
a) subjects, public and private, who can access the data by virtue of provisions of law, regulation or community legislation, within the limits provided for by these rules;
b) subjects who need to access data for purposes related to the contractual relationship between the parties, within the limits strictly necessary for the performance of auxiliary tasks (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers and forwarding companies);
c) consultants, within the limits necessary for the performance of their professional assignment.
The updated list of External Managers and persons authorized to process is kept at the headquarters of the Data Controller and is available to the interested party, upon request to be made by e-mail to the address [email protected]
Transfer of data abroad
The management and storage of personal data will take place on the server of the owner and / or third party companies duly appointed as external data processors located within the European Union.
Personal data may be transferred abroad, in accordance with the provisions of current legislation, even in countries not belonging to the European Union. The transfer to non-EU countries, in addition to the cases in which this is guaranteed by the adequacy decisions of the Commission, is carried out in such a way as to provide appropriate and appropriate guarantees pursuant to art. 46 or 47 or 49 of the Regulations.
Rights of the interested parties
As an interested party, the user can exercise, at any time, the rights provided for in articles 15, 16, 17, 18, 20 and 21 of the GDPR which confer, in particular, the right to:
a) obtain from the Data Controller, pursuant to Article 15, confirmation that personal data is being processed or not and, in this case, obtain access to the data and to information such as: (i) the purposes of the treatment; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients located in Third Countries or International Organizations; (iv) when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
b) obtain from the Data Controller, pursuant to Article 16, the correction of inaccurate personal data concerning him without undue delay; taking into account the purposes of the processing, the interested party has the right to obtain integration d
and incomplete personal data, including by providing an additional declaration;
c) obtain from the Data Controller, pursuant to Article 17, the cancellation of personal data concerning him without undue delay. The Data Controller is obliged to delete personal data without undue delay if one of the reasons indicated in paragraph 1 of Article 17 exists;
d) obtain from the Data Controller, pursuant to Art. 18, the limitation of treatment when one of the hypotheses governed by paragraph 1 of Article 18 occurs;
e) obtain from the Data Controller, pursuant to Article 20, the portability of the data or to receive the personal data concerning him provided to a Data Controller in a structured format, commonly used and readable by an automatic device. The interested party also has the right to transmit such data to another data controller without hindrance by the first owner to whom he provided them, if the conditions indicated in Article 20 paragraph 1 are met. Finally, the interested party has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
f) object, in whole or in part, pursuant to Article 21, to the processing of personal data concerning him.
For the exercise of their rights, the user can send their requests to [email protected]
It should also be noted that the interested party has the right to withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation, without prejudice to the consequences indicated above regarding a refusal to provide such personal data . The interested party also has the right to lodge a complaint with a supervisory authority.
You can make requests regarding the exercise of these rights by contacting the address: [email protected]
Officina del Papillon di Pinzaglia Angela undertakes to respond to the requests of the interested party within a period of one month, except in cases of particular complexity for which it could take up to three months. In any case, the Data Controller will provide the interested party with the reason for the wait within one month of the request. The outcome of the request will be provided in writing or electronically. In the event of a request for rectification, cancellation as well as limitation of the processing, the Data Controller undertakes to communicate the results of the requests received by the interested party to each of the recipients of his data, unless this is impossible or involves a disproportionate effort.
The Company specifies that a possible contribution may be requested from the interested party if the questions are manifestly unfounded, excessive or repetitive; in this regard, the Data Controller will have a register to track requests for intervention.
Changes to this information