Information pursuant to and for the purposes of art. 13 Legislative Decree 196/2003 and the GDPR EU Regulation 2016/679 concerning the protection of the processing of personal data by the website
In conformance to the provisions of art. 13 of the regulation ( EU) 2016/679, we inform you that the processing of personal data, including the e-mail, other addresses or personal identifiers provided by filling in the forms on the website or using social network, will be carried out for the purposes and conditions set forth below.
1) Data Controller
The data Controller (“Controller” henceforth) is the company EMMEGI S.N.C. DI MAROTISCA L & C., with the headquarters in San Martino di Lupari (PD), Via Garlibardi, n. 96 (C.F. e VAT.N03404430286), in the person of the legal representative pro tempore.
2) Legal basis for processing
The legal basis for processing your personal data consists of:
- the fulfillment of contractual obligations;
- compliance with regulatory obligations, including accounting, tax and administrative obligations;
- the consent given by you for the processing of data in accessing and / or using the services offered.
3) The objective of processing
The Controller processes personal data that are identifying and non-sensitive (in particular, name, surname, fiscal code, VAT number, email address, telephone number - hereafter, "personal data" or even "data") communicated by the User during the registration on the website and/or when registering for the newsletter service.
These data are, in particular:
a) The data provided at the moment of creating an account on the website (i.e. name, surname, invoicing address, e-mail, phone number, method of payment).
b) Data relative to the purchases effectuated on the website ( i.e. purchased products, date and hour of the purchase, residency address).
c) The provided data when requesting information and assistance.
The above-mentioned data are processed only when deemed necessary to achieve the purpose described in paragraph 4 of the present informative notice.
The Controller is committed to treat the data and information transmitted by the User confidentially and not to reveal them to unauthorized persons, or to use them for purposes other than those for which they were collected or to transmit them to third parties other than those indicated below.
As far as the online payment procedure is concerned, the same occurs through the use of the PayPal or Gestpay service (by credit card), to which the User will be redirected.
The data entered in the aforementioned pages are encrypted before being transmitted.
In no case will the Controller have access to the page used for payment, nor to the information relating to the User's credit card.
4) Data nature and processing purpose
Our company will only obtain and process personal and fiscal data; in no case will it treat definable data, pursuant to art. 9 of Regulation 599/20216, as "particulars".
The personal data provided to our company will be processed by this company for the following purposes:
a) Without your express consent to:
- Allow registration on the website.
- To allow the User access to the part of the Company's Website dedicated to the online sales of its Products; and consequently, allow the User to carry out all purchase procedures, as well as to allow the Supplier to perform all various administrative, commercial, accounting and fiscal activities deriving from online sales and, more generally, to execute existing legal obligations on the subject.
- Manage pre and post sales customer support services.
- Fulfill the pre-contractual, contractual and fiscal obligations deriving from existing relationships with the User.
- Fulfill the obligations provided for by the law, by a regulation, by the community legislation or by an order of the Authority.
- Prevent or detect fraudulent activity or harmful abuse of the website.
- Exercise the rights of the Controller, for example the right to defend in court.
- Manage any complaints or disputes.
b) Only with the specific and separate consent of the User, for the following Marketing purposes:
- sending newsletters via email;
- communication and / or sending (via e-mail, sms, notifications, mail, telephone contact, etc.), also with automated methods, of information and commercial offers, of advertising and promotional material on the company’s own services and / or third parties services, as well as carrying out market research.
No profiling is provided.
We would like to point out that, if you are already our customer, we will be able to send you commercial communications relating to services and products of the Controller similar to those you have already received, unless you disagree (Article 130 paragraph 4 of Legislative Decree 196/2003).
5) The need for data provision
The provision of data is mandatory for the purposes set forth in art. 4 sub. a), in order to execute the User's requests.
The relative failure, partial or incorrect provision could have as a consequence the impossibility to activate and supply the requested service.
Instead, it is optional for promotional and marketing activities pursuant to art. 4 sub. b).
The user can then decide not to give any data or subsequently deny the possibility of processing data already provided: in this case, he will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Controller.
In any case, the User will continue to have the right to the Services referred to in art. 4 sub a).
6) Method of processing
The data are organized in paper archives and in electronic databases; they are processed using manual, computer and telematic tools and procedures to ensure their security and privacy, while respecting the security measures deemed appropriate in accordance with the principles of the GDPR (Article 32).
The controller will process the personal data during the period of time necessary for the execution of the above-mentioned purposes.
In any case, the processing will not exceed 10 years from the termination of the relationship for the purposes of the provided service and 2 years from the collection of data for Marketing purposes.
The data will be stored for a further period in relation to the purposes of disputes and any legal obligations.
7) Access to data
The User’s data can be made accessible for the purposes stipulated in the art. 4 a) and b):
- to the employees and collaborators of the Controller, in their capacity as Appointees and / or internal Data Processors and/or System Administrators;
- to third-parties (for example, providers for the management and maintenance of the website, suppliers, credit institutions, professional offices, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external processors;
- to the collaborators, employees and suppliers of the Controller, in the context of their duties and/or any contractual obligations with them, concerning commercial relations with Users;
- to post offices, shippers and couriers to send the products purchased by the User and/or other material relating to the performance of the services provided;
- to public bodies or the judicial authority, where required by law or to prevent or punish the commission of a crime.
8) Data communication
Without expressing your consent, the Controller can communicate your data for the purposes expressed in art 4) under a) to the supervisory bodies, the judicial authorities, as well as all other subjects to which the communication will be obligatory under the law for achieving the objectives.
Your data will not be published.
9) Data transfer
The management and the transfer of the personal data is carried out on the server of the Controller and / or third-party companies charged and deemed as persons in charge of data processing.
Data will not be processed outside the European Union.
In any case, it is understood that the Controller, if necessary, will have the right to move the location of the servers in Italy and / or in the European Union and / or in Non-EU countries.
If, for technical and / or operational reasons, it is necessary to use subjects outside the European Union, we inform you that these subjects will be designated as data controllers in accordance with to the above-mentioned law. Article 28 of the GDPR and the transfer of personal data, limited to the execution of specific processing activities, shall be regulated in accordance with the provisions of the GDPR.
10) Rights of the interested party
As an interested party and in accordance with the GDPR, the User has the right to:
- have access to his/her own data
- obtain a confirmation concerning the existence or the non-existence of these personal data, and their availability in an intelligible form.
- know the origin of personal data, the purpose and modes of treatment; even if this latter is realized through electronic tools
- have knowledge of the origin of data, of the purposes and methods of the processing, of the logic applied, even in the case of processing carried out with the help of electronic instruments, of the identification data concerning the Controller and the subjects to whom the data may be communicated or who may become aware, in particular if they are recipients of third countries or international organizations;
- know of the period of data storage, or the criteria used to determine such a period, as well as the existence of an automated decision-making process, including profiling and, in this case, the logic used, the importance and the consequences foreseen for the person concerned;
- know of the existence of adequate guarantees in the event of data transfers to a non-EU country or to an international organization;
- have knowledge regarding the available information regarding data origin, if they are not obtained from the interested party;
- obtain the update, rectification and integration of data, cancellation, limitation, portability, with possibility of direct transmission to another Controller and transformation into anonymous form or blocking of data processed in violation of the law, when the preconditions established in Regulation 2016/679 are fulfilled;
- oppose, completely or partially, for legitimate reasons, the processing of personal data.
- receive, if the processing is carried out by automatic means, without impediments and in a structured, commonly used and legible way , the personal data concerning you in order to transmit them to another Controller or - if technically feasible - to obtain direct transmission from the Controller to another data controller;
- revoke the consent to the processing, without prejudice to the legality of the processing that is based on the consent acquired before the revocation;
- make a complaint to the Authority for the Protection of Personal Data pursuant to art. 77 of EU Regulation no. 2016/679.
The exercise of the rights can be exercised by written notice to be sent to the Data Controller via pec at the address firstname.lastname@example.org or registered letter receipt at Via G. Garibaldi 96, 35018 San Martino di Lupari (PD).
11) Withdrawal of consent to treatment
You have the right to revoke your consent issued to the Controller at any time totally and/or partially without prejudice to the legality of the Treatment based on the consent given before the revocation.
To withdraw your consent, simply contact the Data Controller at the addresses published in this statement.
The Website and the Services of the Data Controller are not intended for persons under the age of 18 and the Data Controller does not intentionally collect personal information referring to minors.
Therefore, personal data of children under the age of 18 may be processed with the authorization of the holder of parental responsibility.
In the event that information on minors is unintentionally registered, the Controller will delete them in a timely manner, at the request of users.