In agreement with the new European laws introduced by the EU Reg. 679/2016 and with the Italian law (D.lgs.n.196/2003), this section provides the information regarding the treatment of personal data of the Customers that peruse the pages of our internet site www.prodotticheamiamo.it (hereafter: “Site”) or that make use of the purchase services that the Site offers (hereafter “Customers” or “Interested parties”).
This information concerns exclusively the Site and doesn’t apply to other web sites which the Customer can peruse through the links that the Site offers.
Owner of the Treatment
“Init-s by Andrea Cerrito” (hereafter “Firm”), VAT number:-1226110554, REA number: TR – 89135, located in Via Ugo Tognazzi, 18, Narni (TR), email: email@example.com.
Email for contacting the Owner and ask the cancellation of your data, if inserted in the system, once you have provided your consent: firstname.lastname@example.org
A – Categories of treated data
I. Identification data
In agreement with the new European normative introduced by Reg. UE 679/2016 and with the Italian normative (D.lgs. n.196/2003), the perusal of the site and the potential purchase of products sold by the Site, can result in the handling of those data that are necessary to directly or indirectly identify a physical person like: name, surname, mailing address, email address, telephone, IP address.
The Site does not demand that the interested Customer provide “particular” data, that is, as included in the GDPR (art.9), personal data that reveal ethnic origins, political opinions, religious faith, philosophical believes, enrollment in the trade unions, let alone generic data, biometric data to identify a physical person, data regarding the health or sexual life or orientation of the individual. If the requested services demanded the gathering of those data, the interested party will be fully and early informed and will have to grant explicit consent.
II. Fiscal data
Obviously, by purchasing products in the Site, the Site will collect bank information such as the number of the used card or the bank account of the owner of the card or bank account.
III. Internet surfing data
Internet surfing data are collected automatically by the systems and the programs underlying the functioning of the Site and they are necessary for the use of the web services [e.g. IP addresses, utilized browser, names of the domain of the systems used by the customers to connect themselves to the web portal, URI (Uniform Resource Identifier), notation addresses of the requested resources, the time of the request, the method used to place the request in the server, the dimension of the obtained response file, the numeric code indicating the status of the response by the server (successfully completed, error, etc.) and other parameters relative to the operative system and the IT environment of the user].
These data are acquired even in the absence of registration on the Site or information requests.
Surfing data are used exclusively on an aggregate basis to file anonymous statistics on the consultation of the Site and control its correct functioning and do not permit to identify the interested users. They are also erased soon after they are collected in an anonymous format.
Surfing data can however be used to tract down responsibilities in the event of digital crimes that have been committed to the detriment of the Site.
IV. Data voluntarily offered by the customer
The personal data provided voluntarily by the customer (like for instance name, surname, email address) in order to send messages to the Site and/or purchase the available products, are used only to the scope of responding to the needs of the interested party and to comply with legal regulations.
The juridical basis of these elaborations is to satisfy the services inherent to the asked questions and to the realized purchases, let alone respect legal regulations.
The information that the User (Customer) of the Site will decide to publicize thanks to the services and the instruments the Site itself provides, are offered by the User knowingly and voluntarily, thereby exonerating the Site from every responsibility concerning potential law violations.
It is responsibility of the Customer to verify that he/she has the permits for handling personal data of third parties or content that is protected by national and international norms.
V. Data gathered by analytic cookies
For greater information on the data treated by cookies, on the types of cookies and on how to deactivate them, please refer to the section relative to cookies.
These cookies are used to track down the surfing preferences of the user and gather statistical data. The user can deactivate these cookies by changing the setting of her/his own browser, like pointed out by the section relative to cookies.
B – Scope of the Treatment
The collected personal data are used to:
- Allow the expedition of the products purchased by the Customer;
- Gather anonymous statistical information on the use of the web portal;
- Control the correct functioning of the web portal;
- Send communications and newsletters, in both paper and electronic form, to the address the Customer has supplied;
- Verify responsibility in case of IT crimes to the detriment of the web site;
- Respect the law in any other instances which is not listed above.
Data can be communicated only following a request by the relevant Legal Authorities within their legal responsibilities.
C – Juridical basis of the treatment
I. Implementation of a contract
The juridical basis of the treatment of personal data is the fulfillment of the services inherent to the relationship that the purchase of the products has produced, the agreement and acceptation of the Terms and Conditions, the respect of the legal obligations and the legitimate interest of the Site to take measures conforming to these ends.
II. Consent by the Interested party
The optional, explicit and voluntary sending of electronic mail, text messages or whatever kind of communication sent to the addresses listed on this Site necessarily implies the acquisition of the Customer’s address, her/his telephone number and/or other personal data that will be used to respond to the customer’s request/s. This data treatment occurs given the consent of the interested party.
It is promised that data treatment will be regulated by the principles of legality, correctness, transparency, suitability, competence and necessity as specified in art.5, par.1 of GDPR. Summaries on specific information will be increasingly released or visually made available in the pages of the sites which respond to particular request services.
III. Compliance with the law
The treatment of personal data can occur even without the customer’s consent admitted that the Owner must comply with a legal obligation.
IV. Optional nature of data provision
With the exception of what specified on the compliance with the contract and the rule of law concerning cookies and data acquired from the Site, the customer can choose whether to give his/her personal data. Thus said, the missed provision of said data could lead to the impossibility of obtaining the desired services.
D – Data Treatment: Ways and length of the process
Personal data are treated through IT technology and in agreement with EU Reg. n.679/2016 and D.Lgd n.196/2003.
The preservation of the gathered data will last in conformity with the objectives described in this document and, therefore, for the shortest time possible that is until an explicit request of the interested party and in any case respecting the temporal limits imposed by law.
The Owner pledges himself to adopt all the proper security measures to prevent the loss or alteration of personal data, let alone any illicit use or unauthorized use of the data.
Data are treated exclusively by the authorized personnel. These personnel are authorized by the Owner and is responsible for the treatment and for responding to the existing legal obligations. They deal with the data while being autonomous entities.
Amongst the people authorized by the Owner to treat personal data are, for example: collaborators from the commercial and legal departments, as well as second-tier technicians, hosting providers and IT societies (this list is of course incomplete). Treated data will not be released to unspecified recipients.
Finally, data could be handled by linked societies for delivering the products.
The Firm trusts the company Amazon.com, inc. on the delivery (to read more on Amazon’s data treatment go to https://services.amazon.it/standards/nota-sulla-privacy.html?ref=asit_privacy_footernav)
The security of the gathered information from potential hacker attacks and, in general, violations of the security norms protecting data, cannot be guaranteed.
If attacks or violations happen, at any rate, they will be communicated to the interested parties and the appropriate authorities.
E – Place of the treatment
The treatments relative to the services of the web portal are realized by known personnel who is expressly chosen given the scopes of the requested services.
For these treatments, the Owner can rely on the help of external agencies, consultants, firms, software suppliers that operate through qualified personal and guarantee the utmost data security and protection. In the other cases, the gathered data will not be given to third parties without the consent of the customer, excluded cases in which communicating data to third parties is necessary to respect the law or essential to protect the rights of other customers or the web site itself.
Personal data will be treated and kept exclusively for the above specified ends and to save them and archive them in a secure manner, on remote servers that are handled by leading firms that abide to high protection standards as far as personal data are concerned.
This could result in the transfer of data to extra-EU countries, where the mentioned servers could be located.
In particular, personal data could be transferred outside the European Union and be received by one of these places:
- the company “WooCommerce” (https://automattic.com/privacy/), plug-in for e-commerce, used by the Site handled by the Owner;
- the company “Wordpress”) (https://it.wordpress.com/), used by the Site and managed by the Owner;
The treatment and preservation of the data by the mentioned provider will take place in a third country which is “apt” as defined by the decision by the European Commission—decision on the proper nature of protection offered by Canadian law on the safeguarding of personal information and on electronic documents (Canadian Personal Information Protection and Electronic Documents Act) or certified documents Privacy Shield (USA), that is on the basis of a contractual agreement or clauses which are approved by the European Commission, or norms affecting the firm which are approved through the specific procedure explained in art. 47 GDPR.
To send data to extra-EU countries, normally the national authorization of the Guarantor is not necessary. However, the Guarantor’s authorization will still be necessary if an owner desires to use specific contractual clauses which are not recognized as appropriate by the European Commission or by administrative agreements concluded between public authorities.
For what concerns data that are gathered for delivering the services, personal data can be treated by Amazon.com, inc. (on this point please refer to https://services.amazon.it/standards/nota-sulla-privacy.html?ref=asit_privacy_footernav)
F – Rights of the interested parties
At any time, the Customer preserves the following rights:
- obtain the confirmation of the existence or absence of the data and, if data are present, become aware of the content and the origin;
- verify the exactness of the data and correct any error or incomplete data. Also, update old data;
- obtain the restriction of treatment if one of the hypotheses foreseen by art. 18 GDPR recurs;
- ask the cancellation of data treatments that violate the law, that is if one of the conditions included in art.17, par. 1, let. a), b), c), e) and f) GDPR exists;
- oppose, for legitimate reason, data treatment as per art.21, par.2,3 GDPR;
- withdraw the expressed consent (given to the treatment of personal data) for reasons later specified;
- obtain the release of personal data in a format which is compatible with the standard IT technologies, in order to allow the transfer to other platforms desired by the Customer, without any impediment to the direct transfer of data, admitted that this transfer is possible (c.d. right to data portability).
The requests concerning the exercise of the previously listed rights must be send via email to the Owner (email@example.com)
If the Owner does not reply to the requests, the Customer will have the right to file a claim with the Guarantor for the protection of personal data (http://www.garanteprivacy.it/) or write an appeal letter as per artt.77 EU Regulation 679/2016 (GDPR).
G – Disclosure updates
Future legal updates could lead to changes in the current disclosure, which has been uploaded on the Site on 18/01/2021.
If any update occurs, the Owner will notify the updates on the Site.
Cookies are little text files that are memorized on the user’s device when she/he visits some websites by using her/his own browser. These files are then memorized in the directory of the browser’s files. They are used by the visited sites to archive and find information on the customer.
There are different types of cookies: “technical”, “analytical” and “profile-making”. Also, cookies can be categorized as “first-tier” cookies and “third-tier” cookies.
The Site is located on a platform owned by the company “Wordpress” (https://it.wordpress.com/). For more information on the cookies used by this platform and to deactivate them please visit the following link: https://automattic.com/cookies/.
The Site uses the following cookies:
I. Technical cookies
Technical cookies have the principal function of helping the user surf the Site. Almost all browsers are set to accept cookies but the Customer can autonomously modify the setting of her/his browser or install specific components that block cookies: of course, in this instance, the web portal and the use of some services can be limited.
Technical cookies are of two types: “session cookies” and “persistent cookies”: both are memorized on the user’s device but the first ones are eliminated when the browser is closed, while the second ones are memorized until they expire.
The Site uses session technical cookies for surfing through the pages, like for instance for allowing the access to reserved areas or memorizing temporary preferences of the user; these cookies are cancelled once that the browser is closed.
The use of session cookies (which, in any case, are not memorized permanently on the user’s computer and are automatically erased when the browser is closed) is strictly limited to data transmission (that is casual numbers produced by the server) which identify the specific session and are necessary to permit a secure and efficient perusal.
In some cases, the Site uses some persistent technical cookies to memorize the customer’s choices regarding, for instance, the language or the type of device.
Persistent cookies are memorized on the customers’ devices in separate browser sessions and they allow to remember the customer’s actions in a site. Persistent cookies can be used for a variety of purposes including remembering the preferences of the customer (e.g. the language of the site) when the customer uses the site.
II. Analytical Cookies
These cookies are used to infer the surfing preferences of the user/customer and for gathering statistical data anonymously.
The Site uses Analytical cookies only of third parties, that is originating from other websites.
The customer/user can deactivate these cookies by changing the settings of her/his own browser.
These are the links of the single browsers:
- Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies ;
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirect=no;
- Safari: https://www.apple.com/legal/privacy/it/;
- Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en;
- Opera: https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/
It is also possible to deactivate the cookies that are present on the websites by downloading specific software (for instance Ghostery http://www.ghostery.com/) or activating the “anonymous surfing” modality: this is a function that allows you to surf the internet without leaving any trace of what you have visited in your browser. This function only allows to keep the browser clean of any data.
Analytical Cookies used by the Site
The Site uses the following analytical services to obtain statistical data relating to the use of the website:
- “Google Analytics” offered by the company Google Inc.. In this case the personal data that are gathered are preserved by Google as the independent owner of the relative treatment.
For more information see https://support.google.com/analytics/topic/2919631?hl=it&ref_topic=1008008
Plug in cookies from social networks
Profile-related cookies (only third parts)
Profile-related cookies are used to keep track of the user’s surfing preferences to create a profile that can be used to send advertising messages to the user’s device. Third parties’ profile-making cookies originate from other websites or from advertising circuits (Google AdSense, etc.) which can be send to the user’s device following the user’s surfing experience on the Site.
Google Remarketing is a service provided by a third company (Google), independent from the Site and whose data analysis procedure cannot be checked by the Site. Further information on the gathered data and concerning the protection of Google data can be found here: http://www.google.com/intl/de/policies/privacy/ or in the respective linguistic versions of these websites.
If you don’t desire to receive advertisement based on the customer’s interests, it is possible to prevent the memorization of cookies by Google by selecting the settings of your (the customer’s/user’s) own browser.
Facebook Pixel is a service owned by FacebookInc. 1601 S. California Ave., Palo Alto, CA 94204, USA (“Facebook”), which grants following-up customers’ behavior after having clicked on a Facebook ad. This service allows to measure, analyze and optimize the effectiveness of the Facebook ads for statistical and commercial purposes. The data gathered on the Site, with the use of the Pixel, do not allow the Site to conclude anything concerning the customer’s identity. The gathered data (for example, the IP address of the relative user) are transferred through the Pixel conversion, and Facebook memorizes and elaborates data for conversion measurement purposes. The Site receives anonymous report from Facebook and these reports do not contain any information on the identity of the customers/users. Thus said, Facebook might connect the customer’s data obtained through the Site with other customer’s data (for instance, the information of a Facebook account) which Facebook will use for its own purposes.
Facebook, like its partners allows the presence of online advertisement both inside and outside Facebook’s web space. To this scope, a cookie can be memorized on the user’s computer.
To declare one’s consent to the use of the Pixel conversion the customer/user must be older than 13. With this file he/she declares to be of age or that his/her parents/legal tutors are informed and have decided to give their consent for the Declaration of Consent.
Consent for the use of the Pixel conversion can be withdrawn anytime. To this scope, don’t hesitate to use the following link: https://www.facebook.com/ads/website_custom_audiences/.
and selecting the appropriate settings through the measures there offered.
Finally, the user/customer can consult the following sites YourOnlineChoices (EU), Network Advertising Initiative (USA) and Digital Advertising Alliance (USA), DAAC (Canada) to understand and handle the tracking preferences of the majority of advertisement.