Welcome to our shop.luisaspagnoli.it. website (“Site”).
1. THE POLICY
All Data subjects are entitled to the protection of their Personal Data. TD respect the rights of their users to be informed on the collection and subsequent processing operations concerning their Personal Data. The Site activities have been carefully configured to respect the principle of strictly necessary when processing data that can identify users, even indirectly- For this reason, we have configured the Site so that the use of personal data is kept to a minimum and exclude the processing of personal data when the purpose of the specific activity can be achieved using anonymous data or other means, identifying the person only when needed or at the request of the authorities and police forces.
2. HOW WE COLLECT YOUR DATA ON THE SITE
Data acquired during navigation
Generally speaking, no user personal data is collected when visiting or browsing through the Site. The processing of personal data of users who visit and consult the Site is limited to the so-called navigation data. The data processing systems and software procedures used by this website acquire some personal data, during their normal functions, the transmission of which is implicit when using Internet communication protocols. This refers to information which is not collected to be associated with identified parties, but due to their nature could, permit the identification of the user if they are elaborated and associated with data held by third parties. This category of data includes, for instance, IP addresses or computer domain names used by the users to connect to the website, the URI Uniform Resource Identifier addresses of the requested resources, the time of request, the method used to make the request to the server, the size of the file received in reply, numerical code indicating the status of the reply given by the server (successful, error etc.) and other parameters of the operating system and the environment used by the User. This data is used for the sole purpose of collecting anonymous statistics on the use of the Site and to check it functions correctly and they are cancelled immediately after such anonymous processing. The data could be used to ascertain responsibility in the case of any hypothetical electronic crimes which damage the Site: in addition to this eventuality, at present the so-called navigation data are retained and deleted within the terms provided by the applicable regulations, according to the purpose for which they were collected and subsequently processed.
Data provided spontaneously by the User
The Site also collects and processes personal data provided voluntarily by users when they interact with the functions and services provided on the Site, for instance during the Site registration process or to send purchase orders for products through the Site, or for registration to receive newsletters, take part in initiatives via the Site, requests for information and sending of communications. In the sections of the Site where the Data Subject's personal data are collected, a specific Information Notice is available and, when required by the Privacy Code, the users are requested to grant their consent for the processing of their data. For further information on the purposes for which personal data is processed on the Site, please read the section that follow "Purpose and Methods of Processing Personal Data".
3. WHO PROCESSES YOUR PERSONAL DATA, HOW AND FOR WHAT PURPOSE
The personal data of Site users are generally collected and processed to manage the interaction of users with some functions of the Site, for instance, Site registration or purchasing transactions and the execution of relative purchase orders. Moreover, personal data is processed to fulfil all obligations as foreseen by the laws, regulations and EC norms and standards in force, and to exercise its rights at a judicial level. Collection of data is necessary for such activities. Failure to collect the data makes it impossible to fulfil the contractual obligations or provide the requested services. Consequently, pursuant to Article 24 of the Privacy Code, the consent of users for such processing purposes is not necessary.
In addition to the foregoing, the data can also be processed for marketing purposes, i.e. the sending of information and promotional materials on Site products, special offers and/or promotions by standard mail, email, newsletters and text messages by SMS and MMS. It is always possible to oppose receipt of promotional materials; in fact, instructions on how to oppose this service and no longer receive such communications are included in every mail received. Conferral of data for marketing purposes, as illustrated above, is optional and any refusals will not have any consequence on the possibility for Users to request products and enjoy the services and other functions provided by this Site.
Triboo Digitale Srl – with registered office in Viale Sarca 336 - 20126 Milan Italy (TD), email: firstname.lastname@example.org is the autonomous Data Controller for the processing of processes personal of Site users as is strictly necessary to manage the purchasing operations and execute the orders placed via the Site, including the management of the sales and other transactions performed on the Site, delivery of products, returned materials and warranties, and all further activities necessary to the sale of its products via the Site.
Luisa Spagnoli S.p.A. with registered office in Strada Santa Lucia 71, email: email@example.com ("Luisa Spagnoli S.p.A."), is the autonomous Data Controller for the processing of user data for the above indicated marketing purposes.
Depending on the specific processing purpose, the personal data can be accessed by the Data Controllers as above, and their respective Chief Processors, if appointed. To receive an updated list of the Chief Processors appointed to processing personal data and the third-parties to whom such data is communicated, please contact the Customer Care Service or send an email to the email address firstname.lastname@example.org.
4. SCOPE OF COMMUNICATION OF PERSONAL DATA
Personal data can be communicated to authorities and public entities; professionals, freelancers, including associates and commercial partners (i.e. third-parties providing Site management services of a commercial, professional and technical nature and to pursue the aforementioned purposes); third-parties in cases of mergers, acquisitions, corporate or business branch spin-offs or other extraordinary transactions. These third-party subjects only receive the information needed for them to implement their designated functions. In particular, TD communicates the personal data collected to Arcese Logistic S.r.l., duly appointed as Chief External Processor for the execution of logistic activities concerning shipping and the return of purchased products. All the above subjects undertake to use the information received for the aforementioned processing purposes only, and keep them secure and confidential, in accordance with the requirements of the applicable laws and regulations in force. In addition, personal data may be communicated to legitimate recipients under the laws or regulations in force.
Except for the foregoing, personal data are not shared with third-parties who do not provide any service at a commercial, professional and technical level. The third-parties, i.e. Data Controllers, Chief Processors or Processing Officers, as the case may be, to whom such data is communicated shall process the same for the aforementioned purposes only, in accordance with the requirements of the applicable privacy code.
5. SECURITY MEASURES
In order to guarantee the security of all personal data, the security measures foreseen by the PDPC and any applicable regulations have been adopted to prevent loss of data, illegal or illicit use of the data and unauthorised access to said data, with particular but not exclusive reference to Annex B to the Privacy Code (Technical Regulations regarding minimum security measures). In addition, information systems and computer software programs are configured so as to minimise the use of personal and identifier data therefore such data are used only when necessary for specific processing purposes pursued each time.
6. RIGHTS TO ACCESS PERSONAL DATA AND OTHER PRIVACY RIGHTS
Users are always entitled to exercise, at any moment in time, the rights granted by Art. 7 of the PDPC, such as for instance obtaining confirmation as to whether or not their personal data exists in an intelligible form; access such data; verify the contents, origin and accuracy; the right to obtain the updating, rectification, integration of the data; erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; certification to the effect that the operations indicated above have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; the right to oppose, for legitimate reasons, all or part of the processing of the personal data, for instance the right to oppose the processing of the personal data for marketing purposes.
To exercise such rights, users are required to contact the respective Data Controllers, depending on the type or processing to be opposed, using the email addresses provided in paragraph 3.
Please read our Cookies Policy shop.luisaspagnoli.it/cookies for information on cookies and how to disable them.
9. GIFT CARD – PERSONAL DETAILS OF A THIRD PARTY RECIPIENT
The personal details of a third party recipient (name and email address) to whom you wish to send a "Gift Card" to during the purchase process, shall be processed exclusively to allow Triboo Digitale to send the "Gift Card" via email to the recipient, to unlock the card and fulfil all consequent services and obligations assigned to Triboo Digitale. The details (name and email address of the recipient) shall only be retained until confirmation is received that the recipient has unlocked the Gift Card, following the instructions provided on the Site or, whichever occurs later, until the date within which the Buyer is entitled to exercise his right of withdrawal expires: once the Gift Card has been unlocked, or, whichever occurs later, once the date within which the Buyer is entitled to exercise his right of withdrawal has expired, the details of the recipient processed for the purposes illustrated herein will be erased.