Information for the processing of personal data made pursuant to and for the purposes of Legislative Decree no. 196 of 20 June 2003 and subsequent amendments and supplements, and the EU Regulation 2016/679 (GDPR)
PURPOSE OF THIS DOCUMENT
The following is a list of the methods of processing the personal data of users of the e-commerce website () that may be collected when consulting and browsing the Website.
The information is provided pursuant to art. 13 of Legislative Decree no. 196 of 20 June 2003 and subsequent amendments and supplements - Personal data protection code - and art. 14 et seq. of the EU Regulation 679/2016 (GDPR) to those who interact with web services accessible by electronic means starting from the address firstname.lastname@example.org
The information provided below also follows the guidelines derived from art. 29 of Directive no. 95/46/EC and refers in particular to the acquisition of personal data on the Internet, with the aim of specifying the minimum measures to be implemented in relation to data subjects to guarantee the ethics and legality of these operations.
THE DATA CONTROLLER
After consulting and browsing the www.veschetti.com hereinafter referred to as the WEBSITE, data relating to identified or identifiable persons may be processed.
The Data Controller of their processing is VESCHETTI GIOIELLI S.R.L. with registered office in Corso Magenta 27/ e 25121 BRESCIA BS ITALY , Tax code and VAT no. 02065740173, e-mail email@example.com, hereinafter identified as the "DATA CONTROLLER" or "MANAGER".
The information is provided only for the WEBSITE in question and not for other external websites that may be consulted through links on the WEBSITE's pages, which link to different domains, for which the DATA CONTROLLER is not responsible.
PLACE OF DATA PROCESSING
The processing operations connected to the Web services on the WEBSITE (physically resident on servers connected to the network) are carried out at the headquarters of the DATA CONTROLLER and are carried out only by employees, collaborators or persons in charge of processing, or by persons in charge of non-routine maintenance operations. No data resulting from navigation on the WEBSITE is communicated or disclosed to third parties whose work is not inherent to the management, operation or control of the operations of the WEBSITE itself. The personal data provided by users who request information material are used only to perform the service or provision requested and are communicated to third parties if this is necessary for this purpose except as provided in the chapter "optional data provision".
TYPES OF DATA PROCESSED
The computer systems and software procedures used to operate the WEBSITE acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes, by way of example only, IP addresses or domain names of computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the WEBSITE and to check its correct functioning. The data may be made available by the DATA CONTROLLER to ascertain responsibility in case of hypothetical computer crimes or other requests authorised by the judicial authorities.
Data voluntarily provided by Website users
The optional, explicit and voluntary sending of e-mail messages to the addresses indicated on the WEBSITE or by filling in purchase order and/or request forms or other guided procedures on the WEBSITE itself, involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data entered such as telephone numbers or country of origin. Specific summary information will be reported or displayed on the pages of the Website prepared for particular services on request.
For the purposes described in this Policy, personal data of various kinds is collected, including:
- information relating to the contract (name, surname, place and date of birth, nationality, residence/domicile, e-mail address, postal address, telephone number and any other personal data of the data subject) provided during the completion of the forms on the Website, including the registration and creation of an account on the Website;
- information relating to any transaction carried out by the data subject;
- data subject’s user name and password;
- personal data contained in communications sent by the data subject for any reason whatsoever;
- information resulting from proposed surveys;
- payment information (credit card number, expiry date, authorisation number or security code, shipping address and billing address, bank details -IBAN),
- information regarding personal or professional interests, marital status, demographic data and experience of the data subject with the products and contact preferences;
- information obtained from third party service providers;
- personal data collected by third parties, shared by the data subject on social networks and accessible to the public (e.g. Facebook, Instagram, Twitter, etc.) and/or collected in other publicly accessible databases.
No personal data is knowingly collected or used by anyone who is not of legal age or is considered a minor according to the legislation of his/her country of residence: the User, by registering on the Website and, in any case, when providing his/her data, confirms that he/she has reached the minimum legal age.
VOLUNTARY PROVISION OF DATA
The provision of such data is not mandatory.
The user is free to provide personal data contained in the request forms or indicated in contacts to request information material or other communications. Failure to provide such data may make it impossible to obtain the information requested. For the sake of completeness it should be remembered that, in some cases (not covered by the ordinary management of this Website), the Authority may request news and information pursuant to art. 15 of the EU Regulation 679/2016 (GDPR), for the purposes of controlling the processing of personal data. In these cases the answer is mandatory under penalty of administrative sanction.
The communication of the user's personal data (in particular, name and surname, e-mail and postal address, credit/debit card details, bank details and telephone number) is necessary in order to process the purchase order of the products offered for sale on the Website and to fulfil the obligations provided for the laws or regulations in force. The refusal to provide personal data necessary for the pursuance of the above purposes may make it impossible for Veschetti Gioielli SRL to process and accept the order of the products sold on the Website and/or to fulfil the obligations provided for by law and other regulations in force.
It is optional for the user to provide further personal data, other than those necessary for the fulfilment of legal or contractual obligations and the correct consultation of the services that can be provided.
Data which is mandatory and/or essential for the purchase offer of products and/or for the provision of services requested is marked with a special symbol (*) on the website.
USE OF DATA
The use of the user's personnel data is carried out on a legal basis in order to achieve the following purposes:
- the processing is necessary for the execution of a contract or to initiate the necessary and useful operations in connection with the conclusion of a contract (e.g. sales contract), such as, for example, pre-contractual measures taken, including: - the execution of transactions and supplies of products and services; - the processing and execution of orders related to products and services; - information and assistance to the data subject;
- the processing is necessary for the fulfilment of legal obligations and/or judicial and/or administrative measures;
- the processing falls within the legitimate interests of the Data Controller, in his/her capacity as a business operator, such as:
- interest in the use of personal data of customers and users of the Website in order to carry out, evaluate, develop and improve commercial and promotional activities (including the performance of marketing activities) including current and potential customers and Website users;
- interest in exercising and/or defending a right before a court of law or out of court and/or administrative authorities, and in reducing the risk of defaults and managing credit recoveries;
before a court of law or out of court
- interest in sending promotional material and other communications, including contacting the data subject by e-mail, post, telephone and other means, to organise and manage special events, contests, programmes, offers, surveys and market research;
- interest in preventing and avoiding fraud and other illegal activities, as well as in respecting and complying with current legal requirements;
- the processing is based on the prior and explicit consent of the data subject, for example in the case of personalised marketing activities.
DISCLOSURE OF PERSONAL DATA
The Data Controller may disclose personal data to its affiliated company or to its suppliers who contribute to providing services, processing transactions, responding to requests for information, receiving and sending communications, updating marketing lists, analysing data, providing assistance or performing other necessary and related activities.
You will be asked for your explicit consent before sharing your personal data, for marketing purposes, with any third party company other than the above mentioned subjects.
The personal data will be accessible to authorised personnel of Veschetti Gioielli SRL and service providers operating on its behalf, in case of need. It may be necessary to transfer personal data to third countries in which Veschetti Gioielli SRL operates; some of these countries are subject to the decision of the European Commission on the adequacy of data protection, while others, such as the USA, are not. In order to ensure that the protection of your personal data complies with applicable laws, such transfer outside your country of residence or the European Economic Area (EEA) will be made in compliance with the EU Type Clauses, the EU-US or CH-US Privacy Shield Agreement, the Clauses binding on companies belonging to the same Group or other legal mechanisms.
Personal Data may be shared with third parties in case of enhancement, restructuring and/or other operations that may result in the sale and/or transfer for any reason, in whole or in part, of the company of the data controller.
STORAGE OF PERSONAL DATA
Personal data will be kept for the period necessary for the purposes for which it was collected and, generally, for five years after the end of the relationship or the last contact with the data subject, unless otherwise required by applicable law.
Under specific circumstances, personal data may be kept for a longer period, if required by legal, tax and financial requirements, or, in compliance with applicable law, to keep an accurate record of transactions in the event of complaints or appeals.
SECURITY - PROCESSING METHOD
Specific security measures are observed to prevent the accidental loss of data, their alteration and/or disclosure, illicit or incorrect use and unauthorised access in compliance with minimum security measures.
For the best possible protection of personal data, the data subject must use a protected device (for example, equipped with an effective updated antivirus system) and its Internet provider must adopt appropriate measures for the security of data transmission over the network (for example, firewalls and spam filters).
In order to provide a complete service, the WEBSITE may contain links to other websites, not managed by this DATA HOLDER, who shall be held responsible for errors, content, cookies, publications of illicit moral content, advertising, banners or files that do not comply with the regulations in force and the respect of the EU Regulation no. 679/2016 by the above-mentioned websites.
While adopting reasonable protection measures, it is not possible to ensure that the personal data communicated cannot be violated: by using the Website, the User accepts the possible implications on the security of data inherent in online business transactions, releasing Veschetti Gioielli SRL from any liability through no fault of its own.
Cookies are short text files that are downloaded to your device when you visit a website and allow the WEBSITE to recognise your device. They have various purposes such as, for example, enabling you to browse efficiently between pages, remembering your favourite websites and generally improving your browsing experience.
Depending on the function and purpose of use, cookies may be divided into technical cookies, profiling cookies or third party cookies. For more information on the cookies used by the WEBSITE see the chapters below.
RIGHTS OF THE DATA SUBJECT
The subjects to whom the personal data refers have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration or updating, or correction (art.15 of Legislative Decree no. 679/2016). According to the same article you have the right to request cancellation, transformation into anonymous form or blocking of data processed unlawfully, and to oppose, for legitimate reasons, their handling. In any case, the User is free at all times to withdraw the consents given, by sending an informal communication stating this to the DATA CONTROLLER using the contact details provided at the start of this document.
In particular, the data subject is entitled:
- to be informed of the existence of data processing operations concerning him/her, to obtain access to and a copy of the data, their origin and the recipients to whom the data has been or will be communicated;
- to ask the data controller to correct or delete the personal data or to limit the processing of personal data concerning him/her or to oppose its processing;
- to obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay and the integration of incomplete personal data, including by providing a supplementary statement;
- to revoke the consent given at any time, without prejudice to the lawfulness of the processing based on the consent acquired before the revocation, pursuant to art. 7, par. 3 of EU Regulation no. 679/2016: the revocation may make it impossible for the Data Controller to execute the contract and/or provide the service and to pursue the above mentioned purposes;
- to obtain the immediate deletion of their personal data if consent has been revoked, if it is no longer necessary for the purposes for which it was collected or otherwise processed or if the legal basis for the processing has ceased to exist; if it has been processed unlawfully or if this obligation is imposed by law or judicial authorities, pursuant to art. 17 of EU Regulation no. 679/2016;
The User has the right.
- to obtain the limitation of the processing of data concerning him/her if: the data subject contests its accuracy; the processing is unlawful and the data subject opposes the deletion of the personal data and requests that its use be limited; although the data controller no longer needs them for the purposes of processing, the personal data is necessary for the data subject to ascertain, exercise or defend a right in court; the data subject has opposed the processing pursuant to Article 21, paragraph 1, of EU Regulation no. 679/2016/2016 pending verification as to whether the legitimate reasons of the data controller take precedence over those of the data subject;
- to request the portability of his/her data and, therefore, to receive all his/her personal data in a structured format, of current use and readable by automatic device and to request its transfer to another data controller pursuant to art. 20 of EU Regulation no. 679/2016;
- to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him/her pursuant to Article 6, paragraph 1, letters e) or f) of EU Regulation no. 679/2016, unless there are legitimate reasons for the Controller to continue processing;
- where personal data is processed for direct marketing purposes, to object at any time to the processing of personal data concerning him/her carried out for such purposes, including profiling in so far as it is related to such direct marketing;
The data subject may exercise the above rights by sending a request by e-mail to the e-mail address …….. , if he/she considers that the processing of his/her personal data is carried out in violation of the legislation in force, he/she has the right to lodge a complaint with the supervisory authority.
WHAT IS A COOKIE
Cookies are short text files that are downloaded to your device when you visit a website. On each subsequent visit, cookies are redirected to the website where they originated from (first-party cookies) or to another website that recognises them (third-party cookies). Cookies are useful because they allow a website to recognise your device. They have various purposes such as, for example, to enable you to browse efficiently between pages, remember your favourite websites and, in general, improve your browsing experience. Depending on the function and purpose of use, cookies can be divided into technical cookies, profiling cookies, third party cookies, etc.
The purpose of profiling cookies is to improve the WEBSITE user experience by suggesting content similar to the preferences expressed by the user while browsing, based on the content displayed and other behaviour parameters. You may choose to disable the use of individual WEBSITE cookies through the appropriate options on your browser. In this case, some features of the WEBSITE may not be available.
THIRD PARTY COOKIES
DISABLING COOKIES ON THE MOST COMMON BROWSERS
You can disable cookies using the options provided by your browser. The following are some examples of the most popular browsers
- Select Tools from the menu bar
- Click on Internet Options
- Click on the General tab, which is located under "Browsing History" and click on "Delete".
- Select Tools from the menu bar
- Click Options
- Click on the Privacy tab
- Click "Delete Now"
- Select "Cookies”
- Click "Delete personal data now".
- Click the wrench icon in the top right corner of your browser
- Click on "Options"
- Click on "Geek stuff"...
- Click the "Content Settings" button in the Privacy section
- Click the "Clear browsing data" button
- Go to the Safari menu (icon in the top right corner of your browser) and select Preferences
- In the pop-up window that opens, select the Security icon (in the form of a padlock)
- Under "Accept Cookies", select the "Never" button.