Information for the processing of personal data.
(Articles 13 e 14 EUROPEAN REGULATION N. 679/2016)
The following information is addressed to all the people visiting and interacting with this e-commerce site owned by the society Rupes s.p.a. the c.d. web store (“e-shop”), where it is possible to buy on-line products. The e-shop is managed, on behalf of Rupes s.p.a. to Calicantus s.r.l. that deals with sales management and transactions made in the e-shop (e.g.: orders management, products sale and delivery, returned products and guaranties management and other activities necessary to sale the products by the e-shop) as outside responsible of the treatment formally appointed and empowered by the same writing society which acts as "Data Controller" by determining the purposes and methods of processing your data.
It is reported that the society Rupes s.p.a. and Calicantus s.r.l., have signed a contract where they have defined their own responsibilities about the compliance with the obligations according to European Regulations n. 679/2016; proper information about the essential content of the contract will be available contacting the Controller whose details are mentioned below.
the writing Rupes s.p.a., legal office located in viale Bianca Maria 13, Milano (MI), head quarter in Via Marconi 3A, 20080 loc. Vermezzo ,Vermezzo con Zelo (MI), P.IVA. 05094230157, email: firstname.lastname@example.org, as “Personal Data Controller” is to inform you, according to the articles 13 e 14 of the European Regulation n. 679/2016 (afterwards “EU Regulation”), that your data will be processed as following:
1. Subject of the processing
The data Controller is to inform you that identity personal data (e.g., First Name, Surname, Business name, address, phone number, e-mail, bank and/or payment references, etc.), .), afterwards called “persona data” or simply “data”, even verbally obtained directly or through third parties in the past, like those got in the future, might be subjected to processing in full compliance with EU Regulation. The Data Controller will manage it according to the law, specifically in order to perform a contract of which you are a part or for the execution of pre-contractual measures required (ex. to prepare an offer, etc.) (art. n. 6 of EU Regulation).
Data processing means any operation or complex of operations concerning the collection, record, organization, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, lock, communication, spread, destruction of the data themselves.
2. Legal basis and Purposes of treatment
Legal basis: EU Regulation n. 679/2016.
A) Without your express consent (art. 6 let. b), c), e) of UE Regulation), for the following purposes:
- in order to manage the access to e-shop services and facilitate the purchase of the products on line and also to allow your registration to the e-shop and the possible conclusion of the purchase contract by the e-shop;
- to fulfil pre-contractual, contractual and tax obligations arising from the relationships with you;
- to allow to enter the e-shop also as not logged in user and surf the e-shop;
- to allow you the registration to the Site, by creating an account, and to use the services reserved to the registered users and in particular the possibility to purchase by the e-shop;
- to allow the access to the e-shop and to surf in the e-shop as logged in user;
- to keep and manage your account;
- memorize in your account data and information like, as an example, your personal data, your orders history and your possible returned goods, your delivery and/or invoice favourite address;
- to allow to put your orders into the basket and to perform the purchase contract by the e-shop.
- to fulfil the obligations coming from the purchase contract performed by the e-shop, like, as an example, the delivery of the sold products;
- to allow the fulfilment of the obligations coming from the contract performed by the e-shop like, as an example, the payment even on line of the purchased products;
- to the general activity of assistance and customer care, so to satisfy the requests of information coming form the users or to answer to complaints, reporting e controversies;
- to fulfill obligations under the law, regulation, community legislation or order of Authority (like for example anti-money laundering);
- exercise the processing holder’s rights, for example the right of defence in court;
- to keep the general ledger;
- to management purposes (billing, possible document management, etc.);
- to the credit management;
- to statistical analysis and quality control;
- to insurance management;
- to technical assistance.
In particular your data will be processed to purposes related to perform the following fulfilments, related to low and contract obligations:
- Functional and technical access to the Site. No data are kept after closing the Browser;
- Evoluted browsing purpose or personalized management of the contents;
- Statistic purpose, browsing and users analysis.
B) ) Only with your specific and distinct consent (art. 7 of EU Regulation), for the following commercial and/or marketing and/or profiling purposes:
- dispatch by e-mail, post and/or sms and/or phone contacts of newsletters, commercial communications and/or advertising about products or services offered by the processing Holder and/or detection of quality satisfaction;
- dispatch by e-mail, post and/or sms and/or phone contacts of commercial communications and/or promotions of third parties (for example, business partner).
3. Mode of data processing
The processing of your personal data is performed by the operations showed in the art. 4 n. 2) of EU Regulation and precisely: collection, registration, organization, structure, adjustment, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of provision, comparison or interconnection, limitation, cancellation or destruction, lock. Your personal data are subjected to both papery and electronic and/or automated processing (however suitable to guarantee the safety and the discretion of the data).
4. Data retention time and more information
The Controller will process the personal data for the time necessary to fulfill the above purposes and in any case not beyond the legal terms from the end of the relationship (e.g. the data necessary to the execution of the purchase contract until the delivery of the product or, in case of delivery failure, until the termination of the contract).
With reference to the personal data subjected to the processing for marketing or profiling purposes, they will be kept in compliance with the principle of proportionality and in any case until the processing purposes will be performed or until the withdrawal of specific consent is asked by the person concerned.
In particular the processing holder will hold the data for no more than 2 years from the collection of the data for Marketing Purposes and for a year for the data collected for profiling purposes.
Your personal data will be processed “lawfully, according to correctness and transparency” protecting your privacy and your rights.
An annual check of the processed data is expected to be done, it will also be possible to cancel them if no longer necessary to the expected purposes.
5. Access to data
Your data might be made accessible for the purposes mentioned in the above points 2.A) and 2.B):
- to members, employees and Controller’s collaborators in Italy and abroad, as appointed and/or inside processing data responsible and/or system administrators;
- to third parties or other subjects carrying out outsourcing activities on behalf of the processing Holder, as outside responsible of the processing (indicatively: associated studies, lawyers, data processing companies, certification bodies, accountant/fiscal consultant and in general all the Bodies responsible for checks and controls in the correct fulfilment of the purposes mentioned above, lenders, professional studies, consultants, insurance companies for the provision of insurance services, financial offices, Municipal Authorities and/or Offices, consultant and service companies and for job security; they might communicate data, or allow the access to them in the context of their own members, users and related assignees for specific market researches. Collected and processed data can also be communicated, in Italy and abroad, to subcontractors, suppliers, for the management of informative system, to carriers, forwarders and custom agents).
The detailed list of these figures is available at our offices and at your disposal.
6. Data communication
Without the need of express content (art. 6 let. b) and c) of EU Regulation), the Controller can communicate your data for purposes mentioned in point 2.A) to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those subject to whom the communication is mandatory by law for the fulfilment of the purposes mentioned above.
These subjects will keep the data as independent data controllers.
During and after the browsing the data will not be disclosed to third parties, in particular to:
- Google: Advertising service, Advertising target, Analytics/Measurement, Content customization, Optimization;
- Google AdWords Advertising service, Advertising target, Analytics/Measurement, Content customization, Optimization;
- Google Analytics: Advertising target, Analytics/Measurement, Optimization.
Your data will not be disclosed.
7. Data transfer
Personal data are kept in devices located at the Controller’s office or at the provider, in the European Union. Anyway it is understood that the Controller, if necessary, will have the right to move the data to extra-EU countries. In that case the Controller ensures now that the transfer of data extra-EU will take place in accordance with applicable laws, after the stipulation of the contractual clauses and standard controls decided by the European Commission.
Both regarding the personal data in its devices, and possible data kept by the provider, the Controller has implemented technical and organizational measures adequate to guarantee a suitable level of security, in full compliance with the indications in the art. 32 of EU regulation.
Browsing: your browsing data might be transferred, according to the purposes mentioned above, in the following countries: - EU Countries
Sine each browser, and often different versions of the same browser, are really different form each other, if you prefer operating by yourself through the preferences of your browser, you can find detailed information about the necessary procedure in the guide of your browser.
8. Nature of the data and consequences of refusing to answer
The provision of the data for the purposes mentioned at point 2.A) is mandatory. If the data are missing, we will not be able to guarantee the Services as indicated in 2.A).(e.g.: the failure to notify the data will imply the impossibility for the user to perform the contract and to purchase by the e-shop).
With reference to the data for the purposes mentioned at point 2.B) it is optional. So, you can decide not to give any data or afterwards to deny the possibility to process the data already supplied: in this case, you cannot receive newsletters, commercial communications and advertising and/or anything else concerning the services offered by the Controller.
Anyway, you will carry on being entitled to the services mentioned in 2.A).
9. Rights of the interested party
As interested, you have the rights mentioned in art. 15 of EU regulation and precisely the following:
1. you have the right to get from the Controller the confirmation that the processing of your personal data is in progress or not, and if yes, to get the access to personal data and to the following information:
a) the purposes of the processing;
b) the categories of the personal data concerned;
c) the recipients or their categories that will be made aware of the personal data, in particular if they are recipients of third parties or International organizations;
d) if possible, the expected conservation period of personal data, contrary, the criteria used to determine that period;
e) the right of the interested party to ask to the Controller for the correction or cancellation of personal data or the limitation of the processing of the personal data concerned or the opposition to their processing;
f) the right to file a complaint to a supervisory authority (the Guarantor for the protection of personal data);
g) if the data are not collected from the interested party, all the information available about their origin;
h) the existence o fan automated decision-making process, the profiling included as mentioned in the art. 22, paragraphs 1 and 4 of EU regulation, and, in some cases at least, important information about the used logic, as well as the importance and the consequences of this processing concerned for the interested party.
2. If your personal data are transferred to a third country or to an International organization, you have the right to be informed about the existence of adequate guarantees according to the art. 46 of EU Regulation concerning the transfer.
3. The Controller will give you a copy of your personal data subjected to the processing upon your request.
In the case where you ask for more copies, the Controller can charge you a reasonable contribution based on administrative costs. If you submit the request by electronic means, and unless otherwise indicated, the information will be provided in electronic format commonly used.
4. The right to get a copy as mentioned in paragraph 3 must not affect the right and the freedom of others.
Furthermore, where applicable, you can enjoy the rights as mentioned in the article from 16 to 22 of EU Regulation. You precisely have:
- the right to correct personal data;
- the right to cancel them;
- the right to limit their processing;
- the right of data portability;
- the right of opposition;
- the right to complain to guarantor authority.
You have also the right to revoke at any time a possible consent already given without compromising the lawfulness of the processing based on the consent given before the revocation.
10. How to exercise rights
You can at any time exercise your rights sending:
- a registered mail with return receipt to the writer (see the address in the letterhead);
- a e-mail to email@example.com
What is offered by the Controller and object of the current relationship does not provide the intentional acquisition of personal information concerning minors. In the case where the information about minors are accidentally registered, the Controller will cancel it very quickly, on request of the person concerned.
12. Personal data not given by the person concerned
It can happen that the writer is not the Controller to whom you gave your personal data, but he result to be co-controller of the data or responsible of them outside, and for this reason your data got to the writer at a later time because of a contract governing the parties. In this case we specify that the writer will do everything possible to be sure you have been informed and have given the consent to the processing. You can ask at any time to the writer the origin of your data acquisition.
Data Controller Responsible