POLICY FOR PROCESSING OF PERSONAL DATA
pursuant to and for the purposes of Article 13 of the New European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION - GDPR)
As required by the General Regulation on the Protection of Personal Data of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the interested party (user of the website www.barbierionline.it) is informed that the personal data collected through the site are subject to processing by the Company through computer and / or telematics, for the purposes indicated in this statement.
The Data Controller is Almonello Srl, with registered office in Via Trento Trieste, 44 - 41043 Formigine, VAT number: 03719840369.
The Company has identified a Data Protection Officer pursuant to Articles 37 et seq. of European Regulation 2016/679, which is identified as Claudio Barbieri.
Information on the processing of personal data
The personal data being processed are collected directly by Almonello Srl or by third parties expressly authorized by it, or communicated by the Company to such third parties for the pursuit of the purposes described below.
Legal basis and purposes of the treatment
The personal data provided by the user when browsing the website www.barbierionline.it are processed by the Owner in accordance with current legislation on the protection of personal data.
The legal basis of the treatment is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible termination of the online sales contract concluded between the parties and in the obligations related to the same contract and / or directly and / or indirectly arising from the same.
The processing of personal data by Almonello Srl is aimed at the pursuit of the following purposes:
1) Registration on barbierionline.it: if the user decides to register on the site barbierionline.it, only after a possible and specific consent, personal data will be processed by the Data Controller for the purpose of registration on barbierionline.it. In particular, in return for providing your name, surname, e-mail address and setting a password, these will be processed for the creation of a personal account, to speed up the purchase process, to allow the user to view the status of orders and receive updates on purchases made, change personal settings and update the account.
2) Activities of online shopping: the personal data provided will be used for the purposes of establishing, managing, executing and/or concluding the online sales contract. The data provided will be processed by the data controller for the purposes of managing the purchase order with reference, by way of example, to the activities of payment, shipping, taking charge of any returns, for customer service, for the execution of administrative and accounting purposes related to the management of the order, for the fulfillment of obligations under applicable law. In case of payment by credit card, the fundamental information for the execution of the transaction (credit/debit card number, expiration date, security code) will be processed by PayPal or, possibly, by companies in charge of anti-fraud control through encrypted protocol and without third parties having any access to it. This information will never be displayed or stored by the seller (Almonello Srl).
Nature of the treatment
In relation to the purposes referred to in point 1) of the previous paragraph, the provision of personal data and consent to their processing is required. Failure to give consent makes it impossible for Almonello Srl to allow the registration on barbierionline.it, the creation of a personal account, speeding up the purchase process, displaying the status of orders and receiving updates on purchases made, the possibility for the user to change personal settings and update the account.
In relation to the purposes referred to in point 2) of the previous paragraph, the provision of personal data and consent to their processing is required. Any failure to give consent makes it impossible for Almonello Srl to proceed to the establishment, management, execution and / or conclusion of the online sales contract, so the inability to perform, for example, the activities related to payment, shipping, taking charge of any returns, customer service activities, the execution of administrative and accounting purposes related to the management of the order, and the fulfillment of obligations under applicable law.
Personal data processed
The personal data processed by the Owner are those provided by the user when browsing the website www.barbierionline.it, when registering and/or purchasing products made available to Almonello Srl, such as, for example: name, surname and e-mail address, in addition to the data necessary for the provision of the online sales service such as, for example, those required for the execution of payment and the shipment / exchange of products purchased.
Methods of processing and storage of data
The processing of personal data is performed by the Owner in compliance with the provisions of current legislation on Privacy. The Data Controller shall process personal data using computer and/or telematic means and in an organisational and logical manner strictly related to the pursuit of the purposes indicated in this information notice, as well as adopting appropriate security measures in order to prevent unauthorised access, disclosure, modification or destruction of personal data, their loss and their unlawful and incorrect use. However, the Company cannot guarantee its users that the measures adopted for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or loss of data by devices belonging to the user. For this reason, users of the site are advised to ensure that their computer is equipped with software suitable for the protection of data transmission over the network (e.g. updated antivirus software) and that their Internet Provider has adopted appropriate measures for the security of data transmission over the network. The Company also undertakes to process the data in accordance with the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and accurate for processing and to allow their use only by personnel for authorized purposes. The management and storage of personal data acquired will take place in archives or on servers located within the European Union owned by the Owner and / or third companies appointed as External Data Processors and, in any case, currently located in Italy.
In relation to the different purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve the same and, in any case, in accordance with current legislation on the subject.
In any case, the Company will take care to avoid the use of data for an indefinite period of time, proceeding, on a regular basis, to properly verify the effective permanence of the interest of the subject to whom they refer.
Recipients and data processors
The data collected will not be disseminated in any way, but will be processed within the limits and for the purposes described by employees of the Company on the basis of adequate operating instructions (for example, administrative, commercial, marketing, legal, system administrators, etc.). Some data processing may also be carried out by third parties, appointed as External Data Processors, of which the Owner makes use or may make use in the context of the management of the contractual relationship, the provision of services offered and for organizational needs of its activities. In particular, the data may be communicated to:
a) public and private subjects who can access the data in accordance with the law, regulations or Community legislation, within the limits provided for by these rules;
b) persons who need access to the data for purposes related to the contractual relationship between the parties, within the limits strictly necessary for the performance of ancillary tasks (such as, for example, banks and credit institutions, providers of technical services, hosting providers, computer companies, communication agencies, couriers and postal companies);
c) consultants, to the extent necessary for the performance of their professional duties.
Rights of Interested Parties
As the Data Subject, the user may exercise, at any time, the rights provided for in articles 15, 16, 17, 18, 20 and 21 of the GDPR, which confer, in particular, the right to:
a) to obtain from the Data Controller, in accordance with Article 15, confirmation as to whether or not his/her personal data is being processed and, in this case, to obtain access to such data and information: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients located in third countries or international organizations; (iv) where possible, the period of retention of personal data provided for or, if this is not possible, the criteria used to determine that period;
b) obtain from the Data Controller, pursuant to Article 16, the rectification of inaccurate personal data concerning him without undue delay; taking into account the purposes of the processing, the person concerned has the right to obtain the integration of incomplete personal data, including by providing an additional statement;
c) obtain from the Data Controller, pursuant to Article 17, the deletion of personal data concerning him without undue delay. The Owner is obliged to delete, without undue delay, personal data if there is one of the reasons indicated in paragraph 1 of Article 17;
d) obtain from the Data Controller, pursuant to Art. 18, the limitation of the processing when one of the hypotheses governed by paragraph 1 of Article 18 occurs;
e) to obtain from the Data Controller, pursuant to Article 20, the portability of the data, i.e. to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a Data Controller. The interested party also has the right to transmit such data to another Data Controller without hindrance by the first Data Controller to whom it has provided them, if the conditions indicated in Article 20, paragraph 1, are met. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
f) oppose, in whole or in part, pursuant to Article 21, the processing of personal data concerning him.
It should also be noted that the interested party has the right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to revocation, without prejudice to the consequences indicated above regarding any refusal to provide such personal data. The interested party also has the right to lodge a complaint with a Control Authority.
Almonello Srl undertakes to respond to the requests of the interested party within one month, except in cases of particular complexity for which it may take up to three months. In any case, the Data Controller shall provide the Data Subject with evidence of the reason for the wait within one month of the request. The outcome of the request will be provided in writing or in electronic format. In the event of a request for rectification, cancellation or limitation of processing, the Data Controller undertakes to communicate the results of the requests received by the Interested Party to each of the recipients of its data, unless this proves impossible or involves a disproportionate effort.
The Company specifies that a possible contribution may be requested from the Data Subject if the requests are manifestly unfounded, excessive or repetitive; in this regard, the Data Controller shall set up a register to track requests for action.
Amendments to this information notice