1. WHO PROCESSES YOUR PERSONAL DATA?
Scrivimi di S. M. Davidson with registered office at Piazza del Mercato Centrale 40R, 50123 Firenze (Italy), and can be contacted at the following e-mail address: email@example.com (hereinafter, “Scrivimi” or the “Data Controller”).
Receivers of your personal data
Your personal data could be communicated to:
- persons authorized by the Data Controller that are committed to/ or under an appropriate statutory obligation of confidentiality;
- subjects delegated and/or appointed by the Data Controller to carry out activities related to the purposes specified below (including technical maintenance interventions on the systems) rightly appointed as data processor;
- persons, companies or professional firms that provide assistance to the Data Controller, appointed, where necessary, as data processor;
- subjects, bodies or authorities to whom the communication of your personal data is mandatory pursuant to the provisions of law or orders of the competent authorities;
- third parties involved in the performance of activities strictly related or linked to the conclusion and/or execution of extraordinary transaction that involve Scrivimi.
2. PERSONAL DATA PROCESSED
Data provided on a voluntarily basis
Users can voluntarily provide personal information through, by way of example, the access to the Websites’ personal area, the newsletter subscription, contacting Scrivimi through channels made available by the Data Controller (e-mail, telephone), as well as identifying the closest authorized sales point or for recruitment purposes.
Data of third parties
Please note that if you provide us with information related to third parties you shall be sure that such third parties have been prior and properly informed about the method and purposes of the processing herein shown.
Please consider that with regard to such cases, you act as an independent data controller and you bear full responsibility and obligation provided by law.
Personal data relating to persons under the age of 16
Please note that if you are not 16 years old, you are not entitled to provide us with any personal data and, in any case, we are not responsible for your false statements. If we become aware of your false statements, we will immediately delete any personal data acquired.
Data related to or arising from the use of the Websites
Please note that we collect the following data by means of the services that You use:
– Technical data: IP addresses or domain names of the devices used by the users to connect to the Websites, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received as a reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding your operating system and device environment. This data is used exclusively for the purposes of obtaining (anonymous) statistics on the use and proper functioning of the Websites to control its correct functioning, and such information is deleted immediately after processing. These personal data may also be used to ascertain any liability in cases of alleged computer crimes against the Website or against third parties and they will be deleted after 7 days.
Cookie: definitions, features and applicable law
Cookie are small text files sent/read by websites on your devices, which are then transmitted back to those websites during the next visit. Thanks to cookies websites remember your actions and preferences (such as login data, the default language, font sizes, additional display settings, etc.) so that they do not need to specify them again on the next visit. Cookies are used to perform IT authentications, session monitoring, and to store information about the activities of users who access a website, and may also contain a unique identifier that allows for monitoring of user experiences on the site for statistical or advertising purposes.
There are indeed various types of cookies, depending on their features and functions, and these may remain on user device for different periods of time: so-called session cookies, which are automatically deleted when you close your browser; and so-called persistent cookies, which remain on your device until a pre-established date.
Please consider that the Italian Data Protection Authority (i.e. Garante per la protezione dei dati personali) has issued a decision (Decision Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies – 8 may 2014 and following clarifications, hereinafter the “ Decision”) according to which the technical cookies that do not require explicit consent also include:
- The “analytics cookies” insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website;
- The browsing or session cookies (for logging purposes);
- The functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased so as to improve the quality of service;
- “Profiling cookies” are aimed at creating user profiles and they are used to send ads messages in line with the preferences shown by the user during navigation. For these cookies the user shall express explicit consent
Many social networks have developed “social plug-in modules”, which website operators can integrate into their websites. This allows social networks users to share content with their “friends” (and propose other related features such as posting comments). Our Websites may include one or more of these social plug-in modules. These plug-ins store and access cookies on the user’s computer, allowing social networks to identify their members when they interact with these plug-in. Please note that the aforementioned social plug-in modules can also be used by social networks to provide services that go beyond what is strictly necessary, for example for behavioral advertising. Users should explicitly request these services. You can check the cookie settings on your social media platform.
Please consider if you make a payment on the website www.scrivimifirenze.it by credit card, you shall enter the confidential data of the credit card (card number, holder of the card, expiration date, security codes). These data will be acquired by the payment service provider who will act as an independent data controller, without passing through the Data Controller server and/or any data processors, therefore, he will not process these personal data in any way. The data will be acquired in encrypted format and according to the security requirements of the ISO 27001 certification. The payment service uses the SSL protocol (Secure Sockets Layer). The user can request, through the website, the saving of such data that will be saved directly by the payment service provider and will not be acquired by the Data Controller and / or by any data processor. The website’s operational manager will only keep track of the last four digits that make up the credit card number, solely and exclusively to prevent fraud in online payments.
3. PURPOSES OF THE PROCESSING
The personal data provided through the Websites will be processed for the following purposes:
- a. Ensuring your registration to the personal area of the website www.scrivimifirenze.it;
- b. Performing the activities necessary to conclude, manage and execute the purchase agreement of products and goods on the website www.scrivimifirenze.it. ;
- c. For purposes strictly related and/or necessary to satisfy your requests made, from time to time, through the Websites via email or other communication tools;
- d. ensuring compliance with legal obligations, regulations and European regulations;
- e. ascertain, exercise or defend a right in judicial proceedings or whenever the judicial authorities exercise their jurisdictional functions;
- f. forward promotional communications: in compliance with the “Guidelines on Marketing and against Spam – 4 July 2013 ” issued by the Italian Data Protection Authority, if you consent to receive information concerning promotional activities, including market research, of the Data Controller. Scrivimi informs you that such activities can be exercised, as required by current regulations, by means of paper mail, operator-assisted calls (“traditional methods”) , e-mail, texting, push notifications and use of social networks (“automated methods”)(“direct marketing”);
- g. Analyzing, also through electronic means, Your interests, habits and choices of purchase, in order to send you personalized advertising material related to Scrivimi’s products and/or services and in order to improve Scrivimi’s offer of product and services (“profiling”).
- h. Forward direct offer of products or services similar to the ones already purchased (“soft spamming”) with limited reference to the email address that You provided in the context of purchasing of a service or product on the website www.scrivimifirenze.it;
- i. Carrying out statistical survey;
The legal basis of processing for purposes 3 (a), (b) and (c) is the necessity to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract according to art. 6 (1) (b) GDPR. The performance of such activity does not require your consent.
The legal basis of the processing for purpose 3 (d) is the necessity to comply with a legal obligation to which the Data Controller is subject according to art. 6 (1) (c) GDPR.
The legal basis of the processing for the purposes 3(e) is the legitimate interests pursued by the Data Controller according to art. 6 (1) (f) GDPR.
The legal basis of the processing for the purposes 3 (f) and (g), is your consent according to art. 6 (1) (a) GDPR. Failure to give your consent does not affect the Websites’ use. The consent is freely given and you have the right to withdraw your consent at any time through an email to the Data Controller to firstname.lastname@example.org.
The processing of your personal data for the purpose 3 (h) is based on the legitimate interest of the Data Controller according to art. 130 of the Italian Legislative Decree no. 196/2003 which does not require consent. Please consider that you may at any time request not to receive such communications by using the “Unsubscribe” link put at the bottom of each communication.
Please consider that the processing for the purpose 3 (i) does not comprise personal data processing.
4. RETENTION PERIOD
With reference to the processing carried out for the purposes as per 3 (a) Your personal data will be deleted if you do not access your personal area for a period of 36 months.
With reference to the processing carried out for the purposes as per 3 (b) your personal data are processed, without prejudice to the legal obligations to which Scrivimi is subject, beyond the time allowed by Italian law to protect its interests from possible complaints.
With reference to the processing carried out for the purposes as per 3 (c), your personal data will be proceed for the period strictly necessary to fulfill your request except for the need to fulfill legal obligations or protect the Data Controller legitimate interests.
With reference to the processing carried out for the purposes as per 3 (d), your personal data will be processed for the period strictly necessary to allow the Data Controller to fulfill the legal obligations to which is subject.
With reference to the processing carried out for the purposes as per 3 (e) and (k), your personal data will be processed for the period strictly necessary to allow the Data Controller to verify, exercise or defend a right before a court or whenever the authorities exercise their jurisdictional functions and / or carry out any extraordinary transactions involving Scrivimi and related activities.
With reference to the processing carried out for the purposes as per 3 (f) and (g), your personal data will be stored until you withdraw your consent. In any case, Scrivimi is entitled to keep the personal data for the period of time provided for and permitted by Italian law to protect its interests.
With reference to the processing carried out for the purposes as per 3 (h), your personal data will be stored until you oppose to this processing using the “unsubscribe” link that you can find at the bottom of each communication forwarded via e-mail.
5. EXERCISE OF YOUR RIGHTS
Withdraw of your consent
You can withdraw at any time your consent sending an e-mail to the Data Controller: email@example.com.
Your consent is free and the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Exercise of your rights
You have the right, at any time, to request to the Data Controller access to, rectification, erasure, to object to relevant processing activity. According to art. 18 GDPR you are entitled to ask for restriction of the processing concerning your personal data or and to receive in a structured, commonly used and machine-readable format the personal data concerning you, in accordance with art. 20 GDPR.
Requests to exercise your rights must be sent to the following address: firstname.lastname@example.org.
In any case, pursuant to the Applicable Law, you have the right to lodge a complaint with the relevant supervisory authority (the Italian “Garante per la protezione dei dati”) if you believe that the processing of your Personal Data is against the applicable law.
6. HOW IS THE SECURITY OF YOUR PERSONAL DATA ENSURED?
The processing of your personal data by the parties referred to in paragraph 1 above, is performed in accordance with the provisions of the current applicable law. In particular, in order to ensure the security of your personal data, the Data Controller has implemented adequate technical and organizational measures to guarantee an adequate level of security to the risk, taking into account the state of the art and the implementation costs, as well as the nature, object, context and purpose of the processing, as well as the risk of various probabilities and severity for the rights and freedoms of individuals.