INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to and for the purposes of Art. 13 of the New European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR) As required by the General Regulation on the Protection of Personal Data of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the Data Subject (user of the website www.maisonroel.com) is informed that the personal data collected through the site are subject to processing by the Company through IT and/ or telematic tools, for the purposes indicated in this statement.
To this end, the data subject is submitted to the Privacy Notice prepared by _Elena Viggiano_______________________ (hereinafter also “_Elena Viggiano_______________” or “the Company” or “the Seller” or “the Data Controller”, as identified below), creator and promoter of the activities available on www.maisonroel.com.
The Data Controller is ____Elena Viggiano___________________, with registered office in Campi Bisenzio, at Via _____Benedetto Croce 38__________________ VAT Number: _____07061870486________, e-mail firstname.lastname@example.org__ p.e.c. email@example.com______.
The Company has identified a Data Protection Officer pursuant to Articles 37 and following of EU Regulation 2016/679, which identifies ___Elena Viggiano
This person may be contacted for clarifications and questions concerning the processing of personal data at: firstname.lastname@example.org____________.
For further information regarding the rights of the interested party, please consider the paragraph called “Rights of the interested parties” of this statement.
Information on the treatment
The personal data being processed are collected pursuant to art. 13 U.E. Regulation no. 679/2016 General Protection of Personal Data (GDPR) directly by Elena Viggiano_ or by third parties expressly authorized by this, or communicated by the Company to such third parties for the pursuit of the purposes described below.
Legal basis and purpose of processing
The personal data provided by the user when browsing the website www.maisonroel.com are processed by the Data Controller in accordance with the applicable regulations on the protection of personal data.
The legal basis of the processing is the provision of its services by the Company, the management and facilitation of the website, as well as the establishment, execution and possible termination of the on-line sales contractline concluded between the parties and in the obligations to the same contract related and/or by the same directly and/or indirectly arising.
The processing of personal data by _Elena Viggiano is aimed at the pursuit of the following purposes:
1) SUBSCRIPTION TO THE NEWSLETTER OF MAISONROEL.COM: in the event that the user decides to subscribe to the “Newsletter of MAISONROEL.COM”, only following a possible and specific consent, personal data will be processed by the Data Controller for sending commercial or promotional communications, updates relating, for example, to latest trends,
new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the appropriate UNSUBSCRIBE link at the bottom of the emails received or by writing to email@example.com__________________
The Data Controller, to compare and possibly improve the results of communications, uses systems for sending newsletters and promotional communications equipped with a reporting mechanism, thanks to which the Data Controller may know, for example: the number of readers, the type of device used to read the communication (desktop, mobile); the number of pending users who have not yet confirmed their registration; the number of emails sent by date/time/minute; the detail of the emails delivered compared to those sent; the list of those who requested cancellation of the newsletter; email openings and clicks on individual links; message display problems; link tracking (that is, the number of clicks made on the links in the message); click tracking (which links were clicked). All these data are used to compare, and possibly improve, the results of communications.
2) REGISTRATION ON MAISONROEL.COM: in the event that the user decides to register on the MAISONROEL.com website, only following a specific consent, if any, the personal data will be processed by the Data Controller for the purposes of registration on www.maisonroel.com. In particular, with the provision of your name, surname, e-mail address and the setting of an access password, these will be processed for the creation of a personal account, to speed up the purchase process, to allow the user to view the status of orders and receive updates on purchases made, change your personal settings and update your account, view your return history and merchandise exchange requests, save your favorite items in the Wishlist and to offer you the opportunity to join at a later time if you so wish, to the loyalty program.
3) ONLINE SHOPPING ACTIVITIES: the personal data provided will be used for the establishment, management, execution and/or conclusion of the online sales contract. The data provided will be processed by the Data Controller for the purpose of managing the purchase order with reference, by way of example, to the activity of payment, shipment, taking charge of any returns, for customer assistance, for the execution of administrative purposes – accountants related to the management of the order, for the fulfillment of obligations under current legislation. In case of payment by credit card, the basic information for the execution of the transaction (credit card holder, credit/debit card number, expiry date, security code) will be processed by Chianti Banca- Credito Cooperativo – or, where appropriate, by companies responsible for fraud control by means of an encrypted protocol and without third parties having access to it in any way. Such information will never be displayed or stored by the Seller.
4) PROFILING OF THE PHYSICAL PERSON: only following any and explicit consent, the personal data provided may be processed by the Data Controller for profiling activities pursuant to art. 22 GDPR, or the analysis of preferences aimed at creating content and personalized offers.
Nature of the treatment
In relation to the purposes referred to in point 1) of the previous paragraph, the provision of personal data and consent to their processing is optional. Failure to provide consent makes it impossible for the Seller to allow the subscription to the “Newsletter”, the sending of commercial or promotional communications, updates relating to, for example, the latest trends, new arrivals, exclusive offers, special events and promotions. In relation to the purposes referred to in point 2) of the previous paragraph, the provision of personal data and consent to their processing is mandatory. Failure to provide consent will make it impossible for the Seller to allow registration on MAISONROEL.com, the creation of a personal account, the speeding up of the purchase procedure, showing the status of orders and receiving updates on purchases made, the possibility for the user to change personal settings and update the account, to view the return history and requests for goods exchange, to save your favourite items in the Wishlist and to join the loyalty program at a later date if you so wish. In relation to the purposes referred to in point 3) of the previous paragraph, the provision of personal data and consent to their processing is optional.
Failure to give consent implies the impossibility for the Seller to allow adherence to the loyalty program.
In relation to the purposes referred to in point 4) of the previous paragraph, the provision of personal data and consent to their processing is mandatory. Failure to provide consent implies the impossibility for the Seller to proceed with the establishment, management, execution and/or conclusion of the online sales contract, therefore the impossibility of carrying out, by way of example, the activities related to payment, shipment, taking charge of any returns, customer service activities, execution of administrative purposes – accounting related to the management of the order, and the fulfilment of obligations under existing legislation.
In relation to the purposes referred to in point 5) of the previous paragraph, the provision of personal data and consent to their processing is optional.
Failure to provide consent will make it impossible for the Seller to carry out profiling activities, or to carry out analysis of preferences aimed at creating personalized content and offers.
Personal data processed
The personal data processed by the Data Controller are those provided by the user when browsing the website www.maisonroel.com, on the occasion of the eventual registration of / adherence to the services / programs made available to the Seller and/or the possible purchase of products made available to the Seller, such as, for example: name, surname and address e-mail, in addition to the data necessary for the provision of the online sales service such as, for example, those functional to the execution of payment and shipping/ exchange of products purchased.
Communication and dissemination of data
The data collected and processed in accordance with the aforementioned provisions may be used, with the consent of the interested party, by the Data Controller and/or Data Processors for purposes related to the use of social accounts responding to the profile ‘Maison Roel’.
Methods of Data Processing and Storage
The processing of personal data is carried out by the Data Controller in compliance with the provisions of current legislation on Privacy. The Data Controller carries out the processing of personal data using IT and/ or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this statement, and taking appropriate security measures to prevent access, disclosure, modification or unauthorised destruction of personal data, their loss and their illicit and incorrect use. However, the Company cannot guarantee to its users that the measures taken for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or dispersion of data by user-related devices. For this reason, users of the site are advised to ensure that their computer is equipped with software suitable for the protection of the transmission of data in the network (for example, updated antivirus) and that its Internet Provider has taken appropriate measures for the security of the transmission of data over the network.
The Company also undertakes to process the data in accordance with the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and exact for the processing and to allow their use only by staff for the authorized purpose. The management and storage of personal data acquired will take place in archives or on servers located within the European Union owned by the Owner and/ or third-party companies appointed as External Data Processors and, in any case, currently located in Italy.
In relation to the different purposes for which they are collected, personal data will be stored for the time strictly necessary to achieve the same pursuant to art. 5 GDPR and, in any case, in accordance with the applicable regulations.
In any case, the Company will take care to avoid the use of data for an indefinite period of time by proceeding, on a regular basis, to properly verify the actual permanence of the interest of the subject to which they refer.
After the retention period and after the end of the requirement underlying it, the personal data of the data subject will be deleted or made anonymous, subject to further and different storage obligations.
Recipients and Data Processors.
The data collected will not be disseminated in any way, but will be processed within the limits and for the purposes described by the employees of the Company on the basis of appropriate operating instructions (for example, administrative, commercial, marketing, legal, system administrators, etc.). Some data processing may also be carried out by third parties, appointed External Data Processors, which the Data Controller makes use of or could make use of in the context of the management of the contractual relationship, the provision of the services offered and for the organizational needs of its activity. In particular, the data could be communicated to:
a) public and private persons who have access to the data by virtue of the provisions of law, regulation or Community law, within the limits provided for by those rules;
b) persons who need access to the data for purposes related to the contractual relationship between the parties, to the extent strictly necessary for the performance of ancillary tasks (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers and forwarding companies);
c) consultants, to the extent necessary for the performance of their professional duties.
The updated list of External Data Processors and Data Subjects authorised for processing is kept at the headquarters of the Data Controller and is available to the Data Subject, upon request via e-mail to firstname.lastname@example.org______________________
Transfer of data abroad
The management and storage of personal data will be carried out on servers of the Data Controller and/or third-party companies duly appointed as External Data Processors located within the European Union.
Personal data may be transferred abroad, in accordance with the provisions of current legislation, even in countries outside the European Union. The transfer to non-EU countries, in addition to the cases in which this is guaranteed by Decisions of Adequacy of the Commission, is carried out in order to provide appropriate and appropriate guarantees pursuant to art. 46 or 47 or 49 of the GDPR Regulation.
Rights of interested parties
As interested party, the user can exercise, at any time, the rights provided for in articles 15, 16, 17, 18, 20 and 21 of the U.E. Regulation no. 679/2016 General Protection of Personal Data (GDPR) that confer, in particular, the faculty to:
a) obtain from the Data Controller, pursuant to Article 15, confirmation that or not their personal data are being processed and, if so, obtain access to the data and to information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients located in Third Countries or International Organisations; (iv) where possible, the expected retention period of personal data or, if that is not possible, the criteria used to determine that period;
b) obtain from the Data Controller, pursuant to Article 16, the rectification of inaccurate personal data concerning him without undue delay; taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing an additional statement;
c) obtain from the Data Controller, pursuant to Article 17, the cancellation of personal data concerning him without undue delay. The Data Controller has the obligation to cancel, without undue delay, personal data if there is one of the reasons indicated by paragraph 1 of Article 17;
d) obtain from the Data Controller, pursuant to Art. 18, the limitation of processing when one of the cases governed by paragraph 1 of Article 18 occurs; e) obtain from the Data Controller, in accordance with Article 20, the portability of data that is to receive in a structured, commonly used and readable format from an automatic device, the personal data concerning him or her provided to a Data Controller. The Data Subject also has the right to transmit such data to another Data Controller without hindrance by the first Data Controller to whom he has provided them, if the conditions indicated by Article 20 paragraph 1 are met. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to the other, if technically feasible;
f) to oppose, in whole or in part, in accordance with Article 21, the processing of personal data concerning him.
For the exercise of their rights, the user can send their requests to email@example.com________________________.
It should also be noted that the interested party has the right to revoke the consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation, without prejudice to the consequences indicated above regarding any refusal to provide such personal data. The interested party also has the right to lodge a complaint with a Supervisory Authority (in Italy, Guarantor for the Protection of Personal Data) pursuant to art. 77 GDPR, as well as refer to the appropriate judicial authorities pursuant to art- 79 GDPR.
You can make requests regarding the exercise of these rights by contacting the address: firstname.lastname@example.org______________________.
The Seller undertakes to reply to the requests of the interested party within the period of one month, except in cases of particular complexity for which it could take no more than three months. In any case, the Data Controller will provide evidence to the Data Subject of the reason for waiting within one month of the request. The result of the request will be provided in writing or in electronic form. In the case of a request for rectification, cancellation and restriction of processing, the Data Controller undertakes to communicate the results of the requests received by the interested party to each of the recipients of its data, unless this proves impossible or involves a disproportionate effort.
The Company specifies that the interested party may be asked for a contribution if the applications are manifestly unfounded, excessive or repetitive; in this regard, the Data Controller will provide a register to track requests for intervention.
Amendments to this Policy
All content, logos, trademarks, software sources, etc. (hereafter, Content) present on the home page and in the internal pages of the site referred to at www.maisonroel.com are owned by the Owner or by a person delegated by it and authorized to ensure compliance and proper use. All rights are reserved. In particular, it is forbidden to copy, distribute, reproduce the Content, surface and deep linking to the pages, subject to exceptions provided by law.