We consider the protection of privacy an obligation and an important value. We are committed to protecting the privacy of visitors and customers on www.vittoriasella.com. We will not disclose information about our customer users to third parties, except when necessary for product sales operations.
By “processing of Personal Data” we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, the conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
Personal Data collected from the Site www.vittoriasella.com:
Content and information provided voluntarily by the user:
- Contact details and contents: these are personal data that the User voluntarily provides to the Site during its use, such as personal data, contact details, access credentials to the services and / or products provided, personal interests and preferences and other personal contents, etc.. Therefore, creating an account, or information provided in the Contacts section where you will be asked to provide your specific request, which may contain further personal data. Chat service where you will be put in contact with an operator of the Data Controller and will be able to communicate your requests. We will also process your choices for personalizing the contents of the newsletter.
- Personal data collected by social media: Users can share data provided to social media with the Site. The User has the right to control the Personal Data that the Site can access through the privacy settings available on the social media in question. By associating accounts managed by social media with the site and authorizing the Data Controller to access such Personal Data, the User gives consent to the acquisition, processing and storage in accordance with this Privacy Notice.
Failure by the User to provide Personal Data, for which there is a legal, contractual obligation or if the aforementioned information constitutes a necessary requirement for the use of the service or for the conclusion of the contract, will make it impossible for the Data Controller to supply the products and/or provide in whole or in part its services.
The User who communicates to the Controller Personal Data of third parties is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
Data and content acquired automatically while using the Site:
- Technical data: the computer systems and software procedures used to operate this Site may acquire during their normal operation some Personal Data transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified Users, but which by their very nature could allow Users to be identified through processing and association with data held by third parties. This category includes IP addresses, or domain names used by Users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server. , the size of the file obtained, etc.
- Usage data: Personal Data relating to the use of the Site by the User may also be collected, such as the pages visited, the actions performed, the features and services used.
- Geo location data: the site may collect Personal Data on the User’s location which may be GNSS (Global Navigation Satellite System, for example GPS) data, in addition to data that identify the nearest repeater, Wi-Fi and bluetooth hotspots, communicated when location-based products or features are enabled.
Personal data collected through cookies or similar technologies:
- User registration and authentication. If the User creates his own personal account, his data will be processed to allow him to register on the Site and manage his private area. The personal account requires the use of authentication credentials that are only known to the User, and which the latter must keep with care and under their own full and exclusive responsibility. Creating an account is not mandatory for purchases. However, it allows you to take make the most of advantages such as: promotional offers, birthday discounts etc., tracking of your order using the Site www.vittoriasella.com.
- Conclusion and execution of purchase contracts and returns: at this stage, your contact details relating to the delivery address and any specifications for the products purchased online will be processed as well as information regarding your shopping experience. To conclude the transaction, the Data Controller requires confirmation of payment from the PayPal and Stripe service managers, who are independent data controllers.
- Communication and commercial proposals: in this phase, communications and commercial proposals will be collected, including newsletters with personalized content. Automated tools will also be used. Communications may take the form of: emails, newsletters, sms, mms, chat or instant messaging, phone calls.
- External management of payments by credit card, bank transfer or other instruments: to manage User payments through external platforms that acquire payment data without the Site Data Controller having access.
- Archiving, hosting and backend infrastructure management: to manage the technical infrastructure for storing User data.
- Statistics only with anonymous data: to perform statistical analysis based on aggregate data or which do not allow the User to be identified.
- Personalization and profiling of the user’s experience of use: to modify the Site and adapt it to the User’s needs.
The processing of Personal Data is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In some cases, subjects involved in the organization of the Data Controller may also have access to Personal Data (such as, for example, personnel management employees, sales personnel, system administrators, etc.) or external subjects (such as IT companies, suppliers of services, postal couriers, hosting providers, etc.). If necessary, these subjects may be appointed as Data Processors by the Data Controller, as well as access the Users’ Personal Data whenever necessary and will be contractually obliged to keep the Personal Data confidential.
The updated list of Data Processors can be requested via email at the address firstname.lastname@example.org
Legal basis of the processing
The processing of Personal Data relating to the User is based on the following legal bases:
- the consent given by the User for communications and commercial proposals
- the processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures
- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties
However, it is always possible to ask the Data Controller to clarify the legal basis of each treatment at the address email@example.com.
Personal Data are processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. Personal Data may be transferred to third countries (outside the EU) for the purpose of selling the Products or providing the services requested, in compliance with the provisions of articles 44-49 of the European Privacy Regulation.
The Treatment is carried out in a manner and with suitable tools to guarantee the security and confidentiality of the Personal Data, having the Data Controller adopted adequate technical and organizational measures that guarantee, and allow to demonstrate, that the Treatment is carried out in compliance with the relevant legislation.
Data retention period
Personal Data will be kept for the period of time necessary to fulfill the purposes for which they were collected. In particular, the Personal Data will be kept for the entire duration of the contractual relationship, for the execution of the related and consequent obligations, for compliance with applicable legal and regulatory obligations, as well as for own or third party defensive purposes. If the processing of Personal Data is based on the User’s consent, the Data Controller may keep the Personal Data until the consent is revoked. Personal Data may be kept for a longer period if necessary to fulfill a legal obligation or by order of an authority. All Personal Data will be deleted or stored in a form that does not allow the identification of the User within 30 days of the end of the retention period. At the expiry of this term, the right of access, cancellation, rectification and the right to the portability of Personal Data can no longer be exercised.
Automated decision-making processes
All Personal Data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects for the person or which may significantly affect him or her.
Rights of the User
Users can exercise certain rights with reference to the Personal Data processed by the Data Controller. In particular, the User has the right to:
- withdraw consent at any time;
- oppose the processing of their Personal Data;
- access their Personal Data;
- verify and request rectification;
- obtain the limitation of the processing;
- obtain the cancellation of their Personal Data;
- receive their Personal Data or have them transferred to another owner;
- file a complaint to the supervisory authority for the protection of Personal Data and / or take legal action.
To exercise their rights, Users can direct a request to the contact details (registered letter or email) of the Data Controller indicated in this document. The requests are processed by the Data Controller as soon as possible, in any case within 30 days.
Data Controller of the processing:
The Data Controller is Crossbiz S.r.l., with registered office in Via Giovanni Battista Tiepolo 11, 00196 Rome, Tax Code / VAT number 15063071003, e-mail address firstname.lastname@example.org
Last update 12/10/2020