(Sect. 13 of Leg. Decree 196/2003 and Sect.13 of EU Reg. N. 2016/679)
Pursuant to sect. 13 of Leg. Decree n.196 of 30 June 2003, and to sect.13 of EU Reg. n. 2016/679, VIBIEMME S.r.l., inform you that your personal data will be subject to processing according to the above mentioned regulations and in conformity with the following criteria.
1) DATA CONTROLLER
The data controller is the company VIBIEMME S.r.l., in the person of the Sole Administrator, and pro-tempore legal representative, Mr. Cristiano Osnato, with registered office in 20092 – CINISELLO BALSAMO (MI), Via Charles Gounod 25/27 (hereinafter, the “Controller”).
The updated list of the internal and external processors in charge of the processing, is kept at the offices of Data Controller.
2) SUBJECT OF THE PROCESSING
The processing regards identification personal data (in particular: name, surname, legal form, address, telephone, e-mail, geolocation data, bank and payment details) – hereinafter: “Personal data” or “Data” – you provided while accessing and browsing the Website or in the execution of agreements for goods and services of the Controller.
Your data shall be processed lawfully, fairly and transparently, and in a way relevant and limited to the purposes for which they have been collected, and to ensure their safety through the adoption of proper technical and organizational measures.
The processing of this website excludes particular data, such as those revealing the racial or ethnic origin, political, religious or philosophical beliefs, trade union membership, as well as genetic and biometric data, and the data concerning health, sexual life or orientation of the person.
3) PURPOSES AND LEGAL BASIS OF THE PROCESSING
Your personal data shall be processed:
- for the purposes and on the basis of the conclusion and execution of the online sale contract, pursuant to sect. 6, lect. b) Reg. 2016/679, with your explicit and prior consent, where applicable, for the following Service Purposes:
registering or joining the services offered by the Website;
activation, handling and execution of orders, contractual or commercial relationships and related activities (see Conditions of Sale);
payments management and delivery of the products (see Conditions of Sale);
management of the commercial relationships to the extent required to carry out the service required in the best possible way, as well as to perform the legal obligations applicable from time to time (see Conditions of Sale);
performance of the obligations provided by a law, a Regulation, the EU legislation or an instruction given by an Authority (including money laundering prevention obligations);
handling of your requests: technical, commercial, concerning the progress of your orders and, in general, of your requests for information;
exercise of the Controller’s rights, including the right of defending and resist before Courts;
- only on the basis of your prior and express consent, according to sect. sect. 6 lect. a) and 7 of Reg. 2016/679, without limitation, for the following Marketing Purposes:
dispatch of advertising information and material concerning the products traded by the Company, newsletters, other promotional and commercial activities, including by e-mail or mobile phone call or MMS (Multimedia Messaging Service) or SMS (Short Message Service);
management of contests and prize-giving operations;
any other purpose for which the data subject has provided its specific consent.
- in all the circumstances in which the processing of the data is required to perform a legal obligation to which the Data Controller is subject, or where the processing is required to protect the vital your vital interests or those of another natural person, or for the performance of a duty of public interest by the Data Controller, or to pursue a lawful interest of the Data Controller, in this latter case with a prior balancing with your fundamental interests, rights and freedoms, of which you will be promptly informed.
4) NATURE OF DATA PROVISION
The provision of your personal data by the purchaser is mandatory, since it is a key condition to accurately and promptly perform the orders, the contractual and commercial relationships and the related activities, and in general for all the purposes provided for by sect.3, point 1. Otherwise, the purchaser’s requests, concerning the services of sect. 3), point 1, may not be processed.
The provision of the data for the purposes of sect. 3), point 2, is optional. Thus you shall be entitled to refuse to provide any data or to subsequently deny the processing of the data provided: in such cases, it shall not be able to receive newsletters, commercial communications and advertising material concerning the services provided by the Controller, still being entitled to enjoy the services of sect. 3), point 1.
We inform you that it is possible to purchase the products through the Website also without registering, but only entering some personal data in order to complete the order. In such case, the data you provided shall be used by the Company (data controller) only to process the purchase order. In fact, the provision of data is optional but necessary to handle your order and the relevant administrative and accounting activities. You may be contacted for information concerning your purchase. Your data shall not be disclosed to third parties, other than couriers, shippers or carriers in charge of delivering the products purchased.
The registration to the Website by creating an account or using an existing social network account, allows to skip the entry of all of your personal data for each future purchase, requiring just some of them, and recognizing you as a “Registered User”, thus simplifying the purchase procedure.
5) METHODS OF DATA PROCESSING
The processing of your personal data shall be carried out through the tools and the methods deemed appropriate to protect its safety and the confidentiality, as set out in sect. 4 of Consumer code and in sect.4 n.2 of EU Regulation 2016/679, and in particular: collection, registration, organization, storage, consultation, processing, extraction, comparison, use, interconnection, block, disclosure, erasure and destruction of the data. The processing of your personal data may be carried out both manually and with the use of electronic or automatic means, and shall include all the operations allowed by law and required for such processing, included the disclosure to the parties set out in sect. 7).
The Data Controller shall arrange the most suitable organizational and technical measures to ensure a level of protection of the data proportionate to the risk related to each processing.
Some of the data may be processed by means of electronic networks, both in relation to local protected networks and to the Internet network. With regard to the latter, the processing carried out shall be subject to the safety standards provided by your network.
6) ACCESS TO DATA
Your data may be made available for the purposes set out in sect. 3) and only disclosed within the framework of such purposes:
– to employees and contractors of the Controller or of its associates companies, in their function of internal representative/processor and/or system administrators;
– to third companies or other parties (including, without limitation: financial institutions, professional firms, advisors, insurance companies, etc.) performing outsourcing activities on behalf of the controller, in their function of external data processors;
who have been previously authorized to process and store the data, properly identified, trained and acknowledged on the restrictions set out by Regulation n. 2016/679, and subject to the execution of a non-disclosure agreement.
7) DATA DISCLOSURE
The Company undertakes to treat as confidential the data and the information provided by the purchaser and not to disclose them to unauthorized persons, nor to use it for purposes other than those for which they have been collected, nor to send them to third parties.
Without requiring an explicit consent – pursuant to sect. 6 lect. c) of EU Reg. 2016/679, – the controller may disclose your data for the purposes set out in sect. 3) to Supervisory Bodies, Judicial Authorities, as well as to those subjects requiring such disclosure to carry out the above mentioned purposes. These subjects shall process the data in their function of independent data controllers.
8) BROWSING DATA AND COOKIES
The computer systems and programs used to run the Website, collect some personal data automatically provided in the use of Internet communication protocols (such as IP addresses or domain names of the computers used by users connecting to the website, URI addresses – Uniform Resource Identifier – of the resources requested, time of the request, method used to submit the request to the server, file dimensions received in reply, the numerical code indicating the status of the response from the server – successful, error, etc. – and other parameters of the operating system and user’s IT environment). Although the information collected are not to be associated to specific identified data subjects, by their own nature, through the processing and association with data held by third parties, allow users to be identified.
These data are used only for the purpose of obtaining statistical information (unrelated to any other user’s identifier) about the use of the website and to check its proper functioning, and they are erased right after the processing. The data may be used to ascertain responsibilities, in case of alleged cybercrimes against the Website.
9) DATA TRANSFER
The personal data are stored on a server located in the offices of VIBIEMME S.r.l., 20092 – CINISELLO BALSAMO (MI), Via Charles Gounod 25/27 (ITALY), within the European Union.
However, it is understood that the Controller, if necessary, shall be entitled to move the server outside the EU.
In such case, the Controller ensures that the transfer of data outside the EU shall occur in conformity with the applicable law, prior execution of the standard contractual clauses set out by the European Commission, and only if proper safety guarantees are ensured.
10) DATA RETENTION PERIOD
The Controller shall retain your personal data throughout the period of registration to the website, and for the further period required to perform the purposes set out in sect. 3, and in any case in conformity with the retention obligations for tax and/or administrative purposes imposed by the Law to the Data Controller, but in any case subject to your entitlement to exercise the right of access, rectification and erasure of the data and, if the processing is based on your consent, of the right of withdrawal of the consent given, according to and in conformity with the provisions of article 12 below.
11) RIGHTS OF MINORS
The Data Controller does not intend to collect data of people under the age of sixteen, except if their activity on the website is authorized by the holders of parental responsibility.
For the purpose of the precedent paragraph, the Controller expressly recommends the parents or the other holder of parental responsibility over the minors, to control their online activities.
However, the Controller shall implement any measure to verify that the consent has been granted or authorized by the holder of parental responsibility, depending on the technologies available.
12) RIGHTS OF DATA SUBJECT
With regard to the processing of your personal data, you are entitled to the rights set out sect.15 of EU Reg. 2016/679, and in particular:
- the right to obtain the confirmation of the existence or non-existence of a processing of your personal data, and to access the data and the following information
- a) the purposes of the processing;
- b) the categories of the relevant data;
- c) the recipients to which the data will be disclosed;
- d) the period of retention of the data;
- e) the existence of the right of rectification, limitation, portability and erasure of the data.
- f) the right to lodge a complaint to the supervisory authority;
- g) the information concerning the origin of the data;
- h) the existence of an automated process for the collection of the data, including data profiling;
- the right to obtain, upon your request and without undue delay:
- a) the rectification of the inaccurate data and/or, the integration of incomplete data, also providing a supplementary statement;
- b) the erasure of the data processed (so called “right to be forgotten”), if: the retention is not necessary in relation to the purposes for which the data have been collected or subsequently processed; if the consent constituting the legal base of the processing is withdrawn; if an objection has been submitted; or if the data have been processed unlawfully; ;
- c) the restriction of the data processed, in case of : objection about the existence of the personal data, unlawful processing, objection to the processing of the data, exercise of the right to judicial defense;
- d) the certification that the operation set out in point a), b) and c) have been notified, also as regards their contents, to those to who they have been communicated or disclosed, except if such notice is impossible or implies the use of means clearly disproportionate to the right being protected.
- e) in a structured and commonly used electronic format, your personal data provided to the Data Controller, and you shall have the right to demand that the data are transferred to another data controller without hindrances by the Controller, and, directly, if possible;
III The right to withdraw the consent constituting the legal basis of the processing, according to sect. 6 par. 1 lect. a) or sect. 9 par. 2 lect. a) of Reg. 2016/679, at any time, without prejudice the lawfulness of the processing based on the consent before such withdrawal;
- the right to object, in full or in part, at any time, to the processing of your personal data, according to sect. 6 par. 1 lect. e) and f) of Reg. 2016/679, including the profiling on the basis of such provisions;
- Without prejudice to any other administrative or extrajudicial remedy available, including the right to lodge a complaint to the Supervisory Authority, the right to submit a legal claim if you deem that your rights have been violated in the processing of the data.
If the right to object referred to in point IV concerns the processing of data for direct marketing purposes, the personal data shall not be subject to processing for such purposes.
For further information on the methods of personal data processing, on the request for access, amendment or erasure of data, or to object to their use, please contact VIBIEMME S.r.l., 20092 – CINISELLO BALSAMO (MI), Via Charles Gounod 25/27; Phone: (+39 02 66016691); E-mail: