Notice on the processing of personal data in accordance with arts. 13 and 14 of EU Regulation no. 2016/679 relating to the website store.robertofesta.it
Categories of data undergoing the processing
1.1. Browsing data
The computer systems that ensure the operation of the site detect certain data so-called "Browsing", such as: the IP addresses, the domain names of the computers used by the consumers connecting to the site, the addresses in URI notation of the requested resources, parameters relating to the user's computer system. The provision of these data is automatic and it is mandatory for browsing the site. These data are not collected to refer to identified users, but they could allow user’s identification if they were associated with other data held by third parties. The Holder has no possibility to independently identify the user by using the browsing data only, and he guarantees that these data will be used for the sole purpose of obtaining statistical information on the use of the site and deleted as soon as carried out the activities for which they have been collected. The data may be used to ascertain responsibility in the event that computer crimes are committed against the site.
1.2. Data provided by the user voluntarily
The personal data provided by users when completing the information request form belong to the category of common data, and do not include sensitive, health, genetic, biometric, judicial data, or data referred to in art. 9 and 10 of EU Regulation no. 2016/679, being not necessary the processing of these last categories of data for the achievement of the purposes pursued by the Holder. In any case, only personal data that are strictly necessary to the pursuit of specific and legitimate purposes, with respect to which the processing is always relevant and never excessive, will be processed.
2) Source from which personal data originate
The so-called "Browsing" data referred to in the previous art. 1.1 are acquired automatically by the software procedures used to operate the site. Personal data referred to in the previous art. 1.2 are provided by users of the site through the compilation of special electronic forms for requesting information on the pages of the aforementioned site.
3) Purposes of the processingExcept as specified in the previous art. 1.1 with regard to the so-called “browsing” data, personal data provided by users of the site can be processed: to register on the site and enjoy the services offered by the Holder; to conclude purchases through the site and fulfill the related contractual obligations; for the implementation of the necessary accounting / administrative activities related to the purposes referred to in letters a) and b); for the fulfillment of obligations related to the purposes referred to in letters a) and b) provided for by law and by European Union’s regulations; for commercial, advertising, promotional and marketing purposes in a broad sense, which involve processings: e. 1) for the sending of communications of information relating to new offers of products and services, of a commercial nature and / or of commercial solicitation (Newsletters) by the Data Controller; e. 2) to carry out sales activities of the Data Controller's services; e. 3) for the sending of unsolicited commercial communications, immediately identifiable as such and containing the indication that the recipient can oppose the receipt of further communications of this kind.
4) Expression of consent
The consent to the processing of personal data, where necessary, is provided by the person concerned through the selection of the appropriate fields on the data collection form.
5) Effects of the failure to communicate personal dataThe communication of the personal data requested in the various information collection forms present on the site and marked with an asterisk (*), which are indicated as mandatory data, even if it is remitted to the free will of the user, is necessary to achieve the specific purposes pursued by the Data Controller and related to the processing of this information. Consequently, the failure to communicate mandatory personal data will prevent from achieving the main purpose for which they are required. In particular, the communication of personal data marked with an asterisk (*) and requested in the information form of the "Cash desk" section is necessary for the conclusion of the contract of sale and the delivery of the product that the user wants to purchase. Therefore, failure to communicate these data will prevent from purchasing products through the site as well as the conclusion of any agreement with the Holder. While not communicating mandatory data, the user can still keep browsing the site. The communication of data other than those marked with an asterisk, which are indicated as elective, is left to the discretion of the user; as a consequence, the failure to communicate elective data will not produce any effects. Likewise, consent to the processing of personal data for marketing purposes referred to in art. 3 letter e) of the notice is purely optional. Therefore, failure to provide and consent to the related processing will not entail any effect for the user, except for the fact that the user will not receive the promotional and commercial communications indicated in art. 3 letter e). The Holder wants to inform the user that by giving consent to the processing of personal data for commercial, advertising, promotional and marketing purposes in a broad sense referred to in art. 3 letter d) the user authorises the processing of his own data: both through the "traditional" methods, such as: telephone calls with operator and contact by other non-electronic means or not supported by automatic or telematic procedures, and through automated and similar telephone calls such as: text messages and the like, systems supported by automated, electronic or telematic procedures, without operator; with reference to all the purposes indicated in art. 3 letter e), ie those indicated in letter e.1) and those indicated in letter e.2), and those indicated in letter e.3). In any case, the user has the right to request at any time to limit the processing of personal data for the purposes referred to in art. 3 letter e) to some of the above methods only (for example, only through "traditional" means) or to some of the types of processing indicated in letters e.1), e.2) and e.3) (for example, only the sending the Newsletters).
6) Legal basis of the processingThe legal basis of the processing of data for the purposes referred to in Article 3, letter a) and b) consists in the need to carry out specific activities requested by the user, in the need to conclude contracts with the user and fulfill the related obligations. With reference to these purposes, even if it is not compulsory, the Data Controller also requests the user's consent. The legal basis of the processing of personal data relating to the purposes referred to in Article 3 letters c) and d) consists, respectively, in the need to fulfill the contractual obligations assumed towards the user and in the fulfillment of legal obligations. The legal basis of the processing of personal data relating to the purposes referred to in Article 3 letter e) consists exclusively in the prior, free, specific, optional and informed consent to the processing for the aforementioned purpose. The legal basis of the processing of the browsing data consists in the legitimate interest of the holder in the need for the operation of the site.
7) Processing methods
The personal data provided by users of the site will be processed at the premises of the Holder, or in other places where the parties involved in the processing operate, through electronic and / or mechanical and analogical methods for the strictly necessary time to achieve the purposes for which they were collected and in any case not exceeding the limits indicated in this information notice, in full compliance with the purposes pursued by the Data Controller and in compliance with the current regulations on privacy. Specific security measures are observed to prevent data loss, illicit or incorrect use of the same and unauthorised access.
8) Communications of personal data for the fulfillment of contractual obligations or legal obligationsIn compliance with current privacy legislation, the personal data of the user may be communicated to third parties to which the communication is necessary for the purposes of pursuing the objectives referred to in art. 3 letters a), b) and c) without the need to acquire separate consent. In accordance with art. 13 letter e) of EU Regulation no. 216/679, it is specified that the personal data of the Customer may be communicated to the following categories: the employees and collaborators of the Data Controller, appointed as Data Processors and specifically instructed in accordance with art. 29 of the EU Regulation no. 2016/679; individuals appointed as Data Processors or Data Protection Officers; third parties belonging to the following categories: offices, subjects and / or companies offering digital communication services, including hosting services, services related to website publishing, softwares’ design and development, or operating as suppliers of IT and logistical services functional to the operation of the site, as well as subjects and / or companies that carry out shipping services. Public Authority or any other third party if it is imposed by a legal obligation.
9) Communications of personal data for the pursuit of promotional and marketing purposes in broad sense
The Data Controller will not communicate the user's data to third parties for promotional or marketing purposes in the broader sense referred to in art. 3 letter e).
10) Additional hypotheses of communications of personal data
For the sole purpose of satisfying the legitimate interest of the Data Controller to protect his rights, the personal data of the user can be communicated, without the consent of the latter, to individuals and companies that perform legal, tax, administrative, tributary consultancy activities, or defence and technical assistance, both judicial and extrajudicial, which will act as autonomous data controllers.
11) Dissemination and transfer of personal data to countries outside the EU or to international organisations
The Holder will not disclose and transfer the user's personal data outside the European Union or to international organisations.
12) Period of retention of personal data
Taken into account that the warranty provided by the civil law with reference to the sale of products to consumers is 2 years after the delivery of the goods sold, the personal data provided by the person concerned in order to purchase products through the site and to allow the holder to fulfill the related contractual and legal obligations, will be kept for a period not exceeding 2 years after the termination of the contractual relationship, unless prior request for cancellation by the person concerned. Personal data processed for promotional, commercial and marketing purposes in the broader sense referred to in art. 3, letter d), will be kept for a period not exceeding 12 months after the collection. Browsing data will be remaining for a period not exceeding one month. In any case, the terms of five or ten years of conservation of the documents and related data will be respected for the fulfillment of the civil, accounting and tax obligations required by the legislation in force, as well as for the protection of the rights of the holder in court.
13) Rights of the person concerned
In accordance with art. 7 of the Privacy Code and of the articles 13, co. 2, letters b) and d), 15, 18, 19, 21, of the EU Regulation no. 2016/679, the user may at any time exercise the rights referred to in the aforementioned art. 7 of the Privacy Code as well as the rights referred to in Articles from 15 to 23 of the aforementioned EU Regulation. In particular, the person concerned can exercise: the right to have access to his personal data and to obtain confirmation of the existence of personal data concerning him, even if not registered yet, and communication in an intelligible form of the same data, as well as the right to data portability (ie the right to receive the personal data provided, in a structured format, of common use and legible by automatic devices); an indication of their origin, of the purposes and methods of the processing, as well as, in the event that the processing is carried out using electronic means, of the logic on which the processing is based; the indication of the identification details of the Holder and any person in charge; the indication of the individuals and the categories of individuals to whom the personal data may be communicated or who may become aware as managers or individuals in charge; updating, rectification or, if interested, integration of data; cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data which retention is unnecessary for the purposes for which the they were collected or subsequently processed; to oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning him, even though they are relevant to the purpose of the collection; to oppose the processing of personal data concerning him intended for the purposes of commercial information or of sending of advertising or direct sales material or for carrying out market researches or commercial communication; to obtain the correction and / or cancellation of the same data and / or the limitation of the processing that concerns him; to revoke the consent to the processing, if the processing is based solely on his consent, without compromising the processing already carried out; to submit a complaint to the supervisory authority. This authority is represented, in Italy, by the Guarantor for the privacy, based in Rome, piazza Monte Citorio n. 121, postcode 00186.
14) Use of automated decision-making processes and profiling by the Holder
The Data Controller will not submit the user's personal data to automated decision-making processes, including profiling.
15) Data controller
For the exercise of their rights the users can contact, at any time, the Data Controller, whose details are indicated: ”Festa Lab s.r.l.”, with registered office in Naples, via Nuova San Rocco no. 95, postalcode 80131, telephone + 39 081 7413393 pec firstname.lastname@example.org
The Data Controller makes available to users of the site the following e-mail address for the exercise of rights, also with reference to requests addressed to third parties to which the data have been communicated with the specific consent of the person concerned: pec email@example.com. At the indicated offices of the Data Controller, the updated list of the appointed data processors is available.