PRIVACY POLICY

Privacy Policy

 

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

for users visiting the website of San Carlo S.p.A.
Sole Shareholder Company
“A company subject to management and coordination by BLA S.r.l., Sole Shareholder, Tax Code 10864070965”
(Pursuant to Article 13 of Regulation (EU) 2016/679)

 

 

INFORMATION NOTICE

Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation”), this page describes the methods used to process the personal data of users who browse or interact with the website of San Carlo S.p.A., accessible online at: www.acquasancarlo.com.

This privacy notice is provided pursuant to Articles 13 of the Regulation and applies exclusively to the San Carlo S.p.A. website. Personal data collected through this website will be processed in accordance with the principles laid down by the Regulation, including principles of fairness, lawfulness, transparency, and the protection of your personal data.

This document describes data processing activities relating to users browsing or interacting with this website. It does not apply to other websites accessible via hyperlinks published on this website but referring to third-party domains. San Carlo S.p.A. does not monitor or control the content or data processing activities of such third-party websites. Users are therefore encouraged to consult the relevant privacy policies of any such website.

DATA CONTROLLER

Personal data may be collected and processed as a result of accessing or interacting with the website www.acquasancarlo.com.

The Data Controller is: San Carlo S.p.A. (hereinafter also referred to as the “Data Controller” or the “Company”), Sole Shareholder Company – “A company subject to management and coordination by BLA S.r.l., Sole Shareholder, Tax Code 10864070965”
Registered Office: Viale B. Segni, 3 – 50132 Florence (FI), Administrative and Operational Headquarters: Via dei Colli, 92 – 54100 Massa, Località San Carlo Terme, Tax Code and Florence Companies Register no.: 00141820464, R.E.A. no. FI-645406, VAT no.: 00637070459
Share Capital: €1,000,000.00 fully paid-up.

Data Controller’s contact information: Email: info@acquasancarlo.it, Phone: +39 0585 47703.

RECIPIENTS AND DATA PROCESSORS

Personal data collected in connection with the use of this website may be disclosed to third-party entities for purposes strictly connected to the fulfilment and management of purchase orders placed via the website. Such entities may include, by way of example, IT service providers responsible for platform maintenance and email communications, logistics partners for product delivery, banking and payment institutions for transaction processing, and professionals or consultants for accounting and tax compliance.

Such data may also be processed by employees or collaborators of the Data Controller, duly authorized and instructed in accordance with applicable data protection regulations (e.g., administrative, commercial staff, etc.).

LEGAL BASIS AND PURPOSES OF PROCESSING

The personal data collected through the website www.acquasancarlo.com are processed by the Data Controller in compliance with the applicable data protection laws.

The legal bases for processing the personal data are as follows:

  • your consent (where applicable);
  • the legitimate interest of the Data Controller.
  • the performance of contractual or pre-contractual obligations, and
  • compliance with legal obligations.

You may withdraw your consent at any time by writing to: info@acquasancarlo.it.

Purposes of processing personal data include:

  1. Subscription to the Company’s newsletter:

With your prior and specific consent, your personal data may be processed for sending commercial and promotional communications, updates on trends, new arrivals, exclusive offers, special events, and promotions. You may unsubscribe at any time by clicking the unsubscribe link found in any newsletter email or by writing to info@acquasancarlo.it.

  1. Website registration:

Upon registration and with your consent, your personal data will be processed to create and manage your account. Personal data collected includes your name, surname, email address, and chosen password. This allows you to streamline purchases, view order status, update account information, manage returns and exchanges, and save favourite items to your wishlist.

  1. Online shopping activities:

Your personal data will be processed for the conclusion, management, and performance of the online sales contract, including order fulfilment, payment processing, product delivery, returns handling, customer support, and accounting/tax compliance.
If payment is made by credit/debit card, card details are processed solely by the authorized payment provider using encrypted protocols and they are never visible or stored by the Data Controller.

  1. Personalized promotions based on browsing:

With your specific and explicit consent, your personal data may be processed to analyze preferences and browsing behavior to provide personalized offers. Please refer to the Company’s Cookie Policy for further information.

PROTECTION OF MINORS
The protection of minors in the online environment constitutes a fundamental principle of the Data Controller’s corporate policy. Accordingly, the Data Controller does not accept account registrations, sign-ups, or purchase orders submitted by individuals under the age of 18 and shall not knowingly collect or process personal data relating to such individuals. By registering on the website or placing an order, the users expressly represent and warrant that they have reached the age of majority under the applicable laws of their Country of residence.

DATA TRANSFERS

The management and storage of the personal data will take place in archives or on servers located in Italy or, in any case, in countries within the European Union, owned by the Data Controller and/or by third-party companies appointed as data processors.

CATEGORIES OF PERSONAL DATA

The Company may process personal data of customers, such as, for example, identification data provided when subscribing to the newsletter or when placing an order (e.g., first and last name, contact details, email address, telephone number, and residential address), or during registration on the website for the creation of a personal account (e.g. authentication and identification information such as name, address and password); data relating to transactions carried out on the website during online purchases; and data voluntarily provided by the user (for example, the optional, explicit, and voluntary sending of emails to the Company’s address involves the subsequent acquisition of the user’s email address, necessary to respond to the requests, as well as any other personal data included voluntarily in the message).

Users are under no obligation to provide such personal data. However, the provision of personal data by the customer (particularly personal details, email address, postal address, credit/debit card numbers, and telephone number) is necessary for the Company to process product orders placed through the website, to provide other services offered via the website upon customer’s request, or to comply with legal or regulatory obligations.

Failure to provide the personal data necessary for the above-mentioned purposes may result in the Company being unable to process the purchase order submitted via the website or to fulfil its legal or regulatory obligations. Therefore, in certain cases, the failure to provide personal data may constitute a legitimate and justified reason for the Company to refrain from processing the purchase order or from providing the requested services through the website.

BROWSING DATA

The IT systems and software procedures used to operate the Company’s website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

These data, which are necessary for the use of web services, are also processed for the purpose of: compiling statistical information on the use of the services (e.g., most visited pages, number of visitors by time slot or geographical area); ensuring the proper functioning of the services offered. Browsing data are not retained for more than 365 days and are deleted immediately after being aggregated (except where necessary for the investigation of criminal offences by the competent Authorities).

COOKIES

Like virtually all websites, the website www.acquasancarlo.com uses certain cookies. These have become essential tools, as they allow modern websites to function optimally by enabling maximum customization, interaction, and smooth navigation. Due to these capabilities, cookies can also be used to monitor the browsing activity of users/customers and to deliver messages tailored to their navigation behavior. For more information regarding the Data Controller’s policy on the use of cookies, please refer to the Cookie Policy available on the Company’s website.

SOCIAL NETWORKS

The website www.acquasancarlo.com allows users to connect with Facebook, YouTube, Instagram, and Google+. When using the website’s social media connection features, you may consent to the Company accessing the aspects and information of your social media profile that you have made available for sharing (based on the privacy settings that you have selected in your profile), and to their use in accordance with both the privacy policy of the respective social network and this privacy notice. You may withdraw your consent at any time by clicking on the appropriate icon located at the bottom left of the web page.

DATA PROCESSING METHODS AND RETENTION

The personal data collected through the Company’s website are processed using electronic tools and are protected by appropriate security measures designed to ensure their confidentiality and integrity.

The Data Controller considers the security of all personal data relating to website users a matter of utmost importance. Accordingly, the implementation of security measures designed to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to such data is a core component of the Company’s internal policies.

However, the Data Controller cannot ensure that the security measures implemented on the website for data transmission will eliminate the risk of unauthorized access or data leakage originating from the user’s own devices. Therefore, users are encouraged to ensure their devices are properly protected, for example, by installing up-to-date antivirus software—and to verify that their Internet Service Provider has implemented appropriate safeguards for secure data transmission, such as firewalls and anti-spam filters.

The Data Controller also undertakes to process personal data in accordance with the principles of lawfulness, fairness, and transparency, to collect such data only to the extent necessary for the purposes for which they are processed, and to ensure that data is accessed only by duly authorized personnel.

Regarding the retention of personal data, the Data Controller generally retains such data only for as long as necessary to achieve the purposes for which they were collected. In particular, the Company retains personal data for a period of 36 months from the termination of the relationship with the customer-user or from the last contact with the same.

In some cases, personal data may be stored for longer periods when required to enable the Data Controller to comply with legal obligations (e.g., data retention obligations for accounting and tax purposes or to prevent tax fraud). Moreover, the Data Controller may retain personal data for longer periods in order to maintain accurate records of commercial transactions, in case of claims and/or disputes.

In any case, the Data Controller ensures that the personal data are not stored indefinitely and carries out regular reviews to determine whether the data held are still necessary for the purposes for which they were collected.

DATA SUBJECT RIGHTS

As a data subject, you have the rights provided under Articles 15 and following of the Regulation. Regarding your personal data, you are entitled to the following rights: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object to processing, along with any related obligations of the Data Controller.

To exercise these rights under Articles 15-22 of the Regulation, you may send an email to: info@acquasancarlo.it.

Without prejudice to any other administrative or judicial remedy, as a data subject you have the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) if you believe that the processing of your personal data carried out through the Company’s website violates the provisions of the Regulation and applicable laws.

Furthermore, please be reminded that you have the right to withdraw your consent at any time. For example, if you wish to unsubscribe from receiving electronic marketing/promotional communications, you can modify your account settings on the website or use the “unsubscribe from newsletter” link provided in our emails.

In any case, as already indicated, for any request, withdrawal of your consent, or exercise of your rights, you can contact the Data Controller at info@acquasancarlo.it.

Additionally, you can change your consent regarding profiling cookies (please refer to the Cookie Policy).

UPDATES TO THIS PRIVACY NOTICE

The Company may update this privacy notice to comply with new requirements under applicable laws or for technical reasons. The updated privacy notice will be published on the Company’s website. Following any such changes, the Company will inform customers of modifications to specific terms via email, using the address provided during registration or newsletter subscription. Where required by applicable Law, the Company will also request the customer’s consent to such changes. The Company therefore encourages customers to review this page periodically.

 

Thank you for visiting this website.