INFORMATION ON OUR HANDLING OF PERSONAL DATA
of the users who consult the San Carlo S.p.A. web site
with a Single Member
“Company subject to management and coordination of BLA S.r.l. with a single member, C.F.: 10864070965
(in conformity with clause 13 of the EU Regulations
DATE WITH EFFECT FROM: 25th May 2018
WHY THIS INFORMATION
Under Regulations (EU) 2016/679 (hereinafter referred to as “Regulations”), this page describes the modalities for handling personal data of the users who consult the San Carlo S.p.A. web site, accessible via telematic means at the following address: www.acquasancarlo.com.
This informative report is rendered in conformity with clause 13 of the Regulations solely for the San Carlo S.p.A. company web site, and the personal data acquired will be handled in respect of the principles of the aforementioned regulations, which is to say that the handling of information will be imbued with the principles of propriety, legitimacy, transparency and protection of Your Privacy. This page describes the management modalities of the site, as it refers to handling personal data of the users who consult it. The informative report is rendered solely for the San Carlo S.p.A. company web site, and not for other web sites that the user may consult via links, but which are external to the San Carlo S.p.A. domain. The San Carlo S.p.A. company in fact does not perform monitoring and control over the contents of these sites, even though these sites may utilise tools that collect and process visitors’ personal data. We therefore advise you to check the relative informative reports on Privacy protection of each web site.
HOLDER OF DATA
Following the consultation of the www.acquasancarlo.com site, data concerning identified or identifiable physical persons can be handled. The holder of data is San Carlo S.p.A. (hereinafter referred to as Company) with a Sole Member, “Company subject to the management and coordination of BLA S.r.l. with sole member, Fiscal Code no. 10864070965”, with legal address at Viale B. Segni, 3 – 50132 Firenze, with Fiscal Code no. 00141820464, VAT Code no. 0063707459 (email: email@example.com; telephone: +39 0585 47703).
RECEIVER OF DATA AND EXTERNAL MANAGER OF DATA HANDLING
The data collected surfing the net and consulting the www.acquasancarlo.com web site will by no means be disclosed or shared. It can be communicated to third parties for the performance of operations tied to the order the user-customer has made on the site www.acquasancarlo.com and to its delivery (for example, our computer consultants for the web platform may be informed in order to assure, in particular, that you are sent email messages to the address that you have chosen, or our shipping partners or the banking or credit institutions for handling payments, professional people and consultants for the accounting and fiscal management of the sales contract). Furthermore, personal data will be handled in accordance with the modalities and for the purposes indicated in this informative report by the duly informed employees of the Holder (for example, administrative or commercial etc. personnel). In particular, concerning the personal data collected and handled through this web site, the Holder expressly appointed as Internal Manager of Data Handling is Ms. Marta Lorenzetti (firstname.lastname@example.org). The appointment of this Manager is held at the Holder’s Headquarters and is available to the concerned user on request, which must be forwarded to the following email address: email@example.com
LEGAL BASIS AND AIM OF HANDLING DATA
The personal data the user provides when navigating on the Internet Site www.acquasancarlo.com is handled by the Holder in conformity with the regulations in force concerning the protection of personal data. The legal basis of handling data is identified in the Company’s performing its services, in managing and facilitating the Internet Site, as well as in establishing, executing and cancelling the on-line sales contract finalised between the parties, and in the obligations to the contract and/or directly and/or indirectly deriving from the contract. In particular, the Company’s handling of personal data shall seek to further the following purposes:
1) Subscribing to the Company newsletter: should the user decide to subscribe to the “Newsletter”, following their specific consent, their personal data will be handled by the Holder to send commercial or promotional communications, relative updates, for example, about latest trends, new arrivals, exclusive offers, special events and bargain offers. To cancel the subscription to the newsletter, one need only click on the link provided to cancel the subscription at the foot of the emails received or by writing to firstname.lastname@example.org
2) Registering at the Company site: should the user decide to register at the site www.acquasancarlo.com, following their specific consent, their personal data will be handled by the Holder for the purposes of registering and for the management of the account created by registering. In particular, once a person has provided their first name, last name, email address and has created an access password, this data is handled for the creation of a personal account, to speed up the purchasing procedure, to permit the user to see the state of orders and receive updates on the purchases made, to modify their personal settings, and to update their account, to see the past returns and the requests to exchange merchandise, to save their preferred articles on a wish list.
3) On-line shopping activities: the personal data you have provided can be used to establish, manage, execute and/or conclude on-line sales contracts. The Holder of data will process the data you have provided solely for the management of the purchase order, to conclude the operations tied to the payments made by the customer, to ship the goods ordered on the site, the acceptance of returned goods, for customer assistance, for the execution of administrative/accounting/fiscal purposes tied to the management of a purchase order and, finally, for the fulfilment of obligations provided by the regulations in force. In the case in which the payment is made via credit card, the information necessary for the execution of the transaction (number of the credit/debit card, dates of issue and expiry, security code) will be handled by the banking institution indicated during the transaction or, if it be the case, by companies responsible for anti-fraud control by means of a cryptographic protocol and without third parties ever having access to the data. This information will never be visualised or memorised by the Holder of data.
4) Proposal of promotional offers responding to your navigation: only following your explicit consent, can your personal data be handled by the Holder for activities of preference analysis aimed at creating contents and personalised offers (in this regard, see below the informative report concerning the Company’s policy on cookies). The purposes of handling your data by the Holder will be to improve and personalise the web site and products, services, and activities tied to it by means of tracing the preferences of products that can be purchased on the site, of the chronology of purchases, and of the interactions with the site.
DEFENCE OF MINORS
The defence of minors on line represents a fundamental element of the Holder’s company policy. The Holder does therefore not accept the membership, registration or orders sent by persons younger than 18 years of age, and will not knowingly collect and process the personal data of these subjects. By purchasing or registering on the site, the customer declares they are of age according to the regulations of their country of residence.
TRANSFER OF DATA ABROAD
The management and conservation of the personal data acquired will take place care of the archives or on servers located in Canada, property of the Holder and/or of third-party companies appointed External Managers of Data Handling. With the decision 2002/2EC, the European Commission has affirmed the adequacy of the protection provided by Canadian law on the defence and protection of personal data.
TYPES OF DATA HANDLED
Customer’s data: For example, the personal data provided in the process of subscribing to the newsletter (contact information, email address, telephone number, home address, provided this information is requested for the newsletter) or on registering at the site to create a personal account (information that authenticates or identifies such as name, address, and password); data of transactions made on the site when making on-line purchases; data provided by the user voluntarily (the facultative, explicit and voluntary forwarding of email to the address indicated on this web site entails the acquisition of the user’s address, necessary to respond to requests, as well as other personal data voluntarily included in the letter). The customer-user is by no means obliged to provide the aforementioned personal information. The customer’s providing their personal information (in particular, personal details, email address, home address, number of a credit/debit card, and phone number) is necessary for us to process the order for the purchase of products on our Internet Site, for the performance of other services on our Internet Site at the customer’s request, or to fulfil the obligations provided by legislative or statutory provisions. The customer’s refusal to provide the information necessary to pursue the aforementioned aims may entail the impossibility, on our part, to process the order for the purchase of products sold on our Internet Site or to fulfil the obligations provided by legislative or statutory provisions. Failure to provide the personal data may therefore constitute, in some cases, a legitimate and justified motive for our failure to process the order for the purchase of products sold on the Internet Site or our failure to perform the services of the Internet Site.
In the course of their normal exercise, the information systems and software procedures that guarantee the functioning of this site acquire personal information, the transmission of which is implicit to the use of the communication protocols of the Internet. This category of data includes IP addresses or the domain names of the computers and terminals utilised by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the required resources, the time of the request, method utilised in subjecting the request to the server, the size of the file obtained in response, the numerical code indicating the state of the reply given by the server (to come to a good end, error, etc.) and other parameters concerning the user’s operating system and environment. This data, necessary in order to use web services, is also handled in order to obtain statistical information on the use of services (most visited pages, number of visitors per time slot or on a daily basis, geographical areas of origin, etc.); to verify the proper functioning of the services offered. The surfing data does not persist for longer than 365 days and is immediately erased after their aggregation (except for possible necessities of crime investigation by the Judicial Authorities).
MODALITIES OF HANDLING AND CONSERVING DATA
The personal information collected on this site is handled using computer supports and is protected by means of adequate safety measures capable of guaranteeing their reserved nature and integrity. The Holder of personal data attributes great importance to the security of all of the personal information concerning the users of the site, and the adoption of safety measures aimed at preventing their accidental or illicit destruction, accidental loss, alteration, communication or unauthorised access to the data represents a fundamental element in the Holder’s company policy. The Holder, however, cannot guarantee its users that the measures adopted for the security of the site and the transmission of data and information on the site are capable of limiting or excluding all risk of unauthorised access or of dispersion of data by devices appendant to the user. For this reason, we suggest to users of the site to make sure that their devices are protected. For example, the user should make sure that their computer is equipped with software capable of protecting the transmission of data on the Net (for example, an updated antivirus) and that their Internet Provider has adopted measures suited for the safety of transmitting data on the net (such as, for example, a firewall and anti-spam filters. The Holder of the data commits itself to handling the data in accordance with the principles of propriety, legitimacy, and transparency and to collect it in the measure, necessary and exact, for its handling and to allow its use only by personnel authorised for this purpose. As for the conservation of the customer’s personal information, the general approach of the Holder is to conserve this data exclusively for as long as it is necessary for the furtherance of the aims for which the information was collected. In particular, we conserve personal data for 36 months from the conclusion of the customer-user relationship or from our last contact with them. In some cases, personal information can be conserved for longer periods of time when this is necessary to permit the Holder to fulfil obligations of law (for example, to fulfil the mandatory conservation for accounting-fiscal purposes or to prevent tax fraud). Finally, the Holder can conserve the personal information of customers-users even for longer periods of time, so as to possess accurate documentation of transactions that have occurred, in the case of complaints and/or protests. In any event, the Holder of the data shall take care to avoid using the data for an indefinite period of time, periodically appropriately verifying the effective continuance of the interest of the subject to which it refers.
RIGHTS OF THE CONCERNED PARTIES
The concerned parties have the right to obtain from the Holder, in the cases provided in clauses 15-22 of the Regulations: access to their personal data, the right to have their personal data rectified, the right to have their personal data erased, the limitation of handling their personal data, opposition to the handling of their personal data, the portability of their data. In order to exercise these rights provided by clauses 15-22 of the Regulations, in the cases provided therein, they can write an email to the following address: email@example.com . They will receive a reply within the maximum term of one month from the date of receipt of their request. In the case in which the matter is particularly complex, they will receive, in any event, an email message indicating the terms of reply if this is longer than one month.
Right of complaint: The concerned parties who believe that the handling of the data referred to them, conducted through this site, has occurred in violation of the provisions of the Regulations have the right to lodge a complaint in care of the Guarantor of Privacy, as provided by clause 77 of the Regulations or to take measures in the appropriate legal venue (clause 79 of the Regulations).
Right to revoke consensus: The customer has the right to revoke, at any time, their consensus. For example, in the case the customer wants to cancel their subscription to the electronic receipt of marketing/promotional communications, they shall be able to modify the settings of their account on the Internet Site, or to use the link “cancel my subscription to the newsletter”, which shows in our email messages, or otherwise, contact us directly to interrupt forwarding of communications at the following address: firstname.lastname@example.org . Furthermore, you can modify your consensus concerning profiling cookies (see the following Policy on Cookies).
MODIFICATIONS TO THIS INFORMATIVE REPORT
We could modify this informative report in view of respecting new requirements enjoined by the applicable regulations or by technical requirements. The updated Informative Report will be published on the Internet Site. Following the modifications introduced, we shall inform the customer of the modification of certain conditions via email care of the address they have specified for the registration or subscription to the newsletter. Furthermore, we shall ask the customer for their consent to the mentioned modifications, where provided by the applicable law. We therefore invite the customer to check this page periodically.
San Carlo thanks you for visiting this site.