GENERAL INFORMATION ON PRIVACY
This information is prepared pursuant to and for the purposes of Article 13 of the New European Regulation 2016/279 on the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR)
In accordance with the General Regulation on the Protection of Personal Data of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the Data Subject (user of the website www. leontinevintage.com) is informed that the personal data collected through the site are subject to processing by the company using computer and/or telematic tools, for the purposes referred to in this document.
OWNER OF THE INFORMATION PROVIDED
The owner of the processing of personal data is Leontine Vintage srl, with headquarters in Milan, italy, Via Plinio 43 Cap 20129, e-mail firstname.lastname@example.org. For further information regarding the rights of the interested party, please refer to the following paragraph “Rights of the interested party”.
PERSONAL DATA PROCESSING INFORMATION
The personal data subject to processing is collected directly by Leontine Vintage srl or by third parties expressly authorized by the same, or communicated by the Company to such third parties for the pursuit of the purposes described below and the execution of purchases made on the shop.
JURIDICAL BASIS AND PURPOSE OF THE PROCESSING
The personal data provided by the user when browsing the website www.leontinevintage.com are processed by the Owner in accordance with the current regulations on the protection of personal data. The legal basis of the treatment is identified in the provision of its services by the company, in the management of the website, as well as the establishment, execution and possible termination of the contract of sale on-line concluded between the parties and obligations to the same contract and / or the same directly and / or indirectly arising. The processing of personal data by the data controller is aimed at pursuing the following purposes:
1) SUBSCRIPTION TO THE NEWSLETTER OF leontinevintage.com: if the user decides to subscribe to the “Newsletter of Leontine Vintage”, only after having given his/her specific consent, his/her personal data will be processed by the data controller in order to send commercial or promotional communications, updates regarding, for example, the latest trends, new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the unsubscribe link at the bottom of the e-mails you receive or write to email@example.com.
2) REGISTRATION ON leontinevintage.com: if the user decides to register on the site, only after giving his/her specific consent, his/her personal data will be processed by the Data Controller for the purpose of registration on leontinevintage.com. In particular, if you provide your name, surname, e-mail address and a password to access the site, your personal data will be processed to create a personal account, to speed up the purchase process, to allow the user to view the status of orders and receive updates on purchases made, to change personal settings and update the account, to view the history of returns and requests to change goods, to save favorite items in the Wishlist.
3) ONLINE SHOPPING ACTIVITIES: the personal data provided will be used for the management, execution and/or conclusion of the online sales contract. The data provided will be processed by the Data Controller for the purpose of managing the purchase order with reference, for example, to the activity of payment, shipping, taking charge of any returns, for customer service, for the execution of administrative – accounting purposes related to the management of the order, for the fulfillment of obligations under applicable law. In case of payment by credit card, the fundamental information for the execution of the transaction (credit/debit card number, expiration date, security code) will be processed by PayPal.
4) PROFILING OF THE PERSON: only after an eventual and explicit consent, the personal data provided may be processed by the Owner of the Treatment for profiling activities, or rather analysis of preferences aimed at the creation of personalized content and offers.
NATURE OF THE PROCESSING
In relation to the purposes referred to in point 1) of the preceding paragraph, the provision of personal data and consent to their processing is optional. Failure to provide consent will make it impossible for the data controller to allow subscription to the newsletter, the sending of commercial or promotional communications, updates relating, for example, to the latest trends, new arrivals, exclusive offers, special events and promotions.
If the user decides to subscribe to the newsletter through the section of the site dedicated solely to this activity, the provision of personal data and consent to their processing is mandatory. Failure to provide consent will make it impossible for the owner to allow subscription to the newsletter, the sending of commercial or promotional communications, updates on, for example, the latest trends, new arrivals, exclusive offers, special events and promotions.
In relation to the purposes referred to in paragraph 2) of the preceding paragraph, the provision of personal data and consent to their treatment is required. Failure to provide consent will make it impossible for the owner to allow registration on leontinevintage.com, the creation of a personal account, speed up the purchase process, view the status of orders and receive updates on purchases made, the ability for the user to change personal settings and update the account, to view the history of returns and requests for change of goods, to save favorite items in the Wishlist.
In relation to the purposes referred to in paragraph 3) of the preceding paragraph, the provision of personal data and consent to their treatment is required. Failure to provide consent will make it impossible for the owner to proceed with the establishment, management, execution and / or conclusion of the contract of sale online, therefore, the inability to perform, by way of example, activities related to payment, shipping, taking charge of any returns, customer service activities, the execution of administrative – accounting purposes related to the management of the order, and the fulfillment of obligations under applicable law.
In relation to the purposes referred to in paragraph 4) of the preceding paragraph, the provision of personal data and consent to their treatment is optional. Failure to provide consent will make it impossible for tirolare to carry out profiling activities, or to carry out analysis of preferences aimed at creating personalized content and offers.
PERSONAL DATA PROCESSED
The personal data processed by the Owner are those provided by the user when browsing the website www.leontinevintage.com, when registering / subscribing to services / programs made available by Leontine Vintage and / or any purchase of products made available by the owner, such as, for example: name, surname and e-mail address, in addition to data necessary for the provision of online sales service such as, for example, those functional to the execution of payment and shipping / exchange of products purchased.
MODE ‘OF PROCESSING AND STORAGE OF DATA
The processing of personal data is performed by the Owner in compliance with the provisions of current legislation on Privacy. The Holder carries out the treatment of personal data through computer and/or telematic instruments and with organizational and logical modalities strictly related to the pursuit of the purposes indicated in this informative report, as well as adopting the appropriate security measures in order to prevent unauthorized access, disclosure, modification or destruction of personal data, their loss and their illicit and incorrect use. However, the Company cannot guarantee its users that the measures taken for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or dispersion of data by devices belonging to the user. For this reason, it is suggested to the users of the site to make sure that their computer is equipped with software suitable for the protection of the network transmission of data (for example updated antivirus) and that their Internet Provider has adopted appropriate measures for the security of the network transmission of data. The company also undertakes to treat the data according to the principles of correctness, lawfulness and transparency, to collect them in the necessary and exact measure for the treatment and to allow the use only by personnel authorized for this purpose. The management and storage of personal data acquired will take place in archives or on servers located within the European Union owned by the owner and / or third party companies appointed as external managers of the treatment and, however, currently located in Italy. In relation to the different purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve them and, in any case, in accordance with the regulations in force. In any case, the Company will take care to avoid the use of data indefinitely by proceeding, on a periodic basis, to properly verify the actual permanence of the interest of the person to whom they relate.
REPRESENTATIVES AND RESPONSIBILITIES FOR THE PROCESSING
The collected data will not be in any way diffused, but will be processed within the limits and for the purposes described by the employees/collaborators of the company on the basis of adequate operational instructions (for example, administrative, commercial, marketing, legal, system administrators, etc.). Some data processing operations may also be carried out by third parties, appointed as External Data Processors, which the Data Controller uses or may use for the management of the contractual relationship, the provision of services offered and for organizational needs of its business. In particular, the data could be communicated to:
1) subjects, public and private, who can access the data by virtue of a provision of law, regulation or legislation, within the limits provided by these rules;
2) subjects who need access to data for purposes related to the contractual relationship between the parties, to the extent strictly necessary to carry out auxiliary tasks (such as, for example, banks and credit institutions, suppliers of technical services, hosting providers, computer companies, communication agencies, postal couriers and shipping companies);
3) consultants, to the extent necessary to carry out their professional duties.
The updated list of the External Managers and of the subjects authorized to the treatment is kept at the headquarters of the Owner of the treatment and is available to the interested party, upon request to be made by e-mail at firstname.lastname@example.org.
TRANSFER OF DATA ABROAD
The management and storage of personal data will take place on servers of the Owner and/or third party companies duly appointed as External Managers of the treatment located within the European Union. Personal data may be transferred abroad, in accordance with the provisions of current legislation, even to countries outside the European Union. The transfer to non-EU countries, in addition to the cases in which this is guaranteed by Adequacy Decisions of the Commission, is carried out in such a way as to provide appropriate and suitable Guarantees in accordance with articles 46 or 47 or 49 of the Regulation.
RIGHTS OF DATA SUBJECTS
As a Data Subject, you may exercise, at any time, the rights provided for in Articles 15, 16, 17, 18, 20 and 21 of the GDPR which confer, in particular, the right to:
1) obtain from the Data Controller, pursuant to Article 15, confirmation as to whether or not personal data relating to you are being processed and, if so, obtain access to such data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients located in Third Countries or International Organizations; (iv) when possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine such period;
2) obtain from the Data Controller, pursuant to Article 16, the rectification of inaccurate personal data concerning him/her without undue delay; taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
3) obtain from the Data Controller, pursuant to Article 17, the erasure of personal data concerning him/her without undue delay. The Data Controller is obliged to delete, without undue delay, the personal data if one of the reasons indicated in paragraph 1 of Article 17 exists;
4) obtain from the Data Controller, pursuant to Art.
4) to obtain from the Data Controller, pursuant to Art. 18, the limitation of the processing when one of the hypotheses governed by paragraph 1 of Article 18 applies;
5) to obtain from the Data Controller, pursuant to Article 20, the portability of the data, that is, to receive in a structured, commonly used and machine-readable format, the personal data concerning him/her provided to a Data Controller. The interested party also has the right to transmit such data to another data controller without hindrance from the first data controller to which he or she has provided them, should the conditions indicated in Article 20, paragraph 1, apply. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
6) to object, in whole or in part, pursuant to Article 21, to the processing of personal data concerning him/her. In order to exercise his rights, the user may send his requests to [email@example.com].
We also point out that the interested party has the right to revoke his consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation, without prejudice to the consequences indicated above regarding any refusal to provide such personal data. The Data Subject also has the right to lodge a complaint with a Control Authority.
He may make requests regarding the exercise of these rights by contacting the Data Controller at the e-mail address firstname.lastname@example.org.
The Data Controller undertakes to respond to the Data Subject’s requests within one month, except in cases of particular complexity for which it may take a maximum of three months. In any case, the Data Controller will inform the interested party of the reason for the wait within one month from the request. The outcome of the request will be provided in writing or in electronic format. In the event of a request for rectification, cancellation or limitation of processing, the Data Controller undertakes to communicate the outcome of the request received from the Data Subject to each of the recipients of his data, unless this proves impossible or involves a disproportionate effort.
The Company specifies that the interested party may be asked for a possible contribution if the requests are manifestly unfounded, excessive or repetitive; in this regard, the Data Controller will set up a register to track the requests for intervention.
MODIFICATIONS TO THIS INFORMATION