Dear user, this document has been prepared to provide you with all the information about how your personal data will be processed and handled during your navigation and use of our eShop.
The following information is provided pursuant to the European Regulation 2016/679 (hereinafter referred to as "GDPR"). The data controller - pursuant to Article 4, paragraph 1, no. 7) of the GDPR - is Bisù - Milan.
PURPOSE AND LEGAL BASIS OF PROCESSING
Your personal data is processed in accordance with the GDPR and the applicable legal provisions on the processing of personal data. Please also note that the processing in question, is based on the principles set out in Article 5 of the GDPR, and in particular on the principles of correctness, lawfulness, transparency and protection of the confidentiality and rights of the data subjects.
The personal data provided will be processed by the Data Controller for the purposes listed below:
- compliance with obligations under laws or regulations;
- compliance with fiscal and accounting obligations
- providing services requested by you;
- sending marketing information through digital and non-digital channels (such as Facebook; e-mail addresses; brochures);
- any contact requests or information you may send;
The provision of personal data is
- compulsory in relation to obligations under laws, regulations and/or EU legislation and orders from legitimate authorities and supervisory bodies, as well as tax and accounting obligations;
- strictly necessary for the conclusion of contractual relations or the management and execution of existing contractual relations and those in the process of being established. Refusal of consent will not allow you to receive marketing information from the Data Controller or to use the services described therein.
As set out below, your rights under the GDPR and applicable law include the right to withdraw your consent at any time. If you do so, the Controller may not continue to use your personal data for the purposes for which your consent was revoked.
PROCESSING METHODS AND STORAGE TIMES
Your personal data will be processed in printed, computerized and telecommunication form, using methods that guarantee data security and confidentiality in accordance with the provisions of Article 32 of the GDPR. Please note that your data will only be processed for the time strictly necessary to achieve the purposes for which the data was collected, specified in point 1 above, and in no case for more than ten years, as specified for accounting records pursuant to Article 2220 of the Civil Code.
COMMUNICATION OF PERSONAL DATA
In order to achieve the purposes described in point 1 above, the Data Controller may have to disclose the user's personal data to third parties in the following categories: 1. authorities and supervisory bodies; 2. subjects who fulfil administrative and fiscal obligations on behalf of the Data Controller; 3. parties appointed by the Data Controller pursuant to Article 28 of the GDPR as data processors, i.e., a natural person or corporate entity that processes personal data on behalf of the Data Controller; 4. parties that provide services for the management of digital and non-digital communications; 5. parties whose services the Data Controller uses to provide the requested service.
RIGHTS OF THE DATA SUBJECT
By sending a request directly to the Data Controller's registered office at the above address or to the email address email@example.com, you can exercise the following rights at any time, in accordance with Articles 15 to 22 of the GDPR:
- the right to obtain confirmation of any processing of personal data concerning you;
- the right to obtain information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the storage period;
- the right to obtain the rectification or erasure of personal data concerning him/her;
- the right to obtain the restriction of processing of personal data concerning him/her;
- the right to obtain data portability, i.e. the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable format, and the right to transmit the data to another controller without hindrance;
- the right to object at any time to the processing of personal data about you, including processing for direct marketing purposes;
- the right not to be subject to decision-making based solely on automated processing of data on natural persons;
- the right to ask the Controller to provide access to data, to rectify or erase them or to restrict the processing of your data or to object to their processing and the right to data portability;
- the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal;
- the right to lodge a complaint with a supervisory authority.
For any clarification, question or need related to your privacy or to exercise your rights recognized by the GDPR (see point 6), you can contact us by sending a request to our Customer Service by sending an email to firstname.lastname@example.org.