Terms and Privacy

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION NO. 2016/679 (GDPR)

 

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller is Ditta Artigianale s.r.l. (VAT No. 06445470484), with registered office in Florence, via dei Neri 30r – 32r, ZIP 50122, represented by its legal representative pro tempore, Mr. Francesco Sanapo, whose contact details are as follows:

- tel: 055 274 1541

- email: francesco@dittaartigianale.it

- address: via dei Neri 30r – 32r, 50122 Florence.

The Data Controller has not appointed a Data Protection Officer (D.P.O.).

 

2. PERSONAL DATA SUBJECT TO PROCESSING

Within the limits of the purposes and methods defined in this notice, personal data voluntarily provided to the Data Controller are subject to processing, namely contact data such as name, surname, address, email, phone number, tax code, and VAT number, images, authentication credentials, and any additional information sent even when contacting customer support.

Data acquired automatically for the normal functioning of the website is also subject to processing, such as IP addresses or domain names of the computers used by users connecting to the website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the user's operating system and computing environment. This information, by its very nature, could, through processing and associations with data held by third parties, allow the identification of the computers connecting to the site.

The Data Controller may receive information related to the Data Subject from other sources, such as couriers, regarding updated information on delivery and address, which may be used and/or processed to deliver future orders more smoothly.

 

3. COOKIES

The website uses cookies and other similar technologies both in the essential form for its operation ("technical" cookies, information without which the website cannot function) and for purposes of navigation personalization, marketing, statistics (in this case in anonymous form). They are stored to be transmitted during the next visit of the Data Subject. The complete Cookie Policy can be viewed at link in the footer.

 

4. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

The data provided by the Data Subject during or in relation to purchases made on the Site will be processed by the Data Controller in order to receive and manage orders, provide the purchased products and/or services, process payments, and send the Data Subject communications related to their orders and products. For these purposes, the processing is based on art. 6.1 letter (b) of the GDPR as it is necessary for the execution of a contract to which the Data Subject is a party. The failure to provide data for these purposes prevents the completion and execution of the contractual relationship.

The data provided by the Data Subject may also be processed:

- for the management of the Data Subject's personal account;

- for communications, support, and contact with the Data Subject, or to respond to their requests;

- for marketing purposes, including through newsletters, related to products and/or services of the Data Controller;

- to conduct market research using automated and traditional methods.

In the cases listed above, the provision of data by the Data Subject is voluntary (therefore based on art. 6.1 let. (a) of the GDPR). The Data Subject may choose not to provide their data but, in that case, Ditta Artigianale may not be able to fully or partially meet their requests.

The Personal Data of the Data Subject may also be used by the Data Controller to protect themselves in court before the competent judicial authorities as well as to fulfill any obligation provided by current regulations, laws, and regulations, including tax and fiscal matters.

The use of the Data Subject's data for any other purposes will be subject to a specific request for consent.

 

5. PROCESSING METHODS

Personal data may be processed through both paper and electronic archives (including portable devices) and processed in ways strictly necessary to meet the above-mentioned purposes by subjects, internal or external, specifically appointed for this purpose, committed to confidentiality. The data is stored in electronic and paper archives with full assurance of the security measures provided by the legislator.

 

6. COMMUNICATION AND TRANSFER OF DATA TO NON-EU COUNTRIES

The data may be communicated:

- to internal subjects of Ditta Artigianale s.r.l. specifically authorized to carry out activities related and instrumental to the management of the requested services;

- to specifically appointed Data Processors.

The data provided is stored at the headquarters of the Data Controller and on servers located within the territory of the European Union and will not be subject to any transfer outside of that territory.

The Data Controller may also communicate the data of the Data Subject referred to in point 2, for the purposes referred to in point 4 to public entities required by law, to judicial authorities, as well as to all those subjects to whom communication is mandatory for institutional purposes.

These subjects will process the data in their capacity as independent data controllers.

 

7. DATA RETENTION PERIODS

The data will be retained for a period not exceeding the achievement of the purposes for which they are processed, including those of archiving and safeguarding the rights of the Data Controller, in full compliance with the data retention limitation principle provided by the GDPR and/or for the time necessary for legal obligations. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.

 

8. RIGHTS OF THE DATA SUBJECT

With reference to the data, the Data Subject has the right to request the Data Controller, in the manner indicated and in the cases provided for by the GDPR:

- the right of access to data (the Data Subject has the right to obtain confirmation of the existence of processing as well as information about the data processed and the right to receive a copy of the same);

- the right to rectification of inaccurate data and the completion of incomplete data (the Data Subject has the right to request the updating or correction of their personal data);

- the right to erasure of data, so-called “right to be forgotten” (the Data Subject may request the erasure of their personal data in the cases and under the conditions provided for in Article 17 GDPR);

- the right to restriction of processing in the cases provided for (the Data Subject may request the restriction of the processing of their data in the cases referred to in Article 18 GDPR. If processing is restricted, personal data will be processed, except for storage, only with the consent of the Data Subject or for the establishment, exercise, or defense of a right in legal proceedings or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or a Member State);

- the right to data portability (in the cases and under the conditions provided for in Article 20 GDPR, the Data Subject has the right to receive their data in a structured, commonly used, and machine-readable format and, where technically feasible, to obtain the transfer without hindrance to another Controller);

- the right to object to processing (the Data Subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them pursuant to Article 6, paragraph 1, letters e) or f), including profiling based on such provisions. The Data Controller refrains from further processing the personal data unless there are compelling legitimate grounds for proceeding with the processing that override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defense of a right in legal proceedings);

- the right to withdraw their consent at any time if the processing is based on Article 6, paragraph 1, letter a), or on Article 9, paragraph 2, letter a) of the GDPR. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.

The Data Subject always has the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data), pursuant to Article 77 of the GDPR, if they believe that the processing of their personal data is contrary to the applicable regulations.

 

9. MODALITIES FOR EXERCISING RIGHTS

For the exercise of the aforementioned rights, the Data Subject must submit their request directly to the Data Controller at the contacts indicated in the paragraph “Identity and contact details of the Data Controller.”