PRIVACY POLICY ON PERSONAL DATA PROCESSING

As required by the national and European legislation on the protection of personal data, specifically referring to the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, “GDPR”), the Italian legislative decree 196/2003, as well as any other legislation on the protection of personal data applicable in Italy, including the provisions of the Guarantor, hereinafter for brevity also “Privacy Policy”, Idea Ricami Srl, with registered office in Via Roma, 140 36040 Torri Di Quartesolo (VICENZA), (hereinafter, “Idea Ricami”), as the Data Controller, makes available this notice pursuant to Article 13 of the GDPR with reference to the processing of user data (hereinafter, “User” and/or “Users”) collected through the website www.dilisaofficial.com (hereinafter, also the “Site”).

 

PRELIMINARY REMARK

Idea Ricami takes the protection of your personal data seriously. The principles outlined below are the cornerstones of Idea Ricami’s approach to privacy. Your personal data in accordance with Article 5 (1) of the GDPR will be:

a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes set out in the following paragraphs and subsequently not processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date, stored in a form which allows Your identification for no longer than is necessary for the purposes for which the personal data are processed;
e) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

In addition, Idea Ricami undertakes to take every reasonable step to ensure the timely rectification and/or erasure of data that are inaccurate having regard to the purposes for which they are processed.

 

TYPE OF CUSTUMER DATA PROCESSED

Idea Ricami processes the following types of personal data (hereinafter, “Data”) provided by Users of the Site:

  1. Data obtained during the User’s browser navigation

Computer systems, cookie technology and software procedures used to allow the website www.dilisaofficial.com to function acquire, over their normal operation, certain data whose transmission is implicit in the use of Internet. This is a piece of information that is not collected in order to be associated with identified interested individuals, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify navigating users. This category of data includes, for example, the pages visited by Users within the same, the domain names and addresses of the websites from which the User has logged in (by referral) to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server, and other parameters relating to the type of browser (e.g. Internet Explorer, Firefox), operating system (e.g. Macintosh, Windows) and the User’s computer environment. Such data may be used to determine responsibility in case of hypothetical computer crimes against the Site www.dilisaofficial.com.

The abovementioned Data are collected through technical cookies and analytical cookies. For more information on browsing data, Users are invited to consult the Site’s Cookie Policy.

  1. Personal data provided by Users when accessing the purchasing system

The execution of the purchase process will require the provision to Idea Ricami by the User of the following identifying data: first name, last name, e-mail, address, phone number, credit card number, the billing and delivery addresses of your orders necessary to complete the sale process.

Please note that the User’s bank details never appear unencrypted on the servers. Payments are made through a secure payment platform compliant with the PCI-DSS standard, supplemented by control measures to ensure the security of purchases made on www.dilisaofficial.com and to combat fraud. The credit card details communicated at the time of the order never appear unencrypted on the Internet: they are encrypted using the TLS (Transport Layer Security) protocol and they are only saved on the payment provider’s platform.

  1. Personal data provided by Users when subscribing to the newsletter

If the User subscribes to the newsletter via the contact form on the Site, he/she will provide Idea Ricami with the following identifying data: first name, last name, e-mail. All or some of these personal data are provided by the User contacting Idea Ricami via e-mail at the contact link indicated on the Site.

  1. Personal data provided by Users when opening an account on the Site

If the User creates his/her own account via the contact form on the Site, he/she will provide Idea Ricami with the following identifying data: first name, last name, e-mail, address, phone number, date and place of birth. These personal data are provided by the User while contacting Idea Ricami by completing the account creation form on the Site.

 

PURPOSE ON DATA PROCESSING

  1. The Data provided by the User will be processed without the User’s prior consent in accordance with Article 6 letter f) of the GDPR on the basis of Idea Ricami’s legitimate interest in improving the stability and functionality of the Site for the following Service purposes:
    1. For the administration and processing of statistical surveys on the use of the Site;
    2. To carry out the maintenance and technical support necessary to ensure the proper functioning of the Site and of its related services;
    3. To improve the quality and structure of the Site and to create new services functionalities and/or features of the Site as well;
    4. To process a possible newsletter membership request submitted by the User by filling out the appropriate form or by e-mail;
    5. To process a purchase request forwarded by the User on the Site;
    6. To allow Idea Ricami to exercise its rights in court and suppress illegal behavior;
    7. To comply with legal or regulatory obligations.
  2. The Data provided by the User when accessing the purchase system in accordance with the point 2 of the preceding article will be processed with the User’s prior consent in accordance with Article 6 letter b) of GDPR for the following purposes:
    1. To enable User’s requests to be instructed;
    2. To enable User’s orders to be processed and handled;
    3. To allow to process and manage the payment of the User’s order;
    4. To ensure the security of online transactions to prevent fraud payment incidents and to manage collections (as determined by the Terms and Conditions of Sale published on the Site) particularly through the automated processing of User’s data.
  3. The Data provided by the User when subscribing to the newsletter in accordance with the point 3 of the preceding article will be processed with the User’s prior consent in accordance with Article 6 letter a) of GDPR for the following purposes:
    1. To enable User’s requests to be instructed;
    2. To enable User’s requests to be answered;
    3. To enable contact with the User;
    4. To allow the User to be informed about new products and/or promotional campaigns;
    5. To enable a periodic newsletter to be sent to the User.
  4. The Data provided by the User when accessing the account opening system in accordance with the point 4 of the preceding article will be processed in order to ensure the execution of the contract with the User in accordance with Article 6 letter b) of GDPR for the following purposes:
    1. To enable User’s requests to be instructed;
    2. To enable the User to create an account on our Site;
    3. To allow the correct management of the relationship with the User and to allow Idea Ricami to manage the procedures associated with the opening of the customer account application;
    4. To enable the User to manage the access to his/her account on the Site;
    5. To enable the User to process and treat product purchase orders and return requests as part of our service including the release of a transport voucher to send items and shipping vouchers subject to compliance with the Terms and Conditions of Sale published on the Site;
    6. And with the User’s prior consent in accordance with Article 6 letter a) of GDPR which can be withdrawn at any time:
      1. To send information on special offers, news, and events through the communication means chosen by the User;
      2. To offer a customized interface or a customized presentation of our offers in our e-mails;
      3. To send product-related commercial communications.

NATURE OF PROVIDING DATA

The data provision by the User is:

  • Mandatory for the purposes referred to in the previous article, point 1. Any refusal to provide these Data may result in the inability to provide the services;
  • Optional (and in any case revocable without formality even after the provision, by sending an e-mail to info@dilisaofficial.com) for the purposes referred to in the previous article, point 2 and point 4. Any refusal to provide these Data may result in the impossibility of establishing and managing a practice headed to the establishment of a contractual relationship with the User aimed at the purchase of products on the Site, or of handling the account with regard to returns and refunds;
  • Optional and voluntary (and in any case revocable without formality even after the provision, by sending an e-mail to info@dilisaofficial.com) for the purposes referred to in the previous article, point 3. Any refusal to provide the Data will have as its only consequence, the impossibility for Idea Ricami to manage the User’s request as far as the subscription to the newsletter is concerned.

 

METHODS OF PROCESSING DATA

a) The processing of User’s Data is carried out by means of the operations indicated in Article 4 n. 2 of GDPR and in particular: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, access, use, interconnection, blocking, communication, erasure and destruction of data.

b) User’s Data are processed by automated and non-automated means, only for the time strictly necessary in relation to the purposes for which they are processed and, in any case, no longer than 10 years after their collection for the purposes of service, and/or for the purposes of finalizing the contractual relationship, and/or 10 years from the User’s request to unsubscribe from the newsletter mailing lists.

c) The User’s credit card data will be stored for a maximum period of 15 months after the order payment.

d) User’s Data will be processed by individuals entitled to execute the tasks under the service, those being constantly identified, properly instructed and informed of the security obligations under the GDPR as well as the obligations set by the Controller.

 

DATA ACCESS

Data may be made available exclusively for the above purposes to the following individuals:

a) Employees and assistants of Idea Ricami or associated and/or subsidiary companies;

b) Subcontractors, such as:

  • our providers of hosting and site maintenance services and of dematerialized data collection solutions;
  • our logistics service providers;
  • our transport service providers;
  • our marketing solutions providers;
  • our business development management and communication providers on social networks;
  • associations or professional firms providing support and consultancy services and activities.

c) Third-party companies or other entities in their capacity as data processors (by way of illustration, companies providing services, with regard to management services of the information system used by Idea Ricami and telecommunications networks, providers, as well as management of mail services, and in particular the Smooth Progress Stl Startup Innovativa provider, with registered office in Via G. Verdi 13, Rimini;
d) Our payment service providers, depending on the payment method chosen at the time of the order. For further information, the User may consult the privacy policies of our payment service providers:
PayPal (Europe) S.a.r.l. and CIE (Luxembourg, EU). For further information you can consult the PayPal Privacy Policy.
e) The Data Controller’s sales network.

DATA DISCLOSURE

Without the User express consent, in accordance with Article 6 letter b) and c) of GDPR, the Data Controller may communicate the User Data for the purposes of Service referred to in Article II point 1) to Supervisory Boards, Judicial Authorities as well as any other entity to whom the communication’s required by law for the fulfillment of those purposes, as autonomous Data Controllers. User Date will not be subject to disclosure.

 

DATA TRANSFERT

The Data provided by the User is processed electronically through the use of the Digital Ocean provider; the related Privacy Police will be available on the website: www.dilisaofficial.com. In this context, Data will be processed and stored within the European Union.

The management and storage of the Data will take place on the Digital Ocean server and used Smooth Progress Srl Startup Innovativa, with registered office in Via G. Verdi 13, Rimini, located within the European Union.

 

EXISTENCE OF AN AUTOMATED INDIVIDUAL DECISION-MAKING PROCESS, INCLUDING PROFILING

The Data Controller does adopt automated decision-making processes, including profiling, as referred to in Article 22 paragraph 1 and 4, of GDPR. The User’s personal Data may also be processed for profiling purposes (such as analysis of the data transferred and of the products chosen, in order to propose advertising messages and/or commercial proposals in line with the choices made by the Users themselves) exclusively if the Data Subject has provided explicit and spontaneous consent, which is always revocable.

 

DATA CONTROLLER AND PROCESSOR

The Data Controller is Idea Ricami Srl, with registered office in: Via Roma, 140, 36040 Torri di Quartesolo VI, Italy.

The main contact point for the exercise of rights as referred to in Article 26 of EU Regulation 2016/679 is the Data Processor at the following contacts: info@dilisaofficial.com.

The identification details of Data Controllers are as follows: Smooth Progress Stl Startup Innovativa provider, with registered office in Via G. Verdi 13, Rimini; Website manager and mail services manager.

 

USER LEGAL RIGHTS

The User will be able to exercise the rights referred to in Article 15 of GDPR.

In particular, the User has the right at any time to obtain from Idea Ricami confirmation on the existence or not of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form.

In addition, the User has the right to obtain confirmation:

  • i) On the origin of personal data;
  • ii) On the purposes and methods of processing;
  • iii) On the logic applied in case of processing carried out with the assistance of automated tools;
  • iv) On the identification details of the Data Controller, of the Data processors and of the designated representative;
  • v) On the individuals or categories of individuals to whom the personal data may be disclosed or who may be informed in their quality as designated representatives in the State territory, on managers or appointees;
  • vi) On the storage period.

The User has also the right to obtain:

  • i) The update, the rectification or, when interested, the integration of the Data;
  • ii) The erasure, transformation into anonymous form or the arrest of Data processed in violation of the law, including Data whose storage is not necessary in relation to the purposes for which the Data were collected or subsequently processed;
  • iii) The certification that the operations as referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the Data have been communicated or disclosed, unless this obligation proves impossible or involves such disproportionate means compared to the protected right.

The User has the right to object, in whole or in part:

  • i) for legitimate reasons to the processing of personal data concerning him/her, although pertinent to the purpose of collection;
  • ii) to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market researches or commercial communications.

The User has also the right to:

  • i) Obtain the restriction of processing or object to processing of personal data;
  • ii) Obtain the portability of Data, which means receiving it from a Data Controller, in a structured, commonly used and machine-readable format, and transmit it to another Data Controller unhindered;
  • iii) Withdraw consent at any time without affecting the lawfulness of processing based on the consent given before the withdrawal;
  • iv) Lodge a complaint to the Supervisory Authority.

Any rectification or erasure or restrictions of processing carried out at the request of the person concerned – unless this proves impossible or involves a disproportionate effort – will be communicated to each of the recipients to whom the personal data were disclosed. The User who requests it may receive a list of such recipients.

The exercise of those rights is not subject to any formal constraints and is free of charge and may be exercised by sending an e-mail to info@dilisaofficial.com.