1.1 YEZAEL SRL, with fiscal code and VAT number 10543850969, advises that the personal data collected by way of the use of the website (hereinafter Website), shall be processed in compliance with the following policy which constitute the present Statement (hereinafter Statement), compliant with the Regulation (EU) 2016/679 published in the OJEU of 23 May 2018.
1.2 The present Statement concerns only the website and it is not valid for the consultation, through any link, of other websites by the users (hereinafter Users).
2) DATA CONTROLLER
2.1. The controller of the processing of the data regarding the present Statement is YEZAEL SRL, with fiscal code and VAT number 10543850969, (hereinafter “Controller”), which shall be contacted at the following email address: firstname.lastname@example.org.
The Controller declares that the personal data provided by the Users by the way of use of the Website shall be processed according the General Data Protection Regulation (GDPR) provisions.
3) DATA PROCESSOR
3.1. The data processor shall be the subject appointed pro-tempore by the Controller, whose name shall be available at the registered office of the Controller.
4) TYPE OF THE PROCESSED DATA, POURPOSE AND PROCEDURES OF HANDLING
4.1 The Controller collect individually identifiable data sent by the Users by the way of use of the Website and other data not individually identifiable collected through cookies.
The Controller collect personal data of the Users who use the Website and therefore, including but not limited to, of the Users who place purchase orders of the products published on the Website, who subscribe Website’s Newsletter, who fill out on-line surveys, who participate in promotions and offers related to the product published on the Website. The personal data above mentioned shall consist in, including but not limited to:
- Users’ name and surname;
- Users’ email address;
- Users’ billing address;
- Users’ residence or domicile;
- delivery address of the products of the purchase order;
- Users’ telephone number;
- Users’ credit card data;
- consumer patterns, lifestyle and preference or products choices.
The Controller declares that all the above mentioned data shall be processed in compliance with Users’ privacy, and to all the guarantees and necessary measures provided for by the existing laws (for example but not limited to the GDPR), in order to guarantee the privacy, the security and integrity of the data.
The processing of personal data will take place using electronic and/or manual means, with the same standards that are compatible with the purposes and in compliance with all the safety measures provided by law, in order to ensure the confidentiality, security and integrity of such data.
4.2 Navigation data - The IT systems and the software procedures used to operate the Website collect, during their normal exercise, some personal data transmitted with communication protocols of the Internet. Those data concern information which is not collected to be associated with specific individuals, but by their own very nature could enable the identification of the customers by processing and associating with data collected by third parties.
This category of data includes IP addresses or domain names of computers used by Users who connect to the Website; URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.) and other parameters about the operating system and the user's IT environment.
This data is used only to obtain anonymous statistical information on the Site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website except for this possibility, the data containing web contacts are not stored for more than 7 days.
4.3 Mandatory data – the submission of certain types of data is necessary and so mandatory, in order to fulfill specific Users’ requests.
Users are always free not to submit their personal data, but as a consequence could be not possible for the Controller to fulfill their request as, for example including but not limited to, successfully perform the on line purchase of the products published on the Website.
The submission of the personal data is mandatory for the following Users’ utilization of the website:
- the subscription to the Newsletter of the website (mandatory: Users’ e-mail address and name);
- the registration on the website for the creation of a personal account (mandatory: name, surname, e-mail address, password and residence);
- the purchase of products published on the website (mandatory name, surname, delivery address included City, Postal Code, State), telephone number, e-mail address, password, utilized credit card data.
All the above mentioned data shall be processed through paper and electronic supports and shall be stored at Controller’s registered office until the Users will maintain their subscription to the Websites’s Newsletter, their personal account on the Website, without prejudice to the storage periods determined by law.
At the expiring of the storage periods the data shall be automatically deleted or permanently modified into anonymous form.
4.4 Non-mandatory Data – The Controller shall collect non-mandatory data, for whose processing Users’ free consent is required. The consent shall be given through the use of the website, for example inside the Newsletter’s subscription form, during the registration process for a new account or at the time of a purchase order of products published on the Website .
Such data may include, for example but not limited to:
- full name, sex, date of birth, complete address, telephone number, email address, occupation, preferences and consumption habits.
Failure to grant consent for the processing of these data does not affect the ability for users to use the Website through the methods listed in paragraph 4.3 above.
4.5 The mandatory data will be processed for the following primary purposes:
- in relation to Users’ Website’s modalities of use (such as those described above in point 4.3);
- performance of ordinary management accounting and administrative; activities;
- fulfillment of laws provisions and, be they fiscal, administrative, contract or tortious;
- protection of the Controller’s rights and of their staff;
- processing in an anonymous and/or aggregate of the data for statistical purposes, for the monitoring of the Website.
In all the cases listed above, the Controller has no obligation to acquire the specific consent by Users, as they are designed to achieve the primary purpose of processing personal data pursuant to the Directive 95/46/EC.
The data used for these purposes will be processed with both electronic and paper media and will be kept by the Controller exclusively as long as Users will maintain their subscription to the Website’s Newsletter, except for any conservation different target times prescribed for by laws.
After such storage times, the personal Data shall be automatically deleted or permanently anonimysed.
4.6 The non-mandatory data, will be processed for the following secondary objectives of marketing and profiling:
- sending advertising material or commercial communications or for direct sales other than newsletter, for solicitation to purchase behavior, market research, surveys, statistics;
- definition of individual or collective profiles of customer segments with homogenuos characteristics, of propensity to consume.
Through the authorization to treatment for the above purposes of marketing and profiling, users specifically acknowledge these promotional, sales and marketing in the sense of the processing (including the consequent managerial and administrative activities) and expressly authorize such treatment pursuant to the Directive 95/46/EC.
The consent eventually given includes the receipt of commercial communications not only through automated contact, but also through traditional methods such as paper mail or operator calls.
Users have the right to revoke any consent given for the processing of their personal data for marketing purposes and profiling, in whole or only in relation to certain procedures, by sending an e-mail to this end to email@example.com.
The data requested for these purposes will be processed with both electronic and paper media and will be retained by the Controller for a period not exceeding twelve months, for the profiling purposes and twenty-four months for marketing purposes, starting from registration for such purposes .
After such storage times, the non-mandatory data will be automatically deleted or permanently modified into anonymous form while those already collected for the purposes referred to in paragraph 4.5, will cease to be processed for marketing and profiling purposes.
4.7 The consent to the processing of mandatory data for other purposes, even for purposes provided above at 4.6 shall be required. In case Users do not give the consent to the processing of such data for such purposes, however, the data given will never be processed by the Controller for the purposes provided in paragraph 4.6.
Except for the exception to what has just been set out under Directive 95/46/EC, which provides that the consent given by Users, in relation to promotional activity carried out through e-mail , is not required where such activity is related to goods and services similar to those already purchased by customers and the Users, correctly informed, have not initially refused such use or during subsequent communication.
5) COMMUNICATION OF DATA OF THIRD PARTIES
Users acknowledge that the indication of personal data and contact of any third party constitutes processing of personal data with respect to which Users are presented as autonomous controllers, assuming all the obligations and responsibilities under the Codice Privacy. Users guarantee starting from now that these data have been acquired in full compliance with the Codice Privacy and undertake to indemnify the Controller of any dispute, claim or action that any third party were to move towards the same Controller.
6) COMMUNICATION OF DATA TO THIRD PARTIES
6.1 The Users’ data may be communicated to third parties to whom the owner has concluded commercial agreements, in order to pursue the same secondary purposes of marketing and profiling set out in previous paragraph 4.6.
This activity is subject to discretionary consent given by Users, which must give it separately and in a separate box graphically distinguished. Users shall revoke the consent with the same procedure provided for in paragraph 4.6.
6.2 Managers or processors employees of the Controller can become aware of personal data referred to in this Statement, each limited to their competences and tasks and on the basis of the assigned tasks and instructions given.
6.3 The Controller shall communicate the personal data of Users, for the primary purposes listed above, to any third party whose intervention in the processing is necessary for the ordinary management activities, accounting and administrative, such as, but not limited to:
- companies of the group;
- to third-party suppliers required for the sole purpose of providing the requested service;
- postal service company,
- banking institutions and financial intermediaries,
- legal and notary offices,
- consultants, including associations,
- service companies,
- as well as to other parties in compliance with any legal obligations.
The data processed for the purposes set forth herein shall be communicated, respecting the specific security measures, to third parties, designated as managers or agents, of whom the controller may use for various services (postal services, technical assistance and information, and similar).
6.4 In certain specific cases, personal data may also be transferred abroad, to entities based in countries even outside the European Union. In such cases, the transfer of data abroad will be made exclusively and in compliance with the provisions of Articles 42 to 45 of the Codice Privacy.
6.5 Personal data covered by this statement shall not be diffused in any case.
7) RIGHTS OF THE INTERESTED PARTY
Users may at any time contact the Controller in order to exercise the rights provided for by Article 7 of the Codice Privacy.
Users have the right to obtain at any time confirmation of the existence or not of their personal data, to know their content and origin, verify and request the integration, updating or rectification.
Users also have the right to request cancellation, modification into anonymous form or blocking of data processed unlawfully, and to oppose in any case, for legitimate reasons, their treatment. For the exercise of such rights, or to get any information, requests should be addressed:
- By email to the following address :