Privacy Policy
Privacy Policy
Ms Carlotta Ontani, 47032 Bertinoro (FC), Via Cellaimo 2299, VAT no.: 04468560406 (hereinafter referred to as "Data controller" o "Owner") constantly strives to protect the online privacy of individuals when browsing the website https://www.designstaging.it/ (hereinafter referred to as 'Website") and all pages that can be traced back to that domain.
This document describes every aspect relating to the processing of Personal Data carried out in respect of Users/visitors and users of the Website services (hereinafter also referred to as "Users" o "Interested") in accordance with the provisions of Article 13 of EU Regulation No. 2016/679 (hereinafter "Regulation").
- Data controller
Mrs. Carlotta Ontani, 47032 Bertinoro (FC), Via Cellaimo 2299, VAT no.: 04468560406, who can be contacted in the manner indicated under "Contacts" (see art. 10).
- Categories of Personal Data processed
This website collects the following categories of personal data, either independently or through the intervention of third parties:
- Browsing/usage dataInformation collected during the user's visit to the Website (e.g. IP address, URI notation addresses, browsing history, information relating to interactions with the site, information relating to the user's computer environment, browser type and language, operating system, location, date and time of the request). This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified;
- Cookies: Cookies are small text files that the sites you visit send and store on your computer or mobile device, to be transmitted back to the same sites the next time you visit. For further information, the interested party may consult the "Cookie Policy".
- Data voluntarily communicated by the userpersonal information voluntarily provided by the user through specific forms on the Website (e.g. registration/log-in, personal area, billing/shipping details, shopping cart/check-out, payment, contact, request info, work with us, etc.). Such information may include, by way of example: identification data (first name, last name, etc.), contact data (e-mail, telephone, mobile phone), billing and shipping data (shipping address, address of residence/registered office, C.F./VAT number, etc.), employment data and special categories of personal data (any personal information, including special categories of personal data pursuant to Art. 9 GDPR, voluntarily communicated by the Data Subjects through the field dedicated to sending a free message). With reference to these hypotheses, the Data Controller invites the interested party to never enter, except in cases of absolute necessity, information that may fall within the category of special categories of personal data under Article 9 of the Regulation " [...] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data concerning the health or sex life or sexual orientation of the person". In the event of communication by the data subject of particular categories of personal data pursuant to Art. 9 GDPR, the sending of the message containing such information will be equated to explicit consent to the processing of personal data pursuant to Art. 6 (1)(a) - 9 (2)(a).
The User assumes responsibility for the Personal Data of third parties communicated, published or disseminated through this Website and warrants that he/she has the right to communicate, publish or disseminate them, releasing the Owner from any liability towards third parties.
- Purpose of processing
The Controller uses the Personal Data collected through this Website for the following purposes:
- Service Provisionresponding to requests for information received via the Web Site; evaluating applications and proposals for collaboration; providing content and services covered by the Web Site; sending the user notifications and updates relating to the service requested/purchased.
- Payment: Manage the contractual relationship with Users from an economic point of view;
- Invoicing: Manage the contractual relationship with Users from a fiscal point of view;
- Security assurance, abuse and fraud prevention, debuggingMonitor and prevent fraudulent activities and ensure that systems and processes function properly and securely.
- Statistical analysisEvaluate the performance and effectiveness of the ads displayed by the user or with which the user interacts; evaluate the performance and effectiveness of the content displayed by the user or with which the user interacts; conduct market research to learn more about the audience that visits the Website and views the ads presented; refine existing systems and software; and develop new services and products.
- Basic Ads: presentation of "basic advertisements"shown on the basis of generic and impersonal characteristics (e.g. content viewed by the user, app used, approximate location, type of device used).
- Direct Marketing: To send the user newsletters and other communications of a commercial nature by e-mail and other traditional communication systems;
- Profiling and customised ads/contentAutomated creation of a profile based on the user's interests, preferences, habits and behaviour; presentation of "customised content"shown on the basis of the user's profile; presentation of "customised advertisements"shown on the basis of the user's profile.
- Judicial protection: guaranteeing the holder the right to protect or exercise a right in court.
- Legal obligationto comply with a legal obligation to which the Controller is subject.
- Disclosure of data to third partiesTransmission of personal data to other autonomous Data Controllers to whom such communication is necessary for the provision of the service requested by the data subject (e.g. third-party vendors and/or drop-shipping, couriers, etc.).
- Soft spamto send the user commercial communications, by e-mail, concerning services/products of the Controller, corresponding and/or similar to those previously purchased.
- Legal bases for processing
In pursuit of the above-mentioned purposes, the Data Controller processes personal data on the basis of the following legal bases:
- Contract/Pre-contractual measures: processing of Personal Data for the purposes referred to in points 3(a), 3(b), 3(k) is based on Article 6 (1) (b) of the Regulation ("[...].processing is necessary for the performance of a contract of which the person concerned is party or the execution of pre-contractual measures adopted at its request');
- Consent of the person concerned: processing of Personal Data for the purposes referred to in points 3(e), 3(g), 3(h)It is based on Article 6 (1) (a) of the Regulation ("[...].the person concerned has expressed the consent the processing of their personal data for one or more specific purposes'.).
The consent given by the user is free and optional and does not affect the use of further contents and services of the Website. The consent given is always revocable through the specific cookie/consent preference selection form, or by contacting the Controller at the contact details indicated in the [Controller's contact details] section;
- Legitimate Interest of the Holder: processing of Personal Data for the purposes referred to in points 3(d), 3(f), 3(i), 3(l)It is based on Article 6 (1) (f) of the Regulation ("[...]. processing is necessary for the pursuit of the legitimate interest of the data controller or of third parties'.);
- Legal Obligation: the processing of Personal Data for the purpose referred to in point 3(c), (j)It is based on Article 6 (1) (c) of the Regulation: ("[...]. the processing is necessary for compliance with a legal obligation to which the data controller is subject").
- Treatment modalities
The processing is carried out using manual and/or automatic methods, including through the use of computer and telematic technologies (e.g. CRM, management software, messaging services such as WhatsApp, mailing list services), subject to the application of technical and organisational security measures suitable to guarantee security, integrity and confidentiality, so as to minimise the risks of destruction or loss, unauthorised access, modification and unauthorised disclosure in compliance with the methods set out in Article 32 of the GDPR.
- Transfer of Personal Data outside the EU/EEA
The Controller does not intend to transfer Personal Data outside the European Economic Area. If, however, in order to meet organisational/production requirements, the need should arise, guarantee measures will be adopted for the transfer of Personal Data to a third country, which, depending on the case, may be: verification of the existence of adequacy decisions by the European Commission, signing of standard contractual clauses and/or binding corporate regulations, verification of the adoption of any additional measures in implementation of EDPB Recommendation 01/2020, adherence to the EU - U.S. Data Privacy Framework.
- Storage periods
The Data Controller retains Personal Data only for the periods of time necessary to pursue the purposes set out in this document, i.e. for the periods of time required by specific regulations.
In particular:
- The Personal Data processed for the purpose of "Service provision"will be retained for a period not exceeding 10 years;
- The Personal Data processed for 'Payment' and 'Billing' purposes will be kept for a period not exceeding 10 years, as provided for in Article 2220 of the Civil Code.
- Personal Data retained for the purpose of fulfilling a 'Legal Obligation' will be retained for the period provided for by the specific regulations to which the Data Controller is subject.
- Personal Data processed for Direct Marketing and/or Soft Spam purposes will be retained for a period not exceeding 2 years, i.e. until the data subject withdraws consent to processing and/or objects to processing.
- The persistence duration of individual cookies is stated in the 'Cookie Policy';
- This is without prejudice, in any case, to the possibility for the Controller to store Personal Data for the period of time provided for and permitted by Italian law for the purposes of the 'Judicial protection"of its interests (arts. 2946 and 2947 c1, c.3 Civil Code).
After these retention periods, Personal Data will be deleted or anonymised, unless held for further purposes under appropriate legal bases.
- Recipients
The Personal Data collected by the Data Controller may be communicated or made accessible, for the performance of the above-mentioned purposes, to the following categories of persons:
- Employees and collaborators who assist the Controller in processing operations, subject to express authorisation to process and possible signing of confidentiality agreements;
- Subjects that provide out sourcing services on behalf of the Data Controller, in their capacity as Data Processors: IT and/or cloud service providers, payment gateways (e.g. PayPal, Satispay, Stripe), messaging services (e.g. WhatsApp), freelancers, companies or professional firms that provide assistance and consultancy services to the Data Controller, or subjects delegated to carry out hosting and technical maintenance activities, including maintenance of software, network equipment and electronic communication networks;
- Autonomous data controllers to whom the communication of data is necessary for the provision of the service requested by the data subject (e.g. couriers and other shipping services, third-party vendors, drop-shipping).
- Autonomous data controllers in the pursuit of their own purposes, subject to the consent of the data subject;
- Public authorities, where such communication is required by law.
- Rights of the Data Subject
At any time, the data subject may access the information concerning him/her and request its rectification, erasure, restriction of processing, and portability. He/she may also object in whole or in part to the processing and have the right not to be subject to an automated decision-making process concerning natural persons, including profiling.
In order to exercise the rights referred to in Articles 15-22 of the GDPR, the Data Subject may contact the Data Controller in the ways indicated in the 'Contact Us' section (see Article 10). The Data Controller is obliged within 1 month to give a reply to the request, or to notify any delay in replying in the case of numerous and/or complex requests (the extension may not in any case exceed 2 months). In any case, the Data Subject always has the right to lodge a complaint with the competent Control Authority (Garante per la Protezione dei Dati Personali), pursuant to Art. 77 of the Regulation, if he/she considers that the processing of his/her Personal Data is contrary to the legislation in force.
- Contact
For further information on the processing of Personal Data carried out in the performance of the contract, or to make a request to exercise your rights, you can contact the Controller by e-mail: info@designstaging.it