Information on the processing of personal data of website users Articles 13 and 14 of Regulation 2016/679 / EU (hereinafter also ``GDPR``)
WHY THIS INFORMATION
Pursuant to Legislative Decree No 196/2003 and (EU) Regulation 2016/679 (hereinafter “Regulation”), this page describes the methods of processing personal data of users who consult the website of Carrisiland Sas di Carrisi Francesco & C. electronically available at the following address: https://www.carrisiland.it We inform the user that, following this website consultation, data on identified or identifiable individuals may be processed. This information does not relate to other websites, pages or online services accessible via hypertext links
Identity of the Data Controller
The Data Controller is Carrisiland Sas di Carrisi Francesco & C., with registered office in Cellino San Marco (BR), via Berlinguer n. 41 – postcode 72020, (Email: info@lameridiana.it, PEC: edizionilameridiana@pec.it, Tel .: +39 0803971945).
Data source and type of data collected
Carrisiland Sas di Carrisi Francesco & C. collects personal data provided by users on a voluntary basis:
a) at the time of registration on the website or when the users perform a transaction through the website, in addition to other personal data involved in the processing of orders. The above data may include, but shall not be limited to, the following: Title, name and surname, company name, VAT number (if necessary), date of birth, gender, e-mail address, user name and password, shipping and billing address (including postal code, city and country), telephone and fax number, type and quantity of ordered products, order date, order fulfillment, date and time of the delivery, order value, currency, payment information (credit card number and expiration date), return requests or offers to the user.
b) related to the use of the website by the user, for example: IP address, displayed products or those into the shopping cart; if the user reaches the website through a redirect webpage, a link in a promotional e-mail or an ad on another website that redirects to Carrisiland Sas di Carrisi Francesco & C. website, the company can also collect information from the redirect webpage, promotional e–mails or targeted ads together with the user’s IP address to analyze the effectiveness of marketing operations (“usage data”).
c) when sending a message using the forms provided for the contact request, i.e. the contact addresses on the site https://www.carrisiland.it The optional and voluntary sending of messages to the contact addresses and also the compilation and the submission of website forms, entail the acquisition of the sender’s contact data, necessary to provide feedback, as well as all the personal data included in the notices. The data provided will be used with IT and electronic devices for the sole purpose of providing the requested service and, for this reason, they will be kept exclusively for the period in which it will be active.
Purpose of the processing
Depending on the type of processing to be put in place, the Data Controller uses:
1) Transaction data to process and fill orders, manage payments, communicate with the user about the order, manage returns, provide customer support and allow the withdrawal of products. They will also be used to acquire pre-contractual data and information; exchange information for the contractual relation performance, including pre and post contractual activities; make requests or fulfill received ones; manage accounting and tax obligations.
2) to provide feedback on any communication, user requests for information and/or services through the appropriate forms or using the address (s) in the contacts section;
3) Finally, the data will be used to manage and control risks, to prevent possible fraud, insolvency or default; prevent and manage possible controversy, take legal action if necessary
Legal basis for processing
With reference to the above mentioned purposes, their legal basis is:
1) the need to perform a contract whose data subject is party or pre-contractual measures that are in response to the data subject’s request;
2) the need to perform a contract whose data subject is party or pre-contractual measures that are in response to the data subject’s request
3) the need to pursue the legitimate interest of the Data Controller (in particular with regard to the prevention of fraud and insolvency).
Cookies and other tracking systems
In order to make our services as efficient as possible and easy to use, this site uses cookies. Therefore, when visiting a website, a minimum amount of information is placed into the user’s device as small text files called “cookies”, then saved in the user’s web browser directory. There are different types of cookies, but basically the main purpose of a cookie is to make the website work more effectively and to enable certain features. Cookies are used to improve the user’s global navigation. For more information on the cookies used by this website, you can read the cookie policy at the following link.
Recipients of the data
The personal data processed by the Data Controller are neither disclosed nor notified to indeterminate subjects, in any possible form, including that of their availability or simple consultation. They may be communicated to the Data Controller’s employees, or to authorized parties that operate under the authority of the Data Controller. In this respect, Carrisiland Sas di Carrisi Francesco & C. has appointed third party service providers in connection with the operation of the website, such as hosting service providers, marketing services and websites providers, IT maintenance service, shipping services and VAT verification services providers, as well as service providers that allow the integration of other functions on the website
that the user can use at his discretion.
To these service providers, designated as Data Officer, only the personal data necessary to deliver the equivalent services are provided and they are not allowed to use or disclose the personal data of the data subjects for other purposes, without prior authorization of the data subject.
The data may also be communicated, as it is strictly necessary, to subjects instructed by the Data Controller that must provide goods and/or services for purposes of order fulfillment or other requests or services related to the transaction or the contractual relationship with the Data Controller.
Finally, the data may be communicated to the persons entitled to access it pursuant to legal provisions, regulations and Community legislation. In particular, on the basis of the roles and job duties performed, some workers have been entitled to process personal data, in view of their respective competences and in accordance with the instructions given by the Data Controller.
Data transfer
In no case does the Data Controller transfer personal data to third countries or international organizations. However, he reserves the right to use cloud services; in which case, the service providers will be selected among those who provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfill the stated purposes. Subsequently, personal data will be stored and not further processed for the time established by the current provisions on civil and fiscal matters.
In particular, they will be kept for the entire duration of their registration and no later than a maximum period of 12 (twelve) months of inactivity, or when, within this period, no services and/or no products are related the registration itself.
In the case of data provided to the Data Controller for profiling purpose, these will be kept for 12 months, subject to the withdrawal of consent.
In the case of data provided for purposes of commercial promotion and sending of newsletters for services other than those already acquired by the data subject for which he initially consented, these will be kept for 24 months, subject to the withdrawal of consent.
In the case of data provided to the Owner for the purposes of profiling, these will be kept for 12 months, subject to the withdrawal of consent.
It should also be added that, in the event that a user provides unsolicited or unnecessary personal data for the provision of the required service, or closely connected to it , to the Data Controller, Carrisiland Sas di Carrisi Francesco & C. cannot be considered as the effective Controller of these data and will delete them as soon as possible.
Rights of the data subject
In relation to the processing data referred to this privacy statement, the data subject is given the right to:
• ask the Data Controller for access to your personal data and information (GDPR Article 15); the correction of inaccurate data or the integration of incomplete data (GDPR Article 16); the erasure of personal data (upon the occurrence of one of the conditions mentioned in GDPR Article 17, paragraph 1 and in compliance with the exceptions provided for in paragraph 3 of the same article); the restriction of the processing of your personal data (upon the use of one of the hypotheses mentioned in GDPR Article 18, paragraph 1);
• request and obtain from the Data Controller – in the cases in which the legal basis for the is the contract or consent, and it is carried out by automated means – your personal data in a structured and machine-readable format, also for the purpose of communicate such data to another Data Controller (so-called right to the portability of personal data – GDPR Article 20);
• object to processing of your personal data to the occurrence of particular situations that affect you (GDPR Article 21) at any time;
The appropriate application is submitted by contacting the Data Controller by email address privacy@carrisiland.it or registered mail with advice of delivery to Cellino San Marco (BR), via Berlinguer n. 41 – postcode 72020. If the data subject considers that the processing of personal data is in violation of the Regulation terms, he can lodge a complaint with a supervisory authority (Authority for the protection of personal data – www.garanteprivacy.it), as provided for by GDPR Art. 77, or refer the matter to appropriate legal courts (GDPR Article 79).
Refusal to provide data
Data subjects cannot refuse to give the Data Controller the personal data necessary in order to comply with the laws that regulate commercial transactions and taxation.
The provision of further personal data may be necessary to improve the quality and efficiency of the transaction. Therefore, the refusal to provide the data required by law will prevent the fulfillment of orders. The additional data indicated in the paragraph “Data source and type of data collected” are provided on a voluntary basis; however, if the data subject decides not to provide the requested data, Carrisiland Sas di Carrisi Francesco & C. may not be able to provide the services, allow for the completion of the transaction through the website or process the order.
Automated decision-making
The Data Controller does not process automated decision-making data related to individuals