Personal data processing policy in accordance with art. 13 of Legislative Decree No. 196/2003 as well as with Regulation (EU) 679/2016
is understood to be provided for the www.dismero.com – www.dismero.it websites (from now on: “Website”);
is an integral part of the Website and services offered by us;
is provided in accordance with art. 13 of the Code as well as with art.13 of the Regulation to those who interact with the Web services of the Website, either by mere consultation or using specific services made available through the Website (by way of example, product purchase, online form filling out for the request of information or for subscription to the Newsletter service).
Processing of your personal data shall be based on principles of correctness, lawfulness, transparency, restriction of purposes and retention, minimization and accuracy, integrity and confidentiality as well as on the accountability principle under art. 5 of the Regulation. Therefore, your personal data shall be processed according to legal provisions of the Regulation and confidentiality obligations envisaged therein.
Personal data processing means any operation or set of operations carried out with or without automated processes and applied to personal data or sets of personal data such as collection, registration, organization, structuration, retention, adaptation or change, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.
TABLE OF CONTENTS
Data Controller and data protection officer
Personal data being processed
Data deliberately provided by the user
Third-party data deliberately provided by the user
Special data categories
Legal basis and mandatory or optional nature of the processing
Personal data recipients
Personal data transfer
Personal data retention
Data subject’s rights
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The data Controller is 3.0 Fashion s.r.l., Via Monte Pastello No. 5/D, 37057 - San Giovanni Lupatoto (VR), VAT No. 04469930236. The Data Protection Officer of 3.0 Fashion s.r.l. may be contacted at the head office of the data Controller at the above-mentioned address and by email to the address: firstname.lastname@example.org
2. PERSONAL DATA BEING PROCESSED
We inform you that the personal data being processed may consist of an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of your physical, physiological, mental, economic, cultural or social identity intended to make the data subject identified or identifiable depending on the type of required services (hereinafter “personal data” only).
Personal data processed through the Website:
a. Browsing data
IT systems and software procedures running the Website acquire some personal data during their current operation, whose transmission is implicit in use of Internet communication protocols. This information is not collected to be associated with identified data subjects, although by its nature this data could identify users through processing and grouping with data owned by third parties. Within this category of data are included IP addresses, or domain names of computers used by users who connect to the website, Uniform Resource Identifiers (URI) of the required resources, the time of request, the method used to submit the request to the server, the size of the file received in reply, the numeric code indicating the reply state given by the server (success, error, etc.) and other parameters related to the operating system and to the IT environment of the user. This data is only used to get anonymous statistical information related to use of the Website and to check its correct operation to detect irregularities and/or misuses; anyway, data is deleted immediately after its processing. The data may be used to ascertain any liability in the event of hypothetical cybercrimes to the detriment of the Website or third parties.
b. Data deliberately provided by the user
c. Third-party data deliberately provided by the user
While using the services of the Website third-party personal data you have notified to 3.0 Fashion s.r.l. could be processed (such as, for example, in case of purchase of products to be sent to third parties). In these cases, you act as independent data controller and you take on all legal obligations and liabilities. In this regard, you shall indemnify to the widest extent against any dispute, pretension, claim for damage arising from processing, etc. that the data Controller should receive from third parties, whose personal data has been processed while using the Website services in breach of the regulations on personal data protection in force. Anyway, if you provide or otherwise process third-party personal data while using the Website, you ensure as of now – assuming any relevant liability in this regard - that this special case of processing is based, where required, on prior acquisition by you of the third-party consent to processing of information which concerns him/her.
d. Cookies and other tracking technologies
Information on the cookies served by the Website is available on page Privacy & Cookies.
3. PROCESSING PURPOSES
Your personal data shall be processed, with your consent where required, for the following purposes, where applicable:
3.1. to enable Website browsing and provision of the services made available by the Controller including Website security management as well as the contractual, administrative and accounting relationships;
3.2. to meet specific requests addressed to the Controller, including the requests for Customer Care sent by filling out the form “Contact us”;
3.3. to comply with any obligations envisaged by laws, regulations or community standards in force, or to meet the requests from authorities;
3.4. to carry out direct marketing by email for products similar to those you purchased in accordance with art. 130, paragraph 4, of the Code, unless you explicitly refuse to receive such notices, refusal that you may express upon registration to the Website or on next occasions;
3.5. to send you promotional and marketing notices, including dispatch of newsletters and market research through automated tools (sms, mms, email, push notifications, fax) or otherwise (hardcopy mail, telephone with operator). We point out that the Controller collects a unique consent for marketing purposes described therein, in accordance with the General Measure of the Personal Data Protection Supervisor "Guidelines on marketing and against spam” dated July 4th, 2013; at any rate, if you want to object to processing of your data for marketing purposes performed with the means specified therein you may do so at any time by contacting the Controller at the addresses specified in the “Contacts” section of this policy without prejudice to the lawfulness of processing based on consent provided before its withdrawal;
3.6. to analyze your preferences, habits and consumption choices in order to send you notices and customized commercial proposals as well as to make general analyses for strategic orientation and commercial intelligence purposes;
3.7. for statistical purposes without being possible to go back to your identity.
We comply with specific security measures to prevent data loss, illicit or incorrect uses and unauthorized accesses.
4. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
The legal basis of personal data processing for the purposes under sections 3.1 and 3.2 is art. 6 (1) (b) of the Regulation ([…]processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract) since processing is required to provide services. Personal data provision for these purposes is optional but failure to provide data could make it impossible to activate the required services.
The purpose under section 3.3 is a lawful processing of personal data in accordance with art. 6 (1) (c) of the Regulation ([…]processing is necessary for compliance with a legal obligation to which the controller is subject). As a matter of fact, once personal data is provided processing is required to comply with legal obligations which the Controller is subject to.
Processing carried out for marketing, profiling and communication purposes to third-party Companies mentioned in sections 3.5, 3.6 and 3.7 is based on provision of your consent in accordance with art. 6 (1) (a) ([…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes) and art. 22 (2) (c) of the Regulation. Therefore, the provision of your personal data for these purposes is entirely optional and does not jeopardize enjoyment of the services. If you want to object to processing of your data for marketing, profiling or communication purposes you may do so at any time by contacting the Controller at the addresses mentioned in the “Contacts” section of this policy or, if available, through “privacy settings” in your Personal Area. For the purposes under item 3.4, we point out that if the Controller uses the email details provided by the data subject in the course of the sale of a product for direct sale of its own products or services, it may not require the data subject’s consent, in accordance with art. 130, paragraph 4, of the Code, provided that these are products similar to those covered by the sale and the data subject, after having been duly informed, does not refuse such use, in the beginning or on occasion of next communications. We also point out that processing under section 3.8 is not carried out for personal data and, consequently, it may be freely performed by the Controller.
5. PERSONAL DATA RECIPIENTS
5.1. subjects who usually act as data protection officers in accordance with art. 29 of the Code and 28 of the Regulation, viz.: i) persons, companies or professional offices that provide assistance and consulting activities to 3.0 Fashion in accounting, administrative, legal, tax and financial matters; ii) subjects deputed to carry out technical maintenance activities; iii) credit institutions, insurance companies and brokers;
5.2. subjects, entities or authorities to whom it is mandatory to notify your personal data by virtue of legal provisions or orders from authorities;
5.3. persons authorized by the Controller, in accordance with art. 30 of the Code and art. 29 of the Regulation, to process personal data in order to carry out activities strictly connected with provision of services, who have committed themselves to confidentiality or have a suitable legal confidentiality obligation.
These subjects are collectively hereinafter referred to as “Recipients”. The comprehensive list of data protection officers is available by sending a request in writing to the Controller to the addresses mentioned in the "Contacts" section of this policy.
6. PERSONAL DATA TRANSFER
Some of your personal data are shared with Recipients who could be located outside the European Economic Area. The Controller ensures that processing of your personal data by these Recipients is performed in compliance with articles 43 and 44 of the Code as well as with articles 44 - 49 of the Regulation. As a matter of fact, transfers may be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. More information is available by sending a request in writing to the Controller to the addresses mentioned in the “Contacts” section of this policy.
7. PERSONAL DATA RETENTION
Personal data processed for the purposes under sections 3.1 and 3.2 is retained for the time strictly necessary to achieve these purposes. Anyhow, since processing is carried out for the provision of services, the Controller shall retain personal data for the time period envisaged and permitted by Italian regulations to protect its own interests (Art. 2946 of the Civil Code et seq.).
Personal data processed for the purposes under section 3.3 shall be retained up to the time envisaged by the specific obligation or applicable law.
For the purposes under section 3.4, your personal data shall be processed as long as you did not object to the processing.
For the purposes under sections 3.5 and 3.6, your personal data shall be processed for a maximum time period of seven years starting from their registration pursuant to the provisions of the measure issued by the personal data protection Supervisor following a request of preliminary check in accordance with art. 17 of the Code put forward by the Controller. More information on the data retention period and criteria used to establish this period may be required by sending a request in writing to the Controller to the addresses mentioned in the “Contacts” section of this policy. Without prejudice, at any rate, to the possibility for the Controller to retain your personal data for the time period envisaged and permitted by the Italian law to protect its own interests (Art. 2947( 1 )( 3 ) of the Civil Code).
8. DATA SUBJECT’S RIGHTS
In accordance with art. 7 of the Code, you are entitled to obtain at any time confirmation of whether or not your personal data exists and to know its content and origin, to check its accuracy or ask its integration or updating, or rectification. You are entitled to ask deletion, transformation into an anonymous form or blocking of data processed in breach of law as well as to object in any way to its processing for legitimate reasons.
Starting May 25th, 2018 you are also entitled to ask to have access to your data, to object to its processing, to ask processing restriction in the cases envisaged by art. 18 of the Regulation, where technically possible, as well as to obtain data which concerns you in a structured, commonly used and machine-readable format in the cases envisaged by art. 20 of the Regulation.
The requests must be sent in writing to the Controller to the addresses mentioned in the “Contacts” section of this policy.
Anyway, you are always entitled to put forward a claim to the relevant supervising authority (Personal Data Protection Supervisor), in accordance with art. 77 of the Regulation if you deem that processing of your data infringes the existing regulations.
To exercise the above-mentioned rights or for any other request you may write to the data Controller to the aforesaid physical address or through the dedicated contact in the Website, preferably, by putting in the subject of the communication the wording “request for exercising privacy rights”