Policy on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679
in accordance with the provisions of current legislation, we wish to provide you with information regarding the processing of your personal data in relation to registration on our site/APP and any purchase of products/services.
1. The Data Controller and contact details of the DPO
The Data Controller of your personal data is Ventis S.r.l. with registered office in Rimini, via Marecchiese n. 275/C, Tax Code and VAT number 06853120969, R.E.A.: MI-1919156 (hereinafter, for brevity, “Society”).
DPO (Data Protection Officer): figure expressly provided for by EU Regulation 2016/679 (hereinafter, for brevity, “GDPR”) that you can contact to request explanations regarding this Policy or to exercise the rights provided for by the legislation on the protection of personal data.
DPO contact details:
- via email: firstname.lastname@example.org
- by ordinary mail: Ventis — DPO office, via Marecchiese 275/C, 47922 Rimini.
For any communication, it is necessary to report your contact details in the request, which are essential to be able to identify and contact you.
2. Categories of personal data and processing methods
For registering on our site/APP and accessing the related services (receiving commercial communications, after issuing the Your specific consent) it is necessary to provide the e-mail address and gender (with the exception of iOS); if the user wishes, the mobile number can also be provided. To proceed with the purchase of goods/services, on the other hand, it is necessary to provide personal and contact data (name, surname, telephone, address, etc.) and data necessary for payment by credit card and invoicing (card data, C.F., etc.). In the absence of such data, the Company would not be able to provide the services requested. In some cases, such as assistance or requests for returns, the Company may request one or more images that prove the status of the goods. These images must contain only the goods and it will be the user's responsibility to verify that people do not appear in the images. The Company reserves the right to delete inappropriate and out of context photos.
The personal data used to register on the site/app are acquired directly from you, unless you expressly request registration through online services and social networks (e.g. Facebook and Google) at the first access, or for subsequent logins, if it is already registered; in this case the data will be acquired by the latter and therefore this information is also provided pursuant to and for the purposes of art. 14 of the GDPR.
In the event that you should provide us with personal data of third parties (e.g. in case of indication of the details and address of another person to whom to deliver the goods purchased), it will be your responsibility to inform the latter about the processing of their data in accordance with this information which, even for this purpose, is made pursuant to and for the effects of the &rsquo ; art. 14 of the GDPR.
The processing of personal data takes place with procedures and measures suitable to protect security, in terms of integrity, confidentiality and accessibility, in compliance with the provisions of applicable legislation on personal data protection.
The Company will process your data on paper and through the use of electronic tools.
3. Purpose and legal basis of processing
The Company processes your personal data for the following purposes:
a) Provision of services and execution of contracts
The provision of data for registration on the site/APP is necessary as refusal would make it impossible for the Company to provide the purchase service goods/services.
In the same way and for the same reasons, the provision of data is necessary for the completion and execution of any goods/ser purchase contractsdefects as well as to be able to provide the call center service; failure to provide it, in fact, would make it impossible both to complete the purchase and the fulfillment of the related obligations contractual and the possibility to provide you with the assistance service.
In both cases, therefore, the legal basis for the processing is represented by the need to perform a contract or pre-contractual measures and it is not necessary to give any consent.
b) Fulfilment of regulatory obligations
The processing of data to comply with regulatory obligations is mandatory and, therefore, does not require any consent; the need for fulfilling a legal obligation is the legal basis for the processing. In particular, by way of example, think of the obligations under the tax legislation.
c) Development and sale of products and services
Personal data may be used — upon giving your consent — to: advertising material, carrying out surveys and market research as well as direct sales and commercial communications relating to the products or services of the Company and other third-party companies that have commercial agreements with the Company, with traditional contact methods (such as paper mail and telephone calls with an operator) and automated (such as SMS, MMS, fax, telephone calls automated, e-mail, PEC, messages through computer channels, networks and web applications).
For these purposes, the Company may avail itself of the collaboration of external parties and specialized companies of its trust, which may process some user data.
The use of data for the aforementioned purposes requires the consent of the interested party and does not affect the proper performance of the services, but serves to improve them and update the user on products, services and offers of possible interest. The legal basis for the processing, therefore, is the consent in the absence of which the Company will not be able to use the data for the purposes described above.
In each commercial communication, as well as on the site/app, the easy-to-understand and free methods for withdrawing consent will be indicated. When the request has been processed, the Company will only transmit the communications necessary to meet the contractually planned services.
The company may process, electronically, upon issuing your specific consent, personal data (for example, data relating to purchases made, on the pages visit, to the products/services added to the cart) for the analysis of user behavior and preferences to be used for commercial purposes for the identification and offer of products and services of his interest.
The Company, however, may use — without the need for any consent — the e-mail details provided by the user in the context of the sale of a product or a service for the purpose of selling products/services similar to those for which the data were provided (so-called soft spam). The legal basis for the processing is represented by the legitimate interest of the data controller (the Company), who has legitimately obtained the electronic coordinates of its customers, to continue to use them for commercial purposes. In the event that the user does not wish to receive such communications, he can initially object and to any subsequent message, by sending a request to the addresses indicated in paragraph no. 1 of the this information.
d) Satisfying a legitimate interest of the Company
For some specific purposes, the legal basis for the processing is represented by the need to satisfy a legitimate interest of the Company. In particular, the following purposes fall into this category:
- to document the transactions executed and the orders received by the user;
- to manage the technological infrastructures and organisational through which it is possible to provide products, provide services and apply security measures;
- carry out analyses for the purpose of preventing fraud risks;
- establish aggregate statistics, tests and models in order to improve existing products and services or create new ones
- ; administrative-accounting purposes;
- products/services of the Company similar to those already being sold, using the e-mail coordinates provided by the user in the context of thethe previous sale of a product or service (so-called soft spam), without prejudice to the possibility of opposing and no longer receiving such communications;
- improve the quality of products or services offered, study new ones, through the creation of aggregated profiles, starting from the data available on users, defined according to broad categories such as, for example, the city of residence.
e) Other purposes for which consent is required
For processing further than those described in this statement, it will be from time to time provided the Information, and requested to express your consent where this will constitute the legal basis adopted.
4. Categories of data recipients
The data may be communicated and processed by specialized companies that are entrusted with technical and organizational tasks necessary for management of relationships with users — such as IT service managers, marketing and document archiving services, administrative-accounting services, audit services and consultancy services in general, control services, etc. — which perform the function of “responsible” of data processing, or operate in total autonomy as separate “owners” of the treatment.
The data may also be communicated to those subjects to whom this communication must be made in fulfillment of an obligation established by law, by a regulation or by community legislation.
data transfer The user's personal data may be transferred to third countries with respect to the European Union under one of the following conditions: whether it is or third country deemed appropriate pursuant to art. 45 of EU Regulation 2016/679 or of the country for which the Company provides adequate or appropriate guarantees regarding data protection pursuant to art. 46 and 47 of the aforementioned Regulation EU and always provided that the interested parties have enforceable rights and effective remedies, or that one or more of the derogations pursuant to Article 49 of the aforementioned are applicable from time to time EU Regulation paragraph 1 letters a) - g).
6. Personal data retention period
The Company retains your data until any request for deletion; in this case, the deletion will take place within 30 days from request, unless there is a different retention period (for example in the case of litigation or to fulfill a legal obligation such as tax) that may be less or more than said term; in particular, the billing data will be kept for a period of 10 years starting from the date of the last acquisition made. In any case, the data will be kept for a period of time not exceeding the achievement of the purposes for which they are processed. During this period, however, technical and organizational measures will be implemented appropriate to protect the rights and freedoms of the data subject.
7. Rights of the data subject
The privacy legislation gives the data subject certain rights regarding the use of data concerning him:
- Access: the user has the right to know, at any time, what his data is held by the Company, where they come from, how and by whom they are used;
- Rectification, Limitation, Cancellation and Objection: the user has the right to have the data updated, supplemented and corrected, if inaccurate or incomplete, as well as the right to request its cancellation or limitation of processing; and to object to their processing for legitimate reasons; moreover, with reference to direct marketing activity, the user has the right to object to the processing of data at any time personal concerning him/her — including related profiling — carried out for this purpose;
- Withdrawal of consent: the user has the right to withdraw consent to the processing, where requested and provided, without this affecting the lawfulness of processing prior to the revocation.
- Portability: the user has the right to receive his/her personal data in a structured, commonly used and machine-readable format and has the right to transmit such data to another owner, under the conditions and within the limits established by law; in such cases, the user, if technically possible, has the right to obtain the direct transmission of the data.
These rights can be exercised by the user saytowards the Company, the Data Controller, addressing any requests to the DPO at the addresses and in the manner indicated in paragraph 1 of this reference agency/branch information.
You also have the right to lodge a complaint with the Data Protection Authority of the Member State where you reside, work or have occurred alleged violation.
The exercise of rights is not subject to any form constraint and is free of charge, except in the cases provided for by the legislation in which the Company may establish the amount of any expense contribution to be requested.
8. Deletion of data
The requests of data removal can be done:
- by email: email@example.com
- by ordinary mail: Ventis — DPO office, via Marecchiese 275/C, 47922 Rimini.
Requests will be processed within 30 days from the date of receipt if there are no storage obligations by Ventis.
9. Change Consent
You can change the consent to the processing of your data for marketing purposes at any time through the following methods:
- • By clicking on the link at the bottom of the commercial communication email
- • By accessing the “Edit consents” section of your area user and changing </div choices