Welcome to the website of Duvetica International s.r.l., present at the URL www.duvetica.com (hereinafter the "Site").
At each access to the Site, even regardless of the purchase of the Products, information and personal data concerning you are collected. For this reason, in accordance with the provisions of European Regulation no. 2016/679 (the "Regulation") and the applicable national legislation, this document was created in order to describe which personal data are collected, the purposes and methods of their processing and the security measures that are adopted to protect them. The Regulation guarantees that the processing of personal data is carried out in compliance with fundamental rights and freedoms, as well as respecting the dignity of the interested party, with particular reference to confidentiality and personal identity.
1. Data controller
Duvetica International s.r.l., with registered office in Via Nino Bixio n. 7 20129 Milano (MI), Italy (hereinafter "DUVETICA" or the "COMPANY" or the "Owner") is the independent owner of the processing of personal data of users who surf the Site. The owner can be contacted by sending a communication to the following address: email@example.com.
The Company has appointed Triboo Digitale s.r.l., with registered office in Viale Sarca, 336, 20126 Milan, Italy, as data controller, limited to the sale of products through the Site. The manager can be contacted by sending a communication to the following address: firstname.lastname@example.org.
2. The personal data being processed and the purpose of the processing
We inform you that as a result of browsing the site, different types of personal data will be collected and processed, for different purposes and in different ways. Your personal data may be collected both because they are voluntarily provided by you and automatically when using the Site.
The personal data processed through the Site and the purposes of their treatment are as follows:
(ii) personal data provided voluntarily by the user (name and surname, telephone number, e-mail address, date of birth, country of residence, shipping and billing address, password provided by filling in the form registration etc.), or otherwise conferred during the use of the Site and/or through the interaction with customer care and processed to meet the user's requests and offer the services, assistance and information requested about the products for sale on the Site and more generally for the management of customer relations;
(iii) the personal data provided by the user as part of the product purchase processes on the Site for the conclusion of transactions, for the functional and instrumental activities for the sale and more generally for the management of orders as well as for any necessary pre-assistance and after-sales;
(iv) personal, personal and contact data, processed by the Company - with express consent - for purposes of promotion and advertising, i.e. to send the user (via newsletter, e-mail, sms, mms and smart messages, push notifications, banners, telephone, the Company's official social media pages) information and updates on products, sales, promotional campaigns, events and other initiatives promoted by the Company or its commercial partners;
(v) personal data relating to the purchases made and the preferences expressed through the Site - processed by the Company with the express consent of the user - for purposes of analysing consumer habits, whishlists, browsing, in order to make products, initiatives and the individual commercial proposals that best meet the tastes and needs of the users of the Site;
(vi) personal and contact data communicated by the Company - with express consent - to third parties belonging to the Fashion categories for their own marketing activities.
3. Legal reference for processing
The legal references used to process your personal data, according to the purposes indicated in the previous article 2, are as follows:
b) the fulfilment of the sales contract and the obligation to fulfil the pre and post contractual obligations, for all the activities referred to in point (iii) of article 2 above;
c) the consent provided by the user for the purposes referred to in points (iv), (v) and (vi);
4. Sources of personal data
The personal data collected are provided directly by the user (through registration on the Site or as part of the sales process), except for the navigation data referred to in point 2 (i) above, for the data collected in the event of registration and access via social profile, as indicated in point 2 (ii) above and for the sales data referred to in point 2 (v) above.
5. Methods of processing personal data
6. Compulsory or optional provision of data
The provision of personal data, in particular master data, e-mail address, postal address, telephone number and bank details (in case of payments by credit card) is necessary with regard to the conclusion of the contract to purchase products through the Site. In case of failure to provide, therefore, it may be impossible to complete the purchase through the Site. Some of the aforementioned personal data may be necessary for the supply of other services rendered on the Site and related to the sale (pre and post-sale services) or to fulfil obligations deriving from laws or regulations (for example tax and regulatory obligations ). Failure to transmit data may therefore constitute a legitimate reason not to execute the contract for the purchase of products on the Site and/or the supply of the services connected to it.
7. Recipients of personal data
The personal data of users of the Site, within the limits permitted by law and in accordance with what is indicated below, may be shared with the following subjects:
- subjects with whom it is necessary to interact for the provision of technical and organizational services connected to the Site (for example logistics services, IT services, customer care services and marketing services);
- subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communications networks);
- persons authorized to process personal data necessary to carry out activities strictly related to the internal organization of company activities (e.g. .employees of the Data Controller);
- companies of the
- third parties in order to execute the contract for the purchase of products on the Site (e.g. credit institutions for the execution of remote electronic payment services by credit / debit card).
8. Data storage period
We keep your personal data for a limited period of time, which differs depending on the type of activity that involves the processing of your personal data. After this period, your data will be permanently deleted or irreversibly anonymous.
Your personal data is stored are compliance with the terms specified below:
- The data provided by the user to request assistance, information and feedback are kept for the time necessary to satisfy the requested feedback and any subsequent activity of any further iteration with the customer necessary to fully manage the request and / problem.
- The personal data provided for marketing and profiling purposes are kept for the period necessary for the specific processing and up to a maximum of 7 years, also in consideration of the interest shown by the customer to receive updates on products.
9. Rights of the user regarding his personal data
At any time the user can exercise the rights provided for by the legislation on the processing of personal data.
Below are the rights that the law guarantees to the user:
- Right of access: it is the right to know if your personal data is being processed and, if this is confirmed, to obtain a copy of such data and be informed about: the origin of the data; the categories of personal data processed; the recipients of the data; the purposes of the processing; the existence of an automated decision-making process, including profiling; the data retention period; the rights provided for by the Regulations.
- Right of rectification: it is the right to obtain the rectification of one's data or to integrate data that are incomplete. We remind you that when the user communicates his data to use our services, he guarantees their truthfulness and accuracy.
- Right of deletion: it is the right to request the deletion of personal data if they are no longer necessary for the purpose for which they were collected or if we are no longer authorized to process them.
- Right to limitation of processing: it is the right to obtain the limitation of processing in the following cases:
b) when we are not authorized to process personal data and, instead of deleting them, the user requests us to limit their use;
c) if the data we have - even if they are no longer necessary for us for the purposes for which they were collected - are necessary for the user to ascertain, exercise or defend a right in court;
d) when the user has opposed a processing based on our legitimate interest. Pending verification of the prevalence of our legitimate reasons with respect to those belonging to the user as an interested party, the latter may request the limitation of processing.
Right to data portability: in the event that we process personal data on the basis of the user's consent or in execution of a contract, or the processing is carried out by automated means, the user can exercise the right to data portability. You may therefore receive the personal data you have communicated in a structured format, commonly used and readable by an automatic device. You may also request to transmit your data directly to another company, provided that this is technically possible.
Right to object: it is the right to object at any time to the processing of your personal data based on our legitimate interest, including profiling.
The rights listed above can be exercised by contacting the Data Controller, by writing to email@example.com.
We also wish to inform the user that, should he believe that the processing of personal data concerning him is carried out in contrast with the provisions of EU Regulation 2016/679, he has the right to lodge a complaint with the competent supervisory authority on data protection. (Guarantor Authority for the Protection of Personal Data).