NOTICE ON THE PROCESSING OF PERSONAL DATA OF USERS WHO VISIT THE DIEMMEBI SPA WEBSITE PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679
According to Regulation (EU) No. 679 of 2016 (GDPR) this page describes the methods for processing the personal data of users (identified or identifiable natural persons, and therefore “data subjects” pursuant to the aforementioned Regulation) who visit the Diemmebi Spa website, which may be accessed online at www.diemmebi.com
It is hereby clarified that the information referred to in this notice is provided only for the Diemmebi Spa website and therefore does not concern other websites, pages, or online services that may be reached through hypertext links published on the site but referred to resources outside Diemmebi Spa.
In addition to the processing of personal data provided through the Diemmebi Spa website, this notice is instead intended also for the information provided to it through the email address [email protected] or any other business address.
2. DATA CONTROLLER
3. TYPES OF DATA PROCESSEDBrowsing data
During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data of users whose transmission is involved in the use of Internet communication protocols. Every time a user visits this site and every time they click on its links, the access data is stored by us (and also by the data supervisor) in the form of a protocol file, and each protocol file consists of: website from which our page has been accessed; user's IP address; date and time of access; client request; http response code; amount of data transmitted; browser and operating system used. Therefore, the personal data of the users collected during their browsing on the site include the IP addresses or domain names of the computers and devices used by users, the URI/URL addresses (Uniform Resource Identifier/Locator) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.Data disclosed by the user
- The user of the website has the possibility to send to the Company (by completing and submitting the form on the website at the following link: http://www.diemmebi.com/diemmebi_it/contatti.html) their personal data: sending these data involves the subsequent acquisition by the Company of the sender's email address, which is necessary to respond to any requests, as well as any other personal data included in the communications.
- With regard to the online sales service, when registering online for the creation of an account, the user/customer provides identification data that are acquired by the Company for the provision of the requested service. (In this regard, it should be noted that there is more information on the processing of customer personal data available in the Customer Information section at the following link: http://www.diemmebi.com/diemmebi_it/privacy-policy-terms.html)
No cookies are used on the website www.diemmebi.com for profiling users or using other tracking methods. Instead we use technical cookies, i.e. small text files that are saved locally in the temporary files of the user's browser - and therefore in their computer - to improve the website browsing experience. For more information about our cookies and those of third parties hosted on our site, please see the cookies policy by clicking here.
4. PURPOSE OF THE PROCESSING AND LEGAL BASISBrowsing data: the protocol files and the data contained therein are processed by us to:
- allow users to use the web services (legal basis according to letter b of paragraph 1 of Article 6 of Regulation (EU) 679/2016);
- obtain statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.) as well as checking the correct functioning of the website and protecting our systems, for example identifying any attacks (referred to in letter f of paragraph 1 of Article 6 of Regulation (EU) 679/2016);
- to be able to process and respond to user requests sent by completing and sending the form at: http://www.diemmebi.com/diemmebi_it/contatti.html. In this case the legal basis of the processing is established by the user’s wish to execute a requested action (letter b of paragraph 1 of Article 6 of Regulation (EU) 679/2016);
- to be able to carry out all the operations related to and deriving from online sales, in particular the fulfilment of the order sent by the Customer; in this case the legal basis is set forth by the execution of a contract where the user/data subject is a party (letter b of paragraph 1 of Article 6 of Regulation (EU) 679/2016);
- if (when completing the "Contact us" section or registering for the creation of the account on the online store) the user has provided consent to receive our newsletter and/or for marketing activities, the user data (and in particular their email address) will be used for sending the newsletter and/or other commercial material containing information on products, campaigns, and the latest news; in this case the legal basis of the processing is established by the consent provided by the user (letter a of paragraph 1 of Art. 6 of Reg. EU 679/2016).
- Cookies and other tracking systems. The legal basis of the processing, as far as third-party cookies are concerned, is established by consent: by closing the banner, scrolling the page where it is present, or clicking any element of it you provide consent to the use of these cookies. As regards the purposes of the processing of cookies, please refer to the other information in the cookies policy, by clicking here.
5. OPTIONAL PROVISION OF DATA
Data voluntarily and expressly communicated by Users for one or more of the purposes referred to in point 4 letters c, d, and e are provided by Users on an absolutely optional basis; failure to communicate the aforementioned data will have the sole consequence of being unable to fulfil the specific purpose (the Company's response to the Users' requests; registration on the online store for account creation; receiving the newsletter or other commercial material).
6. DATA STORAGE
- Browsing data: the browsing data does not persist for more than seven days and is deleted immediately after their aggregation (except for any need to investigate crimes by the Judiciary).
- • Data communicated by the user: regarding the personal data provided voluntarily and explicitly by website users processed:
- to be able to process and respond to user requests sent by completing and sending the form at: http://www.diemmebi.com/diemmebi_it/contatti.html; in this case the data will be kept for as long as necessary to provide the requested service; they will then be kept for a further period of three years, without prejudice to further data storage if this is necessary to fulfil a legal obligation or to establish, exercise, or defend a right in court;
- to be able to carry out all the operations related to online sales: in this case the data will be kept for the period in which the account created by the user will be active through the registration made by themselves; for the registered user it will be possible at any time to proceed with the elimination of the account without prejudice to the storage of their data by Diemmebi Spa for a period of ten years starting from the payment of the last order, without prejudice to any further data storage if this is necessary to fulfil a legal obligation or to establish, exercise, or defend a right in court;
- the data provided to receive the newsletter/other commercial material will be used to provide the requested service exclusively for the period in which it will be active, without prejudice to the right to revoke the consent at any time (without thereby compromising legality based on the consent provided before the revocation). To stop receiving the newsletter, please contact the company.
- Cookies and other tracking systems, the storage of session cookies in devices or browsers is under the user's control; on the servers, at the end of the HTTP sessions, information relating to cookies remains recorded in the service logs, with storage times not exceeding seven days, in the same way as other browsing data.
For more information, please see the cookies policy by clicking here.
7. DATA RECIPIENTSData Supervisors
The recipient of the data collected after visiting www.diemmebi.com is the person appointed by the Company, pursuant to Art. 28 of the Regulation, as Data Supervisor, i.e. the provider of development and maintenance services for the website platform.
With regard to the online store, in the event of the purchase of products from our company, the user/customer data may also be known by the Data Supervisors mentioned in the Customer Information available here.
With regard to newsletters and commercial communications, these will be sent using the Mailchimp platform. The provision of this service involves the processing of personal data on behalf of the Data Controller and requires the necessary appointment of the owner of this platform as an automated marketing system provider.Data processors
The personal data collected are also processed by the Company's staff who act on the basis of specific instructions provided for the purposes and methods of the processing ( data processors or "persons authorised to process data").
8. RIGHTS OF THE DATA SUBJECTS
The Data Subjects have the right to obtain from the Company, in the cases provided, access to personal data and their correction or deletion or the limitation of the processing that concerns them, or to oppose the processing (Articles 15 and following of the Regulation). The application may be submitted by contacting the Company at the following addresses: email: [email protected]; certified email address: [email protected]; Tel +39 0438 912433
It is also recalled that the data subjects who consider that the processing of personal data referring to them and carried out through this site is in violation of the provisions of the Regulation have the right to file a complaint with the Italian Data Protection Authority, as required by Art. 77 of the Regulation, or to file the corresponding legal actions (Article 79 of the Regulation).
9. DISCLOSURE OF SENSITIVE DATA (PARTICULAR)
Diemmebi Spa invites users not to disclose information that may fall under specific personal data categories referred to in Art. 9 of the GDPR (e.g. data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, sexual orientation, biometric data or health status data).
10. DISCLOSURE OF DATA RELATED TO THIRD PARTIES
In the event that Diemmebi Spa discloses data that it does not own but belong to third parties, the user acts as an autonomous Data Controller, assuming all legal obligations and responsibilities and undertakes to release Diemmebi Spa from any claim, or request for compensation for damages that it may receive from any third parties, whose personal data have been processed in violation of the rules on the protection of applicable personal data. In any case, if the user provides personal data from third parties, it guarantees from now on that this particular processing is based on the prior knowledge of the notice and on the prior consent of the third party to the processing of information concerning them.
12. TRANSFERRING DATA OVERSEAS
If the Controller, in order to provide the service, deems it necessary to transfer personal data which is subject to processing outside of the EU (the term “transfer outside of the European Union” is also understood to mean the use of services such as, purely by way of example, hosting, cloud and storage services, based on data storage systems located in countries outside of the EU), the Controller commits to adopt guarantees to make the transfer secure and to ensure that processing complies with the requirements of the Regulation despite it being done in a non-EU country (adequacy decisions, contractual clauses, consent, etc.)
"This advisory note is applicable to, in addition to processing personal data supplied through the Diemmebi Spa website, any data which has been provided to the company via email to [email protected] or via another company email address or by the User sending private messages to the company’s profiles/pages on social media"