(updated to EU Reg. 2016/679 / European regulation on the protection of personal data)
Pursuant to Legislative Decree 30 June 2003, n. 196 and subsequent amendments ("Privacy Code") and of the European Regulation n. 679 of 2016 (the "Privacy Regulation"), BSTRADI srls ("Owner") provides all Users and / or visitors of the website www.bstradi.it and / or the identical Apps, iOS and Android systems (respectively the "Users "And the" Site "), the following information regarding the use of personal data, log files and cookies collected through the Site itself.
- Data Controller, Data Processing Managers and Data Protection Officer
The Data Controller of personal data is BStradi srls (VAT number 01823060338), with registered office in Castell'Arquato (PC), Via Sforza Caolzio n.8, pec: firstname.lastname@example.org , (hereinafter the "Owner" )
The updated list of designated data processors can be provided upon request by interested parties and / or Users.
If a Data Protection Officer has been appointed (pursuant to art.37 of the Privacy Regulation), the contact details of the same will be published on the website.
- Type of data processed
Visiting and consulting the Site does not generally involve the collection and processing of the User's personal data except for navigation data and cookies as specified below. In addition to the so-called "navigation data", personal data voluntarily provided by the User may be processed when the latter interacts with the Site's functions or requests to use the services offered on the Site. In compliance with the Privacy Code BSTRADI srls could also collect the User's personal data from third parties in carrying out their business.
- Information collected automatically by the Site - Cookies
- a) Information collected automatically
Like all websites, our site also makes use of log files, in which information collected in an automated manner is stored during the visits of each user. The computer systems and software procedures used to operate the Site, in fact, automatically acquire some information during use, the transmission of which is implicit in the use of Internet communication protocols.
This information is processed in an automated form and collected exclusively in aggregate form in order to verify the correct functioning of the Site.
- b) Cookies
Cookies are divided into:
- Technical cookies: they are used to browse or provide a service requested by the visitor. Without the use of these cookies, some operations could not be performed or would be more complex and / or less secure.
- Profiling cookies: they are used to track the visitor's navigation and create profiles on his tastes, habits, choices, etc. In this way, advertising messages can be transmitted to the User's device in line with his preferences already expressed in the previous online browsing.
The user's consent is not required for the installation of technical cookies.
For the installation of profiling cookies, the user's consent is required: in the event that the user does not want his device to receive and store the profiling cookies, he can change the security settings of your browser. In fact, through the settings of the browser used to navigate, you can decide whether to delete and / or avoid the installation of cookies on the device used.
It should be noted, however, that by deactivating the use of profiling cookies, the User will not be able take full advantage of some functions of the Site.
- Use of personal data.
The User's personal data will be processed for purposes related to the provision of the services provided on the Site (thus the website www.bstradi.it and / or the identical Apps, iOS and Android systems), for registration on the e- platform. commerce and access the Site and precisely:
(i) fulfill legal obligations;
(ii) carry out the technical management of the Site;
(iii) to execute purchase orders for products marketed by the Data Controller through the Site, both after registration and in guest mode, to fulfill the related administrative and accounting obligations (eg for order fulfillment, correspondence, invoicing, guarantee, exercise of the right of withdrawal, etc.) and provide for the delivery of the same through the e-commerce platform (eg delivery and / or collection, any requests for information, complaints, etc.);
The data will also be processed:
(iv) update by e-mail, regarding all our promotional and marketing initiatives, including direct marketing, including, by way of example, information regarding the latest offers, events and advertising campaigns organized by the Data Controller (the "Marketing ");
(v) analysis of preferences, habits, interests and consumption choices, including the type, frequency, location of purchases, in order to process statistics, create specific user profiles and carry out predictive activities in relation to your future consumption.
The processing of data for the aforementioned purposes will be carried out in compliance with the Privacy Code, the Privacy Regulation and all the specific sector regulations including the provisions of the "Rules of the Guarantor for loyalty programs" of 24 February 2005 and the "Guidelines guide on the processing of personal data for online profiling "of 19 March 2015.
In compliance with the "Guidelines on promotional activities and the fight against spam" of 4 July 2013, we point out that any consent given by the User for sending commercial, promotional and marketing communications through automated tools will also extend to traditional methods of contact.
The data provided will be processed mainly with IT tools under the authority of the Data Controller, by persons specifically appointed, authorized and instructed in the processing pursuant to art. 2-quaterdecies of the Privacy Code and art. 28 and 29 of the Privacy Regulation.
- Nature of the provision of data and the legal basis of the processing
For the purposes referred to in points (i), (ii) and (iii) of the previous art. 4, the provision of personal data is necessary because in the absence it will not be possible to use the services offered by the Site, including the service of transport, delivery and / or collection of the Products through the E-commerce platform.
Instead, the provision of personal data is not mandatory but optional for the purposes referred to in points (iv) and (v) of the previous art. 4. Failure to provide data for the purposes just indicated will not allow us to carry out the Profiling and Marketing Activities. To this end, the User can freely decide whether or not to give his consent for these purposes and without this inhibiting the possibility of accessing the services offered by the Site.
With reference to the purposes referred to in points (i), (ii) and (iii) of the previous art. 3, the legal basis of the processing is the execution of the services provided through the Site and requested by the User (pursuant to article 6, paragraph 1, letter b) of the Privacy Regulation); instead, with reference to the purposes referred to in points (iv) and (vi) of the previous art. 3, the legal basis of the processing is any consent freely expressed by the User (pursuant to article 6, paragraph 1, letter a) of the Privacy Regulation).
- Scope of communication and data access
The User's personal data may be disclosed to:
all subjects whose right of access to such data is recognized by virtue of regulatory provisions;
to our collaborators, employees, as part of their duties;
to all those natural and / or legal persons, public and / or private when the communication is necessary or functional to the performance of our business and in the manner and for the purposes illustrated above
- Rights of the interested party
7.1 Art. 15 (right of access), Art. 16 (right of rectification) of EU Reg. 2016/679
The interested party has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: a) the purposes of the treatment; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations; d) the retention period of the personal data envisaged or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
7.2 Right pursuant to art. 17 of EU Reg. 2016/679 - right to cancellation ("right to be forgotten")
The interested party has the right to obtain from the Data Controller the deletion of personal data concerning him without undue delay and the Data Controller is obliged to delete personal data without undue delay, if one of the following reasons exists:
- a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing ; c) the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2; d) the personal data have been unlawfully processed; e) personal data must be deleted to fulfill a legal obligation under Union law or the law of the Member State to which the data controller is subject; f) the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of EU Reg. 2016/679
7 .3 Right referred to in Art. 18 Right to limitation of treatment
The interested party has the right to obtain from the Data Controller the limitation of the processing when one of the following hypotheses occurs: a) the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited; c) although the data controller no longer needs them for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party opposed the processing pursuant to article 21, paragraph 1, EU Reg. 2016/679 pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
7.4 Right referred to in Article 20 Right to data portability
The interested party has the right to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the Data Controller
- Revocation of consent to treatment
The interested party has the right to withdraw consent to the processing of your personal data by sending a registered letter with return receipt to the following address: BSTRADI srls Via Sforza Caolzio n. 8, Castell'Arquato (PC) accompanied by a photocopy of his identity document, with the following text: << withdrawal of consent to the processing of all my personal data >> or by certified email to the address: email@example.com At the end of this operation, your personal data will be removed from the archives as soon as possible.
In case of failure to promptly reply or unsuitable response from the undersigned company, or if the User deems there is a violation of the Privacy Code and / or the Privacy Regulation, he may appeal to the Guarantor for the protection of personal data, at the following coordinates: www.gpdp.it - www.garanteprivacy.it, e-mail: firstname.lastname@example.org, Fax: (+39) 06.69677.3785, Telephone switchboard: (+39) 06.69677.1.
- Duration of Treatment
Without prejudice to legal obligations, personal data will be kept for a specific period, based on criteria based on the nature of the services provided.
It should be noted that the data stored for Profiling or Marketing purposes will be kept for a period not exceeding 12 and 24 months respectively from their registration.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
- Security measures
This site processes user data in a lawful and correct manner, in compliance with applicable law by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
The Owner reserves the right to make changes to this Privacy Notice. In this case, the User will be promptly informed when he will use the Site again.