Pursuant to Regulation (EU) 2016/679, Article 13, and Italian Leg. Decree 196/2003, Article 13
Finally, please be informed that, as specified in the “Standard Sale Terms and Conditions”, use of the e-shop on the Website is permitted to individuals older than 18 years of age and to legal or corporate entities. Consequently, no personal data of minors will be collected or processed.
You are expressly invited not to communicate anyhow to Directa any information and/or data falling within special categories of personal data under Article 9 GDPR (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation). Consequently, these types of data will not be collected or processed by Directa.
- Data Controller and Data Processor
The data controller is Directa Plus S.p.A., Tax Code 04783370960, acting through its legal representative in office, with registered office at Lomazzo (Como, Italy), via Cavour 2, a company subject to the direction and coordination of Directa Plus plc, Registration No. 04679109, with registered office in London (United Kingdom), St James’s Square, 3rd Floor, 11-12, SW1Y 4LB) (herein below also referred to as the “Controller”).
The Controller may be contacted by sending an e-mail to: firstname.lastname@example.org.
The Controller has appointed a Processor, who may be contacted by sending an e-mail to: email@example.com. In accordance with Article 28 GDPR, the Processor may, subject to the Controller’s prior authorisation, engage other Processors or appoint another Processor to replace him/her. You may obtain an updated list of the Processors at any time by sending a specific request to the Controller and the Processor at their respective e-mail addresses.
- Definition of Data Subject; Purposes of Processing
a) The Data Subject’s personal data will be processed for the following purposes: (i) allowing the Data Subject to browse the Website; (ii) providing the Data Subject with certain services through the Website and related e-shop, including but not limited the conclusion and performance of contracts for the purchase of the products advertised therein; (iii) executing any requests for information and/or contact transmitted by the Data Subject through the tools specified in the Website.
(i) any Consumer within the meaning defined in Article 3 of the Consumers’ Code (“a natural person acting for purposes other than any business, commercial, craft, or professional activity carried on by the same, if the case be”) having access to the Website and related e-shop services and using the same after creating his/her own account;
(ii) any Professional, that is, any corporate or natural person within the meaning defined in Article 3 of the Consumers’ Code, having access to the Website and related e-shop services and using the same after creating his/her own account;
(iii) in any case, any individual or entity using and/or visiting the Website even without being registered and for the purpose of sending requests for information and/or contact using the tools specified in the Website.
b) The personal data provided may be also processed to comply with specific legal, tax-related, accounting or banking obligations or with any other of Controller’s obligations under applicable laws and rules.
c) In addition to the foregoing, the personal data collected may be used, subject to the acquisition of the Data Subject’s specific consent, to the purpose of sending promotional and marketing campaigns, including newsletters and market researches, by automated means (SMSs, MMSs, e-mails, faxes) or otherwise (mail post, phone).
d) The specific personal data provided by the Data Subject on paying the amount due for the purchase of goods through the Website e-shop, will in no event be disclosed to the Controller, but will be directly and exclusively verified, processed and stored by Paypal (Europe) s.a.r.l. and/or Stripe Payments Europe Ltd, that is, independent third parties having no relation to Directa and acting in their turn as separate, autonomous data controllers. To view their respective security and privacy policies and learn how Paypal and Stripe protect the personal data of the users using their respective payment systems, visit the web pages available at the following links: https://www.paypal.com/webapps/mpp/ua/privacy-full and https://stripe.com/it/privacy,
- Legal Basis for Data Processing
The legal basis for personal data processing for the purposes referred to in Article 2(a) above is to be found in point (b) of Article 6(1) GDPR, according to which processing is lawful whenever it is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
The legal basis for personal data processing for the purposes referred to in Article 2(b) above, is point (c) of Article 6(1) GDPR, according to which processing is lawful whenever it is necessary for compliance with a legal obligation to which the Controller is subject.
Finally, the legal basis for personal data processing for the purposes referred to in Article 2(c) above, is point (a) of Article 6(1) GDPR, according to which processing is lawful whenever the Data Subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Recipients of the Data and Scope of Disclosure
Except for the personal data requested to the Data Subject on payment of the amount due for the purchase of goods through the Website e-shop (which will not be anyhow processed or stored by Directa and for which reference should be made to Article 2(d) above), your personal data will exclusively be disclosed to and processed by the Controller and the Controller’s employees and/or collaborators and/or consultants and/or any contractors of the Controller’s qualifying either as Processors under point (g) of Article 4(1) of the Personal Data Protection Code and under Articles 4(1)(8) and 28 GDPR, or as Persons in charge of processing under point (h) of Article 4(1) of the Personal Data Protection Code and under Articles 4(1)(10) and 29 GDPR, or to any judicial, administrative and Stock Exchange authorities in compliance with any legal obligations. The personal data may be transferred to companies based within the European Union and/or in non-EU countries belonging to the same corporate group or structure as the Controller or entertaining professional relationships with the Controller, within the scope of the purposes described above and in compliance with the principles and security measures laid down in the GDPR. In that event, you may obtain a copy of any such data by sending a request to the Controller or the Processor at their respective contact details and as specified in Article 1 above.
- Types of Data Processed and Period of Storage
When you visit the Website, or use the services offered through the Website, or submit any request for information/contact, different types of personal data may be collected and processed, as described below:
a) Data necessary to interact with the e-shop
Your interaction with the e-shop to purchase the goods offered on sale by Directa requires the acquisition of the personal data necessary to enter into and perform the contract for the sale of said goods, including, without limitation, your identifying details (first name and last name/business name, tax code and/or VAT number), e-mail address, shipping address, and telephone number.
The data so collected will be processed exclusively to fulfil pre-contractual and contractual obligations vis-à-vis the Data Subject, and will be stored for a period of 24 months where the Data Subject acts as a consumer within the meaning of Article 3 of the Consumers’ Code, or 12 months in all other cases. The data so stored may also be used for the requirements set forth in Articles 130 and following of the Consumers’ Code and Articles 1490 and following of the Italian Civil Code, respectively.
Please note that, in order to proceed with the sale of the goods offered on the Website e-shop, you will be required to provide your personal data and credit card details through a secure payment system managed by third-party companies Paypal (Europe) s.a.r.l. and/or Stripe Payments Europe Ltd, which will be the sole entities verifying, processing and storing said personal data and which act in their capacities as autonomous controllers, for which reference should be made to Article 2(d) above and to the two companies’ respective privacy policies.
b) Data freely provided by the Data Subject
When you send communications and data on an optional, express and voluntary basis to the addresses and by means of the tools specified in the Website, your address (necessary to meet your request) and possibly other personal data in your correspondence may be acquired.
In any such event, the data so collected will be exclusively processed in order to respond to your requests, and will be stored for the time necessary to meet your requests and in any case for no longer than 24 months.
c) Cookies and browsing data
According to the definition given by the Italian Personal Data Protection Authority (“Autorità Garante per la Protezione dei Dati Personali”), Cookies are “small text files that websites visited by users send to the users’ terminals, where they are stored to be sent back to the same websites upon the following visit”. There are two macro-categories of cookies, i.e. “technical cookies” and “profiling cookies”.
(i) “Technical cookies” are used to the sole purpose of transmitting a communication over an electronic communication network, or insofar as strictly necessary to the provider of an IT service expressly requested by a subscriber or user. In other words, technical cookies help you browsing the Website and fully exploiting its features. Technical cookies may be subdivided in: (a) “browsing cookies”, ensuring the smooth browsing and use of the Website (for example, by allowing you to complete a purchase or to log in to restricted areas); and (b) “functionality cookies”, enabling browsing based on a series of selected criteria (e.g., language, products selected for purchase) so as to improve the service provided. Finally, “analytics cookies” are similar to technical cookies from a regulatory point of view: they are used to analyse accesses or visits to the Website for statistical purposes only but cannot be used to trace the identity of the single user. These types of cookies can be placed directly by the Website owner or by third-party websites (“third-party cookies”).
(ii) “Profiling cookies” are designed to create profiles of the Website user so as to show ads in line with the preferences manifested by the same while browsing the web. In other words, they are designed to analyse your behaviours for marketing purposes. They, too, can be placed directly by the Website owner or by third-party websites (“third-party cookies”).
Visiting Directa’s Website may trigger the installation of the following categories of cookies:
(i) browsing cookies, designed to ensure the smooth browsing and use of the Website and of the services made available on the same also through the e-shop (e.g., by allowing the log-in to restricted areas and remembering any preferences set by the user while visiting the Website). These data are not collected in order to associate them with identified individuals and are stored for the time necessary to fulfil the purposes connected with the same, that is, the period of validity of your registered account and in any case for the whole time you will use the Website and e-shop services;
(ii) functionality cookies, enabling browsing of the Website based on a series of selected criteria (e.g., the country where you are) so as to improve your experience of the Website. These data, again, are not collected in order to associate them with identified individuals and are stored for the time necessary to fulfil the purposes connected with the same, that is, the period of validity of your registered account and in any case for the whole time you will use the Website and e-shop services.
Pursuant to Article 13 of the Personal Data Protection Code and Article 13 GDPR, no explicit consent is required from the Data Subject to use both of the above types of technical cookies, as this information about their presence is deemed sufficient;
(iii) analytics cookies, used for statistical purposes to collect aggregate, anonymous information on the number of users having access to the Website and how they use it. These data are not collected in order to associate them with identified individuals, but for merely statistical purposes, and are stored for the time necessary to perform comparative statistical processing and analytics activities, and in any case for no longer than 26 months.
No explicit consent is required from the Data Subject to use analytics cookies when they are set and used by the Controller directly, or when they are set or made available by third parties provided however that appropriate measures are taken to reduce the identification capacities of such cookies (e.g., by masking major portions of the IP address) and that their use is subject to express contractual covenants between the Website owner and the relevant third parties, binding the third party to exclusively use analytics cookies to provide the service, not to combine or cross-reference the information contained in the cookies with others already in the third party’s possession, and to store such information in an appropriate manner.
(iv) profiling cookies, designed to create profiles of the Website user so as to show ads in line with the preferences manifested by the same while browsing the web.
Please note that the Website does not use profiling cookies installed by the Controller, but exclusively profiling cookies installed by third parties acting as autonomous data controllers. Consequently, for greater details on the modes of data processing, please refer to the specifications and privacy policies provided by the third parties in their webpages linked below.
Therefore, when you visit the Website, the following third-party profiling cookies may be installed:
(a) profiling cookies installed by Google Analitycs – for greater details on the security and privacy principles adopted by Google Analytics to safeguard users’ data, use the link: https://www.google.com/analytics/learn/privacy.html?hl=it;
(b) profiling cookies installed by Facebook Analitycs – for greater details on the security and privacy principles adopted by Facebook Analytics to safeguard users’ data, use the link: https://www.facebook.com/privacy/explanation.
- Modes of Data Processing
Personal data processing is performed by means of the operations or sets of operations indicated in Article 4(1)(a) of the Personal Data Protection Code and in Article 4(1)(2) GDPR, namely through collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, preparation, selection, use, alignment or combination, block, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction. The processing operations may be performed by using hardcopy records or IT files, whether or not by electronic, IT, or in any case automated means.
Personal data processing will be inspired by the respect of the principles of lawfulness, fairness and transparency, data minimisation, accuracy, storage limitation, integrity and confidentiality, as well as accountability, as per Article 5 GDPR and Article 11 Personal Data Protection Code. In addition, the respect of personal data security and protection measures required under applicable laws and regulations, is guaranteed.
- Provision of Data; Refusal to Provide Data
Your consent to the processing of your personal data is optional for the purposes of visiting the Website and for marketing purposes. However, if you submit any requests for information and/or contact, or if you wish to use the sales services offered through the Website and its e-shop, it is essential that you give your consent to the processing of your personal data, to the extent necessary to enable Directa to satisfy your requests. Therefore, your refusal to provide your personal data will not prevent you from navigating the Website but will prevent Directa from satisfying any requests for information and/or contacts that you may submit and from supplying any services that you may require.
- Data Subject’s Rights
Under Article 7 of the Personal Data Protection Code and Articles 15 to 21 GDPR, you, as a Data Subject, are entitled to exercise a number of specific rights, including:
(a) the right to obtain from the Controller confirmation of the existence of any personal data concerning you and, in case, access to such data and related information;
(b) the right to receive your personal data in a structured and machine-readable format, also in view of transmitting those data to another controller (“right to data portability”), in the cases listed in Article 20 GDPR;
(c) the right to obtain adequate information pursuant to Article 13 of the Personal Data Protection Code and Article 13 GDPR;
(d) the right to obtain the updating and rectification of inaccurate data and the completion of incomplete data, the erasure, anonymisation or block of the data processed in violation of the law, and the restriction of the processing of your personal data in the cases listed in Article 18 GDPR;
(e) the right to oppose, on legitimate grounds, the processing of your personal data;
(f) the right to withdraw your consent to the processing of your personal data at any time, limited to the instances where processing is based on your consent for one or several specific purposes and concerns common personal data, or special categories of data (e.g., sensitive data), in any case without prejudice to the lawfulness of the processing based on the consent given before its withdrawal.
You may exercise the above rights by sending a request to the Controller or the Processor at their respective email addresses and as specified in Article 1 above.
Under Article 77 GDPR, you further have the right to lodge a complaint with the Italian supervisory authority (Autorità Garante per la protezione dei dati personali, or Personal Data Protection Authority – see www.garanteprivacy.it) where you believe that your personal data have been processed in violation of applicable laws and rules.
- Modifications; Language