1. WHO PROCESSES YOUR PERSONAL DATA?
The data controller is Pineider 1774 S.r.l. with registered office at Bagno a Ripoli (FI), Via del Roseto n. 54 (Italy) and can be contacted at the following e-mail address: email@example.com (hereinafter, “Pineider” or the “Data Controller”).
Recipients of your personal data
Your personal data could be communicated to:
Your personal data could be transferred outside the European Economic Area in compliance with art. 44 ff GDPR.
2. PERSONAL DATA PROCESSED
Data provided on a voluntarily basis
Data of third parties
Please note that if You provide us with information related to third parties You shall be sure that such third parties have been prior and properly informed about the method and purposes of the processing herein shown.
Please consider that with regard to such cases, You act as an independent data controller and you bear full responsibility and obligation provided by law.
Personal data relating to persons under the age of 16
Please note that if you are not 16 years old, you are not entitled to provide us with any personal data and, in any case, we are not responsible for your false statements. If we become aware of your false statements, we will immediately delete any personal data acquired.
Data related to or arising from the use of the Websites
Please note that we collect the following data by means of the services that You use:
- Technical data: IP addresses or domain names of the devices used by the users to connect to the Websites, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received as a reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding your operating system and device environment. This data is used exclusively for the purposes of obtaining (anonymous) statistics on the use and proper functioning of the Websites to control its correct functioning, and such information is deleted immediately after processing. These personal data may also be used to ascertain any liability in cases of alleged computer crimes against the Website or against third parties and they will be deleted after 7 days.
- Personal data collected through cookie or similar technologies: for further information please see “Cookie” section.
Cookie: definitions, features and applicable law
Cookie are small text files sent/read by websites on your devices, which are then transmitted back to those websites during the next visit. Thanks to cookies websites remember your actions and preferences (such as login data, the default language, font sizes, additional display settings, etc.) so that they do not need to specify them again on the next visit. Cookies are used to perform IT authentications, session monitoring, and to store information about the activities of users who access a website, and may also contain a unique identifier that allows for monitoring of user experiences on the site for statistical or advertising purposes.
There are indeed various types of cookies, depending on their features and functions, and these may remain on user device for different periods of time: so-called session cookies, which are automatically deleted when you close your browser; and so-called persistent cookies, which remain on your device until a pre-established date.
Please consider that the Italian Data Protection Authority (i.e. Garante per la protezione dei dati personali) has issued a decision (Decision Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 and following clarifications, hereinafter the “Decision”) according to which the technical cookies that do not require explicit consent also include:
Many social networks have developed "social plug-in modules", which website operators can integrate into their websites. This allows social networks users to share content with their "friends" (and propose other related features such as posting comments). Our Websites may include one or more of these social plug-in modules. These plug-ins store and access cookies on the user's computer, allowing social networks to identify their members when they interact with these plug-in. Please note that the aforementioned social plug-in modules can also be used by social networks to provide services that go beyond what is strictly necessary, for example for behavioral advertising. Users should explicitly request these services. You can check the cookie settings on your social media platform.
Please consider if You make a payment on the website https://shop.pineider.com by credit card, You shall enter the confidential data of the credit card (card number, holder of the card, expiration date, security codes). These data will be acquired by the payment service provider who will act as an independent data controller, without passing through the Data Controller server and/or any data processors, therefore, he will not process these personal data in any way. The data will be acquired in encrypted format and according to the security requirements of the ISO 27001 certification. The payment service uses the SSL protocol (Secure Sockets Layer). The user can request, through the website, the saving of such data that will be saved directly by the payment service provider and will not be acquired by the Data Controller and / or by any data processor. The website's operational manager will only keep track of the last four digits that make up the credit card number, solely and exclusively to prevent fraud in online payments.
3. PURPOSES OF THE PROCESSING
The personal data provided through the Websites will be processed for the following purposes:
The legal basis of processing for purposes 3 (a), (b), (c) and (j) is the necessity to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract according to art. 6 (1) (b) GDPR. The performance of such activity does not require your consent.
The legal basis of the processing for purpose 3 (d) is the necessity to comply with a legal obligation to which the Data Controller is subject according to art. 6 (1) (c) GDPR.
The legal basis of the processing for the purposes 3(e) and (k) is the legitimate interests pursued by the Data Controller according to art. 6 (1) (f) GDPR.
The legal basis of the processing for the purposes 3 (f), (g) and (l), is your consent according to art. 6 (1) (a) GDPR. Failure to give your consent does not affect the Websites’ use. The consent is freely given and you have the right to withdraw your consent at any time through an email to the Data Controller to firstname.lastname@example.org.
The processing of your personal data for the purpose 3 (h) is based on the legitimate interest of the Data Controller according to art. 130 of the Italian Legislative Decree no. 196/2003 which does not require consent. Please consider that you may at any time request not to receive such communications by using the "Unsubscribe" link put at the bottom of each communication.
Please consider that the processing for the purpose 3 (i) does not comprise personal data processing.
4. RETENTION PERIOD
With reference to the processing carried out for the purposes as per 3 (a) Your personal data will be deleted if you do not access your personal area for a period of 36 months.
With reference to the processing carried out for the purposes as per 3 (b) your personal data are processed, without prejudice to the legal obligations to which Pineider is subject, beyond the time allowed by Italian law to protect its interests from possible complaints.
With reference to the processing carried out for the purposes as per 3 (c), your personal data will be proceed for the period strictly necessary to fulfill your request except for the need to fulfill legal obligations or protect the Data Controller legitimate interests.
With reference to the processing carried out for the purposes as per 3 (d), your personal data will be processed for the period strictly necessary to allow the Data Controller to fulfill the legal obligations to which is subject.
With reference to the processing carried out for the purposes as per 3 (e) and (k), your personal data will be processed for the period strictly necessary to allow the Data Controller to verify, exercise or defend a right before a court or whenever the authorities exercise their jurisdictional functions and / or carry out any extraordinary transactions involving Pineider and related activities.
With reference to the processing carried out for the purposes as per 3 (f), (g) and (l), your personal data will be stored until you withdraw your consent. In any case, Pineider is entitled to keep the personal data for the period of time provided for and permitted by Italian law to protect its interests.
With reference to the processing carried out for the purposes as per 3 (h), your personal data will be stored until you oppose to this processing using the "unsubscribe" link that you can find at the bottom of each communication forwarded via e-mail.
5. EXERCISE OF YOUR RIGHTS
Withdraw of your consent
You can withdraw at any time your consent sending an e-mail to the Data Controller: email@example.com.
Your consent is free and the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Exercise of your rights
You have the right, at any time, to request to the Data Controller access to, rectification, erasure, to object to relevant processing activity. According to art. 18 GDPR you are entitled to ask for restriction of the processing concerning your personal data or and to receive in a structured, commonly used and machine-readable format the personal data concerning you, in accordance with art. 20 GDPR.
Requests to exercise your rights must be sent to the following address: firstname.lastname@example.org.
In any case, pursuant to the Applicable Law, you have the right to lodge a complaint with the relevant supervisory authority (the Italian “Garante per la protezione dei dati”) if you believe that the processing of your Personal Data is against the applicable law.
6. HOW IS THE SECURITY OF YOUR PERSONAL DATA ENSURED?
The processing of your personal data by the parties referred to in paragraph 1 above, is performed in accordance with the provisions of the current applicable law. In particular, in order to ensure the security of your personal data, the Data Controller has implemented adequate technical and organizational measures to guarantee an adequate level of security to the risk, taking into account the state of the art and the implementation costs, as well as the nature, object, context and purpose of the processing, as well as the risk of various probabilities and severity for the rights and freedoms of individuals.