HALIDON S.R.L., with registered office in via Quintiliano, 41, 20138 Milano, Fiscal Code and VAT Number 12885130158 (hereinafter "Holder"), as data controller, informs you pursuant to art. 13 EU Regulation n. 2016/679 (hereinafter, "GDPR"), that your data will be processed in the following modalities and for the following purposes:
1. Object of the treatment
The Holder processes the personal, identifying and non-sensitive data (specifically, name, surname, tax code, VAT number, email address, telephone number - later, "personal data" or "data") you communicated when registering to the Holder’s website, and / or when subscribing to their newsletter service , and / or when purchasing products sold though the Holder’s website.
2. Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but it could, due its very nature, allow users to be identified through the association with and processing of data held by third parties. This category of data includes: IP addresses or domain names of the computers used by users when connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters relating to the operating system and the user's computer environment.
This data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibilities in case of hypothetical cyber crimes against the site: apart from this eventuality, data on web contacts are automatically deleted after thirty days.
Cookies are packets of information sent by a web server (eg the website) to the user's Internet browser that stores them on the computer and sends them back to the server at each subsequent access.
Our Website uses:
- "technical cookies" to guarantee the normal navigation of the site and the use of its services;
- "analytics cookies" to collect anonymous and aggregate information on the use of the site, the number of users and how they visit the site.
You can use your browser to prevent cookies from being downloaded onto your system and / or to remove them from it once they have been downloaded.
Disabling "technical cookies" can render navigation of the site difficult and in some cases can prevent you from using some/part of the services.
Furthermore, your username and password will no longer be stored.
4. Purposes of the treatment
Your personal data are processed:
A) without your express consent (Article 6 letter b, and GDPR), for the following Service Purposes:
- to enable you to register on the website;
- to manage and maintain the website;
- to enable you to subscribe to the newsletter service provided by the Holder and any additional Services you requested;
- to fulfill the pre-contractual, contractual, and tax obligations deriving from our relationship with you;
- to fulfill the obligations established by the laws, regulations, EU legislation or by a request from an Authority;
- to prevent or discover fraudulent activities or violations dangerous for the website;
- exercising the rights of the Holder, for example the right of defense in court.
B) Only subject to your specific and distinct consent (article 7 of the GDPR), for the following Marketing Purposes:
- to send you e-mail newsletters, commercial communications and / or advertising material about products or services offered by the Holder
Please note that if you are already our customer, we can send you commercial communications relating to The Holder’s services and products similar to those you have already purchased, unless you give your dissent.
5. Methods of processing
The processing of your personal data is carried out through the operations indicated in art. 4 n. 2 GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is subjected to both paper and electronic, and / or automated processing.
The Holder will process all personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service relationship and no more than 2 years from the data collection for Marketing Purposes.
6. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the Holder as internal person in charge and / or managers of the data processing and / or system administration;
- to third parties (e.g.: shippers, website management and maintenance providers, suppliers, credit institutions, etc.) who carry out outsourced activities on behalf of the Holder in their capacity as external data processors.
7. Communication of data
Without your explicit consent (according to ex. art. 6 lett. B) and C) GDPR), the Holder may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the fulfillment of said purposes. Your data will not be disclosed.
8. Data transfer
The management and storage of personal data will be carried out on the Holder’s own servers and / or those owned by third parties, appointed as Data Processors, all serves are located within the European Union. Currently the servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Holder, if necessary, has the right to move the server location to Italy and / or to other EU and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses prescribed by the European Commission.
9. Data cancellation
To ask data cancellation you need to send an e-mail to email@example.com.
10. Nature of the provision of data and consequences of refusal to reply
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee you neither the registration to the site nor the services listed at art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to give any data or subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications and advertising material relating to the Services offered by the Holder. Either way you will continue to be entitled to the Services referred to in art. 2.A).
11. Rights of the concerned individual
As the concerned individual, you have the rights set forth in art. 15 GDPR and precisely the rights to:
i. Obtain confirmation of the existence (or non-existence) of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
ii. Obtain the following information: a) origin of personal data; b) purposes and methods of the processing; c) logic applied in case of treatment carried out with the aid of electronic instruments; d) identification details of the owner, the managers and the representative if designated pursuant to art. 3, paragraph 1, GDPR; e) subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representative, managers or agents in the territory of the State;
iii. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation and/or transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regards to their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
iv. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
12. Exercise of rights
You can exercise your rights at any time by sending:
- a registered letter to HALIDON S.R.L., via Quintiliano, 41, 20138 Milan;
- an e-mail to firstname.lastname@example.org
This Website and the Services of the Data Controller are not intended for minors under the age of 18 and the Data Controller does not intentionally collect personal information about minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of users.
14. Owner, manager and agents
The data controller is HALIDON S.R.L.
15. Changes to this Statement
This information may change. It is therefore advisable to regularly check this information and refer to the latest version.