Privacy Policy
Personal Data Controller
The Data Controller of personal data collected through the Site is: GIULIO VANZAN, with registered office in Capoliveri (LI) Località Alberi 2, 57031, C.F. VNZGLI83H02E682K (hereinafter “Data Controller“), e-mail address: giulio.vanzan[@]gmail.com
Methods of Processing Personal Data
We hold in the highest regard the right to privacy and protection of our Users’ personal data, which will be lawfully processed.
The Personal Data provided or acquired will be subject to Processing based on the principles of fairness, lawfulness, transparency and protection of confidentiality in accordance with current regulations, through appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data.
Processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes.
Personal data processed
When you visit the Site, contact us (by email, phone, mail, etc.), subscribe to our newsletter, or place an order, we process some of your Personal Data, either independently or through third parties.
We list the categories of personal data processed:
- Identification and Contact Data: first and last name, email address, telephone number (optional), as well as any other Personal Data voluntarily disclosed by the User.
- Browsing data: related to the connection, IP addresses, domain names and other parameters related to the browser and operating system used;
- Usage Data: information generated by visiting the Site or making purchases on it: log data, data related to registrations made, interaction and transaction processes, performance indicators, data related to navigation flows and use of features;
Purpose of Processing and Legal Basis
The Data Controller will process Users’ Personal Data, as listed above, in order to carry out its economic and business activities, for the specific purposes set out below.
1. Purposes inherent in the free download, the Contract and the Legal Obligations
a. Site Navigation;
b. Assistance and customer care activities as well as to respond to requests, complaints, reports and objections from Users via email to the Controller’s addresses or through other communication channels;
c. Download the free resource in e-book format made available through the Site;
d. Handling of User requests via remote communication tools, such as e-mail, chat, banners, notification systems, and other remote communication tools on the Site;
e. Fulfillment of obligations arising from applicable laws, regulations or EU legislation (e.g., tax and accounting obligations) or management of and response to requests from relevant administrative, tax and judicial authorities;
f. Activities of an administrative, accounting and tax nature such as activities related to the contract concluded through the Site, such as, but not limited to, issuing receipts and/or invoices, keeping accounting records;
g. Responding to requests to exercise the rights granted to Users by the contract entered into with the Controller, by the law in relation to that contract, or by the GDPR, and consequent activities.
For these purposes, the Legal Basis is the consent to the processing of one’s personal data (Art. 6.1a), the need to execute pre-contractual and contractual obligations to which the User is a party (Art. 6.1.b) of the GDPR) or the fulfillment of legal obligations to which the Controller is subject (Art. 6.1.c) of the GDPR).
Therefore, their processing is necessary to enable the performance of activities related to consent and pre-contractual obligations through the Site or to respond to requests made by the User in connection with the Site. Failure to provide the data, therefore, will result in the impossibility for the User to carry out the activities indicated above through the Site and/or to receive a response to the requests made.
2. Non-consent-based purposes
h. Ensuring compliance with the Data Controller’s contractual rights, i.e., demonstrating that it has fulfilled its obligations arising from its contract with the data subject or imposed by law, to prevent and/or suppress fraudulent or harmful actions;
The legal basis for this processing is legitimate interest (Art. 6.1(f) of the Regulations). Sometimes the Legal Basis consists of legitimate interest (Art. 6(1)(f) in conjunction with Recital 47 of the Regulations), for sending transactional email communications (e.g., abandoned shopping cart).
3. Direct Marketing Purposes
i. With the User’s consent, we will send commercial emails to show him/her updates, news, offers and promotions, market research, including through automated processing tools such as emails and newsletters.
For this purpose, the processing, including the final decision about the promotional communication to be sent or displayed to the user based on the cluster(s) they belong to, is done in an automated way, without human intervention, based on algorithms whose parameters have been previously set.
The legal basis is the User’s express consent to the processing of personal data for these purposes (Art. 6.1.a) of the Regulations. Providing data for these purposes is optional. In case of non-consent, revocation of the same or exercise of the right to object, the User’s ability to make purchases on the Site will not be affected in any way.
Modification of choices and withdrawal of consent
In case of granting consent, the User may at any time revoke the consent given and/or object to the processing of personal data for generic marketing and profiling purposes through the modalities indicated in the section ‘Rights of Data Subjects’ later in this policy.
If consent is withdrawn, processing carried out on the basis of consent given before its withdrawal will still be considered legitimate. If you withdraw your consent and/or object to the processing of your data for the purpose of generic marketing, your data will no longer be processed for that purpose and will only be retained by the Data Controller in the circumstance that there is another legal basis that legitimizes its processing (e.g., contractual performance; legal obligation; legitimate interest).
Storage time
The Controller will process Users’ personal data for as long as necessary to achieve the purposes for which such data were collected, as defined in this policy. However, for each of the stated purposes, the personal data collected will be kept for the time specified below:
- For the purposes inherent to pre-contractual obligations or downloading executable through the Site, the Data Controller will process the User’s data for the time strictly necessary to carry out the individual processing activities, it being understood that, once this period has expired, the Data Controller may retain the data for the purposes and for the maximum retention periods referred to in the other sections of this notice, if relevant and/or, in any case, in the cases established by the GDPR and/or the law.
- For tax, administrative, accounting, and legal purposes, until the expiration of the statutory time limits prescribed for the performance of each fulfillment and/or the retention periods prescribed by law.
- For purposes based on the legitimate interest of the Controller, the Controller will process the User’s data for as long as is strictly necessary for the satisfaction of that interest, unless, in the face of disputes and/or complaints, the Controller needs to retain personal data in order to carry out defense activities (subsection h) for the next 10 years (of limitation) or, in the case of litigation, further retention is determined by the duration of the litigation or by specific requests from the authority. The User can obtain more information about the legitimate interest pursued by contacting the Owner.
- For the purpose of direct marketing, as long as consent is not withdrawn and in any case for a period equal to 24 months from when consent was given or renewed by the User, on the occasion of a new purchase or from the date of the last contact with the User, by which is meant, for example, the opening of the newsletter.
After these retention times, the Personal Data will be deleted and the User will no longer be able to exercise the rights of access, deletion, rectification and portability of the Data.
Communication and dissemination of data
In addition to the Owner, in some cases, they may have access to the Data:
- Individuals involved in the organization of the Website (for example: administrative, sales, marketing personnel);
- Third parties who perform ancillary and instrumental tasks with respect to the Holder’s activity and who process personal data on behalf of the Holder (for example: lawyers, accountants, system administrators, logistics companies, newsletter services);
- Public or private entities that can access the Data in accordance with the law, regulations and measures issued by the competent authorities;
- potential purchasers of the Holder company and entities resulting from the merger or any other form of transformation.
These recipients, as the case may be, process Users’ personal data in their capacity as data processors, data controllers or autonomous data controllers. The User may request an updated list of the Processors referred to in Art. 28 GDPR.
Place of Processing and Transfer of Data Abroad
Data processing takes place mainly in Italy and in the countries of the European Union. Some third-party tools may process the data of users of this website in countries outside the European Economic Area (the “Third Countries”).
The transfer of data to Third Countries may also occur through the use of external tools that enable certain services (e.g., newsletters, remarketing, advertising, use of social buttons, viewing videos).
Sometimes the use of such tools may involve the transfer of personal data of users visiting this website to a third country for which there is no European Commission adequacy decision.
Should there be a need to transfer data to Third Countries, the Data Controller undertakes to ensure that the country to which the data will be sent guarantees an adequate level of protection, as provided for in Article 45 GDPR; such transfer will be governed on the basis of the standard data protection contractual clauses approved by the European Commission for the transfer of personal information outside the EEA under Article 46.2 GDPR.
Cookie
This Website uses cookies. Cookies are small text files that can be installed by websites on users’ devices to make the browsing experience more efficient and to personalize content and ads, provide social network features, and analyze traffic. To learn more, read the Cookie Policy.
Personal Data Processing Tools
CONTACT FORM
By filling out the contact form, the User consents to the processing of personal data entered therein and their use to respond to inquiries. The personal data being processed are those required by the form (first name, last name, company, email address, telephone) and any other personal data that the user may enter in the body of the message.
SOCIAL NETWORK KEYS
The User can use the social buttons to visit the social pages of the Site, through the following social tools that still collect personal data of users such as traffic data on the pages visited and on which they are installed. The Site provides the following social buttons:
Instagram (Meta Platforms Ireland Limited) The Instagram button is an interaction service with the social network Instagram, provided by Meta Platforms Ireland Limited. Personal Data Collected: Cookies, Usage Data and other data as per the relevant privacy policy. Place of processing: IRELAND – UNITED STATES – Privacy Policy
Facebook (Meta Platforms Ireland Limited) The Facebook social button and widgets are services for interaction with the social network Facebook, provided by Facebook Ireland Ltd. Personal Data Collected: Cookies and Usage Data. Place of processing: IRELAND – UNITED STATES Privacy Policy
Youtube (Google Ireland Limited) The Youtube social button and widgets are services for interaction with the Youtube platform, provided by Google Ireland Ltd. Personal Data Collected: Cookies and Usage Data. Place of processing: IRELAND – UNITED STATES Privacy Policy
Linkedin (Linkedin Ireland Unlimited Company) The Facebook social button and widgets are services for interaction with the Linkedin social network, provided by Linkedin Ireland Ulc. Personal Data Collected: Cookies and Usage Data. Place of processing: IRELAND – UNITED STATES Privacy Policy
STATISTICS
Statistical services allow the Data Controller to monitor and analyze traffic data and are used to track User behavior. This Site uses the following third-party services:
Google Analytics (Google Ireland Limited)
Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports, and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its ad network. Google may also transfer this information to third parties where required by law or where such third parties process this information on Google’s behalf. IP address anonymization is enabled on this site. The IP address transmitted by the browser for purposes related to Google Analytics will not be merged with other data already held by Google.
The use of Google Analytics may in some cases involve the transfer of personal data of users visiting this website to a third country, such as the United States, for which there is no European Commission adequacy decision.
At the following link https://tools.google.com/dlpage/gaoptout?hl=it browser add-on for disabling Google Analytics is made available by Google. Personal Data Collected: Cookies, IP Address, Usage Data and the other personal data defined in the privacy policy of Google.
Place of processing: IRELAND and in some cases UNITED STATES – Privacy Policy (https://policies.google.com/privacy?hl=it)
Rights of Interested Parties
Data subjects have the right to exercise the faculties provided for in Articles 7, 15-22 of the Regulations.
In particular, Users have the right to obtain: the access, updating, rectification or, when they are interested, the integration of data; the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed; certification that the above operations have been notified, also as regards their content, to those to whom the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate to the protected right.
In addition, Users have the right to revoke their consent at any time, if the processing is based on their consent, to request data portability, i.e., to receive all personal data concerning them in a structured, commonly used and machine-readable format), to request the restriction of the processing of personal data and/or their deletion (“right to be forgotten”), as well as the right to object to the processing of personal data concerning them and to the processing for the purpose of sending advertising material, direct sales and for carrying out market research.
Pursuant to the Applicable Regulations, the Holders inform that Users have the right to obtain the indication (i) Of the origin of personal data; (ii) Of the purposes and methods of processing; (iii) of the logic applied in case of processing carried out with the aid of electronic tools; (iv) of the identification details of the Holders and responsible persons; (v) of the individuals or categories of individuals to whom the personal data may be communicated or who may become aware of them in their capacity as managers or appointees.
Data subjects may exercise their rights, either by sending the Holder an appropriate notice or by using the Data Subject Rights Exercise Form, which can be found at this link, to be sent, duly completed and with signature and attachments, to the Holder by email to: giulio.vanzan[@]gmail.com
Data subjects, should they believe that the processing concerning them violates the Regulations, also have the right to lodge a complaint with the Garante della Privacy as the data protection supervisory authority (Garante per la protezione dei dati personali, headquartered at Piazza Venezia no. 11 – 00187 – Rome(https://www.garanteprivacy.it/).
Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please consult this page often, taking the date of last modification shown at the bottom as a reference. If you do not accept the changes made to this Privacy Policy, you must cease using this Website and may request the Data Controller to remove your Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point. The Owner is not responsible for updating all links viewable in this Privacy Policy, so whenever a link is not working and/or updated, Users acknowledge and agree that they should always refer to the document and/or section of the websites referred to by that link.
Privacy Policy updated as of November 2024.
Please be informed that this is an automatic translation of the italian cookie policy you can find at https://www.segretidellamente.com/privacy-policy/. Please consider only the Italian version to be accurate.