Privacy policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTS. 13-14 OF REG. 679/2016

(August 2021 version)

 

The society Nickname Snc di Silvi e Piazzi, as Data Controller of your personal data, informs you about their use and your rights, so that you can consciously express your consent. The Regulation for the Protection of Personal Data (Reg. 679/2016 - from now on "GPDR” from the English acronym General Data Protection Regulation) requires that the processing of individual data is based on principles of correctness, lawfulness, transparency and protects the confidentiality and rights of the individuals concerned. For a correct understanding of the following terms, you can consult the Information Pages of the Privacy Guarantor: https://www.garanteprivacy.it/regolamentoue. To view the text of the Regulation 679/2016 ("GDPR"), you can consult the following site: https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:32016R0679&from=IT. To view Legislative Decree 196/2003 (Privacy Code – “CDP”) in its latest version, you can consult the following site: https://www.garanteprivacy.it/web/guest/codice.

 

1) WHO IS THE OWNER WHO DECIDES PURPOSES AND MEANS OF THE TREATMENT? HOW AND WHERE CAN YOU CONTACT HIM?

    The Data Controller is the company Nickname Snc di Silvi e Piazzi, with registered office in via Turati n. 1, 40064 – Ozzano dell'Emilia (BO), VAT number 02742231208, which can also be reached at the e-mail address: semm@semmstore.com, also for the exercise of the rights listed below and for any request for clarification. The website governed by this information is: https://shop.semmstore.com.

    2) WHAT PURPOSES, METHODS, LEGAL CONDITIONS, CONSEQUENCES, DATA STORAGE TIMES ARE APPLIED TO THE TREATMENTS (IN PARTICULAR, NEWSLETTERS, SOFT-SPAM, MARKETING)?

      The processing of data that you will always provide directly and freely will take place for the following purposes:

      I) fulfilments deriving from laws, regulations and community legislation (LEGAL BASIS: regulatory obligation, failing which the consequences of the law will be suffered; DURATION: for the entire duration envisaged by the applicable laws, 10 years in the case of conservation of company records);

      II) contractual and pre-contractual obligations deriving from the relationship requested or established with the interested party, e.g. in the case of requests for information from the interested party (LEGAL BASIS: execution of the contract, failing which it will not be possible to give rise to the request; DURATION: for the entire duration of execution of the contractual or pre-contractual relationship); in particular, it includes the activity necessary to respond to your requests for information (also via telematic messaging services, chat, by telephone, etc.), to participate in initiatives called by the Data Controller (e.g. events, surveys, competitions, etc.);

      III) in case of optional consent for promotional purposes of the Data Controller to email, SMS, social media, messaging or other types of communications (LEGAL BASIS: consent, failing which you will not receive telematic promotional communications; DURATION: maximum 24 months unless your eventual early revocation is always possible);

      IV) promotional communications telematics on activities of the Data Controller similar to the products previously purchased from the interested party, to the communicated telematic contact details (LEGAL BASIS: legitimate interest, considered prevalent as soft-spam admitted by Recital 47 GDPR and by art. 130 c. 4 CDP; DURATION: maximum 24 months from the last purchase made, unless your opposition is always possible);

      IN) any assessment, defense or exercise of a right in court (LEGAL BASIS: legitimate interest, considered prevalent for self-defense in court; DURATION: for the entire limitation period established by applicable laws, e.g. 10 years in the case of contractual liability);

      VI) paws elaborate in anonymous and aggregate form studies, research, market statistics (LEGAL BASIS: legitimate interest, considered prevalent as a result of anonymisation of the data; DURATION: until such processing is deemed appropriate);

      VII) protect the security of networks and IT systems of the Data Controller (LEGAL BASIS: legitimate interest, considered prevalent as it complies with Recital 49 of the GDPR; DURATION: 6 months);

      VIII) in case of optional consent for the processing of your images (photos and/or audiovisuals, with possible voice), for purposes specified from time to time and which may include: participation in competitions or initiatives of the Data Controller; publication with dissemination on the website of the Data Controller and/or third parties (in particular, as a fan page of social media sites) - (LEGAL BASIS: consent, failing which it will not be possible to use these images for the aforementioned purposes; DURATION: for the entire duration of exploitation of the images as practiced by the Owner, subject to your possible revocation; or for a different duration specified in the specific case by the Owner);

      IX) in case of optional consent for newsletters of the Data Controller to the communicated email addresses (LEGAL BASIS: consent, failing which you will not receive the newsletter; DURATION: maximum 24 months unless your eventual early unsubscription is always possible).
      1. b) with reference to the methods of processing the personal data of the interested party, said processing will be carried out in compliance with the security measures envisaged by current legislation, in automated computerized form (involving the use of software, hardware, computer networks), by telephone by means of paper correspondence.
      3) WHO CAN YOUR DATA BE COMMUNICATED TO?

        The Data Controller, for the performance of corporate activities, in turn may communicate them to the following subjects to the extent strictly necessary for the achievement of the aforementioned purposes, all based in the European Community / European Economic Area unless otherwise indicated:

        1. to bodies for the coordination, supervision and management of national and foreign Internet networks;
        2. to the companies and professionals that the Data Controller makes use of for advice or assistance in carrying out its commercial activity, as well as this website, in particular as regards suppliers of IT infrastructure and services, IT maintenance and security, as well as communication (e.g. chat), as well as the social media used for commercial activity with one's fan page (that is: Facebook, Twitter, and the other social networks indicated on the website) as well as for compliance with applicable regulations; of particular note: Mailchimp for email services (owned by The Rocket Science Group), Google for the ReCAPTCHA service, Shopify and Wordpress for platform and hosting services;
        • to third parties (e.g. public bodies or State authorities) if this is necessary and indispensable (however functional) for the performance of the Data Controller's activity, based on what is required;
        1. bodies and authorities in charge of protecting the rights of the Data Controller or of third parties; consultants and collaborators of the Data Controller for the same protection.

        An updated and analytical list of data recipients is available from the Data Controller, at the request of the interested party.

        Unless otherwise specifically indicated, the data will not be transferred or processed outside the European Community or other place considered inappropriate to the Community legislation on the matter. In the case, in general, the data transfer may take place on the basis of standard clauses of the European Commission or other adequate guarantee (pursuant to art. 46 GDPR) or on the basis of one of the exceptions pursuant to art. 49 GDPR.

        Similarly, the data will not be disclosed in any way (except for what may be reported by the same user on the public pages of social networks used for contact or through images or audiovisuals authorized by the interested party).

        4) WHAT RIGHTS DO YOU HAVE AS TO THE TREATMENT OF YOUR DATA?

          You can contact the Data Controller to assert the rights indicated in the articles 12-20 GDPR. Your rights are as follows:

          1. you have the right to ask the data controller access to your personal data, asking for confirmation or otherwise of their existence as well as the rectification o to cancellation of the same or the limitation (temporary block) of the treatment that concerns you;
          2. YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THEIR TREATMENT FOR REASONS RELATED TO YOUR PARTICULAR SITUATION IN THE EVENT: I) OF TREATMENT NECESSARY FOR THE EXECUTION OF A PUBLIC INTEREST TASK OR CONNECTED TO THE EXERCISE OF PUBLIC POWERS, OR II) IN CASE OF PURSUE OF LEGITIMATE INTEREST OF THE HOLDER;
          3. if you have given consent for one or more specific purposes, you have the right to revoke such consent at any time;
          4. has the right to portability of your personal data (for those with legal basis of contractual or consensual execution) by request to the owner, by means of communication of a file in .CSV format, or similar open interoperable format, depending on the type of data requested;
          5. has the right to propose claim to the following Supervisory Authority: Guarantor for the protection of personal data (https://www.garanteprivacy.it); in any case, you have the right to alternatively lodge a complaint with the competent supervisory authority of the Member State where you usually reside, work or of the place where the alleged violation occurred.

          The treatment takes place through automated processes which they do not determine the profiling of the interested parties.

          The services of the Owner are reserved for people of at least 18 years of age. Any data collected from minors, unsolicited, and then revealed as such, will be promptly canceled and not further processed.

          5) FROM WHOM WE HAVE COLLECTED YOUR DATA AND WHAT TYPE (IF THEY HAVE NOT BEEN COLLECTED FROM THE INTERESTED PARTY, E.G. FROM CHAT OR SOCIAL MEDIA, ETC.) - EX ART. 14 GDPR?

            Third-party platforms may be used to carry out the activity of promotion and public awareness of the economic-productive activity (e.g. social media such as Facebook or similar, or messaging services, chats, portals of various kinds). In this case, the data can be collected through these third-party sites, as provided directly by the interested party, pursuant to this information, when requesting information or joining the social media pages of the Data Controller. These data are processed exclusively to respond to any requests from the interested party and any promotion campaigns by the Data Controller through the same social media tools. The various social media are regulated by their own privacy policy, as they are independent owners - unless otherwise indicated - of the services they offer. Any of their supplementary roles (e.g. as data processors or joint controllers) will be duly reported. The social media and third party sites used in this sense may vary over time, they may include Facebook, Instagram, Spotify, Twitter, YouTube (Google), Spreaker, Telegram.

            As for the use of Facebook Insights by the Owner to optimize the performance of his page, to understand the trend of the published contents and to know the demographic characteristics of the users: it constitutes a relationship of co-ownership of the treatment, governed by a specific agreement between the Owner and Facebook Ireland Limited (with based in Dublin) available here: https://www.facebook.com/legal/terms/page_controller_addendum_archived. The processing of the related personal data is carried out as indicated above with regard to the Data Controller, while Facebook will carry it out in accordance with this agreement and its related privacy information (https://www.facebook.com/privacy/explanation).

            For any cookies present on the website, consult the COOKIE POLICY integrative.