INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
Foreword
The information below has been prepared pursuant to Article 13 of EU Regulation 2016/679 by eCommerce Outsourcing s.r.l., a company subject to the direction and coordination of Giglio Group S.p.A. (VAT 07396371002), with registered office in Piazza Generale Armando Diaz 6, 20123 Milan.
1. Identity and contact details of the data controller
eCommerce Outsourcing s.r.l with registered office in via Sesia 5, 20017 Rho (MI), registered in the Milan Register of Companies under no. 2034727, fiscal code and VAT no. 085760969 (hereinafter, also "eCommerce Outsourcing" or the "Data Controller"), is the data controller of the personal data of users collected during a purchase on the e-shop Website www.shop.fabbri1905.com ("Website").
eCommerce Outsourcing can be contacted at the following:
- Address: via Sesia 5, 20017 Rho (MI)
- Telephone: +39 0299762830
- e-mail: ordini@terashop.it
2. Contact details of the Data Protection Officer
The Data Protection Officer can be contacted at the Data Controller's head office at the above address and/or by e-mail at dpo@terashop.it.
3. Data processing by eCommerce Outsourcing for the purpose of executing the purchase contract on the Website
eCommerce Outsourcing, in the case of a purchase on the Website, will process the user's personal data:
- to execute the obligations incumbent upon eCommerce Outsourcing from the contract of purchase on the Website, such as, without limitation, the delivery of the products sold; and
- to enable the fulfilment of the obligations incumbent on the customer arising from the contract of purchase on the Website, such as, by way of example, payment for the products purchased.
The legal basis for this processing is the fulfilment of the contract (Art. 6.1.b) of the GDPR.
For this purpose, eCommerce Outsourcing will retain users' data for the time strictly necessary to carry out the individual processing activities (e.g. data necessary for the execution of the purchase contract on the Website until delivery of the product), it being understood that, once this period has expired, eCommerce Outsourcing may retain the data for the purposes and for the maximum retention periods set out in the following sections of this policy and/or in any case in the cases established by the GDPR and/or the law.
The provision of data for the above-mentioned purpose is optional, there is no legal or contractual obligation to communicate the data; however, it is a necessary requirement for the conclusion of the purchase contract on the Website: failure to communicate the data will make it impossible for the user to conclude that contract.
4. Processing of data by eCommerce Outsourcing for purposes of assistance/customer care in relation to purchases on the Website
eCommerce Outsourcing in the case of a purchase on the Website, will process the user's personal data for generic assistance and customer care activities in relation to purchases on the Website and therefore to respond to requests for information from users or to respond to complaints, reports and disputes.
The legal basis for this processing is the execution of pre-contractual measures taken at the request of the data subject (art. 6.1.b GDPR) or, as the case may be, the legitimate interest of eCommerce Outsourcing (art. 6.1.f GDPR). Indeed, it constitutes the legitimate interest of eCommerce Outsourcing to respond to requests for information and/or reports and/or complaints from users of the Website. The legitimate interest of eCommerce Outsourcing, thus identified, can therefore be considered to prevail over the fundamental rights and freedoms of the data subject, also due to such reasonable expectations.
The customer has in any case the right to object, at any time, for reasons related to his/her personal situation, to the processing of personal data concerning him/her for the purpose of assistance and customer care.
To exercise this right, the user may write to eCommerce Outsourcing at the address via Sesia 5, 20017 Rho (MI), or at the email address ordini@terashop.it
Further information
In the event of exercising the right to object to the processing of data for the purpose of assistance and customer care, eCommerce Outsourcing shall refrain from further processing of the User's personal data for this purpose, unless it can demonstrate the existence of compelling legitimate grounds to proceed with the processing that override the interests and rights and freedoms of the data subject or for the establishment, exercise or defence of a legal claim.
For this purpose, eCommerce Outsourcing will retain customer data for the time strictly necessary to carry out the requested activities (e.g. for the time necessary to provide the requested information).
The provision of data for the above-mentioned purpose is optional, there is no legal or contractual obligation to communicate the data; however, given the purpose of the processing, failure to communicate the data and/or the exercise of the right to object, may make it impossible to respond to customer requests.
5. Data processing by eCommerce Outsourcing for administrative/accounting purposes in connection with purchases on the Website
eCommerce Outsourcing, in the case of a purchase on the Website, will process the User's personal data for the purpose of fulfilling administrative/accounting and/or tax obligations related to the purchase contract on the Website.
The legal basis for this processing is the fulfilment of legal obligations to which eCommerce Outsourcing is subject (Art. 6.1.c GDPR).
The provision of data for the purpose in question is mandatory because its processing is necessary to allow eCommerce Outsourcing to fulfil legal obligations incumbent on it. Any refusal to provide data for this purpose will make it impossible for the user to make purchases on the Website.
For this purpose, eCommerce Outsourcing will retain the User's data until the expiration of the legal deadlines required for the fulfilment of each administrative-accounting and fiscal obligation and/or for the storage periods required by law.
6. Data processing by eCommerce Outsourcing for the purpose of enabling the user to exercise rights
eCommerce Outsourcing in the case of a purchase on the Website, will retain user data for the purpose of:
- responding to requests to exercise the right of withdrawal and/or requests to exercise the legal guarantee of conformity and/or other rights arising from the purchase contract
- carrying out any activities that prove necessary as a consequence of the exercise of such rights and to proceed, where appropriate, to the relevant refunds
- receiving and acknowledging requests to exercise personal data protection rights under the GDPR. The legal basis for this processing is the fulfilment of legal obligations (Art. 6.1c GDPR).
Further information
The provision of data for this purpose is compulsory because its processing is necessary to allow eCommerce Outsourcing to fulfil legal obligations as well as to allow the user to exercise the rights attributed to him/her by law or contract. Any refusal to provide data for this purpose will make it impossible for the User to exercise these rights.
For this purpose, eCommerce Outsourcing will retain the user's data until the expiry of the legal deadlines provided for the exercise of rights, or for the time necessary to manage and close the file; in the case of exercising the rights provided for by the GDPR, the data will be processed until the data controller certifies that it has fulfilled the request or fulfilment itself.
7. Processing of data by eCommerce Outsourcing for the purpose of ascertaining, exercising or defending a right in relation to purchases on the Website
eCommerce Outsourcing in the case of a purchase on the Website, will retain users' data for the establishment, exercise or defence of a right in all competent fora. The legal basis for this processing is legitimate interest (Art. 6.1.f GDPR).
It is the legitimate interest of the data controller to pursue remedies to ensure compliance with its contractual rights or to demonstrate that it has fulfilled its obligations arising from the purchase contract on the Website. This legitimate interest is based on the constitutionally protected right of defence and can therefore be considered to prevail over the fundamental rights and freedoms of the data subject.
The user has in any case the right to object for reasons related to his/her personal situation, to the processing of data relating to him/her for this purpose, by writing to eCommerce Outsourcing at the address via Sesia 5, 20017 Rho (MI), or at the e-mail address ordini@terashop.it
Further information
The User is informed that eCommerce Outsourcing will keep the data for the purpose of proof of fulfilment of the purchase contract on the Website and/or to initiate or respond to actions related to that contract; for this purpose, the data will be kept for 10 years from delivery of the product or from the termination of the contract, in case of non-delivery of the product. In the event of exercising the rights provided for by the GDPR, the data will be retained for 5 years from the date of acknowledgement of the data subject's request.
The provision of data for this purpose is optional: there is no legal or contractual obligation for the data subject to provide the data for this purpose.
8. Categories of entities to whom eCommerce Outsourcing communicates the user's personal data (recipients)
The entities to which eCommerce Outsourcing communicates the data act as data processors designated by eCommerce Outsourcing ("Data Processors") or as persons authorised to process personal data under the direct authority of eCommerce Outsourcing ("Processors"), or in the case of third parties that the Data Processor uses, as "Sub-Processors", pursuant to art. 28.4 of the GDPR, except in cases where the Recipient acts (also) as an autonomous data controller, such as, for example, in the case of couriers.
Further information
The personal data provided by the user when making a purchase on the Website may be communicated by eCommerce Outsourcing to the categories of recipients indicated below.
- companies of the group to which eCommerce Outsourcing belongs and/or employees and/or collaborators of eCommerce Outsourcing for the performance of administration, accounting and IT and logistics support activities;
- to all those entities (including public authorities) that have access to personal data by virtue of regulatory or administrative measures;
- companies, consultants or professionals that may be entrusted with the installation, maintenance, updating and, in general, the management of eCommerce Outsourcing hardware and software, including, cloud computing service providers;
- to companies or Internet providers entrusted with sending documentation and/or soft-spam e-mails;
- to all those public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Labour Offices, etc.), if the communication is necessary or functional to the correct fulfilment of contractual obligations undertaken in relation to the services on the Website, as well as obligations arising from the law or in the case of ascertainment, exercise or defence of a right.
The list of recipients is available at the headquarters of eCommerce Outsourcing.
Data concerning users will not be disseminated.
9. Transfer to third countries
Customer personal data collected in connection with a purchase on the Website are not transferred to third countries.
10. Rights of the data subject
The data subject has the right to:
- request the Data Controller to confirm whether or not personal data relating to him/her are being processed and, if so, to obtain access to the personal data (right of access); obtain from the Data Controller the rectification of personal data relating to him without undue delay. Taking into account the purpose of the processing, the data subject shall have the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration (right of rectification); to obtain from the Data Controller the erasure of personal data concerning him/her without undue delay, except in the case of legitimate cases of exemption (right of erasure);
- obtain from the Data Controller the restriction of processing when one of the following applies (right of restriction):
- The data subject contests the accuracy of personal data for the period of time necessary for the data controller to verify the accuracy of such personal data;
- The processing is unlawful and the data subject objects to the erasure of personal data and instead requests that their use be restricted;
- Although the data controller no longer needs the data for processing purposes, the personal data is necessary for the data subject to establish, exercise or defend a right in court;
- The data subject has objected to the processing in the event of processing based on legitimate interests of the data controller, for reasons related to his/her particular situation, pending verification of whether the data controller's legitimate interests prevail over those of the data subject;
- by the Data Controller in a structured, commonly used and machine-readable format, personal data concerning him/her and has the right to transmit such data to another data controller without hindrance (right to data portability);
- lodge a complaint with a supervisory authority (e.g., Data Protection Authority) if he/she considers that processing concerning him/her violates the GDPR.
- object, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her, the legal basis of which is the legitimate interest of the Data Controller (right to object). In the event that the right to object is exercised, the Data Controller shall refrain from further processing the personal data, unless he/she demonstrates the existence of compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment or defence of a legal claim.
The rights referred to in this section may be exercised by making a written request to the Data Controller at the address via Sesia 5, 20017 Rho (MI), or at the e-mail address ordini@terashop.it.
11. Amendments
The Data Controller reserves the right to make amendments to this policy at any time, giving appropriate notice to users of the Website and ensuring in any cases adequate and similar protection of personal data. In order to view any amendments, users are requested to consult this notice regularly.