PRIVACY POLICY –  IdressItalian Srl

 

The data controller is Idressitalian S.r.l., whose contact details are given below.

 

*****************

 

 

 

IdressItalian Srl (hereinafter also referred to only as “IdressItalian”) is strongly committed to your privacy and the protection of your personal data. We hereby inform you of the methods and means we use to process your personal data to manage your registration as a user, to purchase products and to answer your questions as well as, if you wish, to send you personalized communications and newletters.

 

This policy applies to www.idressitalian.com website (hereinafter referred to as the “Site“).

 

What Personal Data will we use?

 

You may access the Site without the need to provide any Personal Data. However, the information systems used to manage the Site will, during their normal operations, acquire some Personal Data, the transmission of which is considered as implied in the use of Internet communication protocols. These data are not collected with a view to being associated with identified data subjects, but given their nature they may, through processing and association procedures, allow the individuals who navigate through the Site to be identified.

This category includes, for example, the IP addresses of the computers that connect to the Site, the URL of the requested resources and the time of the request.

These Data are used, on a de-identified basis, for statistical purposes in relation to the use of the Site and to monitor the proper operation of the Site. The Data are erased immediately after processing.

With respect to such Data, no individually identifiable information will be processed.

 

In addition, in order to allow your access to the personal area and fulfill your purchase orders we need to process the Data submitted with the relevant forms (hereinafter referred to collectively as the “Data”), such as:

 

More specifically, we may collect:

·       Browsing data

·       IP address;

·       In the case of purchases: first name and last name, email, telephone number, address, payment methods;

·       In the case of access to restricted area: login credentials (user name and password), first name and last name, email, telephone number, address, payment methods

 

 

With your consent we may acquire additional Data for various purposes specified below, including, more specifically:

 

- information that we may acquire by reviewing your interaction with us, through our Site;

- Your purchasing behaviour, including information about purchases you make; and

- any information you may share through social networks to which you are subscribed.

 

 

This Site uses cookies. For more information about cookies, please view the relevant Cookie Policy [https://www.idressitalian.com/page/cookie-policy].

 

 

For what purposes will we use your Data?

 

Personal data will be processed by the Data Controller using both paper and electronic means and will be stored within its electronic system. In addition, appropriate security measures have been taken to prevent the loss or alteration of data, including accidental, illicit, or incorrect use and unauthorized access.

We will use your Data, including by relying on electronic tools, to:

 

1.         manage registration procedure and activate the user profile, deliver the services reserved for registered users (including therein the management of any orders transmitted, and, more generally, to discharge all related contractual and administrative obligations, in addition to any reviews issued on the products), including the management of the profile by the user himself and service communications relating to the operation and further features / services of the Site,

2.         send the requested newsletter,

3          reply to the requests spontaneously sent by the user,

4.         comply with administrative and other regulations that are mandatory under applicable national law or under any decisions of the European Union,

5.         perform direct marketing activities related to its own products and services similar to those you requested, to the address provided at the time of purchase,

6.         perform direct marketing activities (promotional communications, direct sales offers, surveys and market research, update of the product catalogue,), both through automated tools (SMS, MMS, messaging platforms, e-mail, push notifications) and through traditional channels (paper mail, telephone call with operator),

7.         perform direct marketing activities with profiling related to direct marketing based on your purchasing and consumption preferences and behaviours or propensities, and the ways in which you interact with us. In particular, with a view to gaining a better understanding of your tastes and interest in our products and communications, we may review - including through the use of electronic tools - the information you provided in your order forms, your interest with respect to the communications we send you, your interaction with the Site, and your interest in our social channels,

8.         enforce or defend a right .

 

 

On what legal grounds will we use your Data?

 

- for the purposes referred to in points 1. to 3. of the "Purposes of data processing", the legal ground is provided by Article 6(1)(c)  of the GPDR that allows the processing when it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. In this case, to enable the user to obtain the services offered by IdressItalian and, therefore, to fulfill a request made expressly by the user,

- for the purposes referred to in point 4., the legal ground is provided by Article 6(1)(c) of the GDPR that allows the processing when it is necessary for compliance with a legal obligation to which the controller is subject,

- for the purposes referred to in point 5., the promotional contacts by e-mail, carried out in respect of customers are supported by the legal ground provided by art. 130, paragraph 4, d. lgs 196/2003 as amended by d. lgs 101/2018, which allows the sending of e-mails aimed at the direct sale of products similar to those purchased to the e-mail address given in the purchase process, with the right of the customer to object to such mailings, at any time. Similarly, it applies regarding the sending of promotions and direct sales proposals to the customer's postal address in accordance with the provisions of the Garante's order on "Simplifications of certain fulfilments in the public and private sphere with respect to processing for administrative and accounting purposes" of June 19, 2008,

- for the purposes referred to in points 6. and 7., "Purposes of data processing", the legal ground for processing is the consent given by the data subject (Article 6, paragraph 1, letter (a, GDPR),

- for the purposes referred to in 8. above, the legal ground is the "legitimate interest" (Art. 6, para. 1(f), GDPR, Recital C47, GDPR and Opinion 09 April 2014, No. 6 of Working Party 29, para. III.3.1.) of IdressItalian or a third party to protect its rights.

 

What are the criteria of data collection and the place of data processing?

 

The enquiry and/or registration form provide for both data that are strictly necessary to sent you the information or services you requested, and optional data. When the Data are necessary to sent you the information or services you requested, they are, normally, indicated by asterisk. While providing your Data is optional, your refusal to do so, whether partly or wholly, may prevent us from fulfilling your requests as appropriate.

The processing operations related to the web services of this Site take place at the headquarters of IdressItalian and are carried out by personnel authorized to do so. In case of necessity, personal data collected through the Site may be processed by the staff of third-party companies that maintain the technological part of the site at their own premises, as well as by other entities located mainly within the European Union, carefully selected and appointed as data processors pursuant to art. 28, GDPR.

 

What are the criteria used to define the limit of data retention?

 

The Data will be processed for a period of time strictly necessary to achieve the purposes for which they were collected and in compliance with the applicable regulations.

 

The rules defined by the Data Controller to establish the data retention policy are below indicated:

 

- for the purposes mentioned in point 1. above, the Data will be processed for the period necessary for the finalization of the registration to the personal area and until the user is registered and he will use the relevant services. In addition, the Data will be processed for a time period necessary to fulfil the purchase order or to perform pre-contractual obligations, at all stages, from the purchase order until its delivery (e.g.: payments and reminders, refunds, returns, communications on the progress of the order, issuance of purchase receipts and delivery notes), as well as for the management of any requested sent or review published by the user.

- For the purposes under point 2. above, the Data will be processed until the user unsubscribes or cancels his/her subscription to the newsletter.

- For the purposes mentioned in point 3 above, the data will be processed as long as it is necessary to reply to the requests sent by the user, which may extend over time if the request is not fulfilled at the first contact and requires multiple exchanges of information between the data subject and the Data Controller or where the data subject wishes to ask further questions related to the first request.

- For the purposes illustrated in point 4. Above, the period of data retention is determined according to individual national and EU regulations imposing legal obligations to which the Data Controller is subject. Therefore, for administrative, tax and accounting purposes, the Data will be processed for a period of 10 years.

- For the purposes under point 5. above, the Data will be kept in our archives for the time period necessary to maintain the relationship established with the user and inform him or her of our business activities, allowing idressItalian to continue, legitimately, its marketing and direct sales activities as long as the user is will be interested in our products and services, especially if he or she is a registered or regular customer. Roughly speaking, the data of said data subjects will be processed for a period of two years after the last action taken (e.g., cancellation of registration or since the last order placed). Obviously, this retention period will be interrupted in the moment the user expresses the desire not to receive further information and offers from IdressItalian, communicating it in the manner set forth in the chapter "Rights of Data Subjects with Respect to Data About Them." The Data Controller will take appropriate technical and organizational measures to stop contacting the data subject.

- For the purposes referred to in 6. and 7. above, the data are kept in our archives as long as the user's profile corresponds to the customer contact created through the cross-referencing of the information available to us and, therefore, as long as Idressitalian continues its sales and commercial activities with products, offers, promotions, research and surveys that are deemed to be of interest to the user because they reflect his or her behavioural characteristicand are, therefore, to his or her specific liking. In principle, the information about data subjects behavioural characteristic will be retained for the period of one year from the date of their last action. Retention will cease, even before the retention period described herein, if opposition is expressed at any time to the processing of personal data carried out for profiling related to direct marketing, in the manner described in the chapter "Rights of Data Subjects with Respect to Data About Them." The Data Controller will take appropriate technical and organizational measures to stop contacting the person.

- For the purposes referred to in point 8. above, the Data will be stored in our archives for the period necessary to manage of any legal proceedings or disputes that may arise and within terms imposed by the competent authorities .

 

After the above-mentioned periods have elapsed, the identifying data are transformed into anonymous form and used only for statistical reports that do not allow the identity of the person to be traced but are useful for the purpose of adapting Idressitalian's services, product catalogue and promotional and commercial initiatives. Personal data (identifying the person) will, therefore, be destroyed, unless otherwise ordered by supervisory authorities, law enforcement agencies and the judiciary or to exercise, enforce or defend a right of IdressItalian or a third party in court, as already related above.

 

 

Who will we share your Data with?

Users' Data may be shared to third parties for various purposes. More particular, the various cases involving the communication of Data to third parties are listed below.

- In order to deliver the requested services, the data may be made available to third parties, who will act as independent data controllers, and who provide services instrumental to fulfilling the user's request (for example, issuers of credit cards to handle transactions related to orders). Such communication is permitted, as referred to in "Legal basis for processing," without the consent of the data subject (Art. 6(1)(b) GDPR).

- In order to comply with laws or regulations. Such communication is permitted, as referred to in "Legal basis of processing," without the consent of the data subject (Art. 6(1)(c), GDPR).

- Data may also be communicated to supervisory bodies, police forces and the judiciary to assert or defend Data Controller’s right or a third party's right in court. Such disclosure is permissible without the consent of the data subject under Article 6(1)(f) GDPR, i.e., by virtue of the legitimate interest of the Data Controller or a third party in safeguarding its fundamental rights and freedoms as long as those of the data subject do not prevail.

- It is possible that customers' personal data may be shared to third parties for their independent processing having marketing purposes, but only if the user has given his or her consent.

- For administrative purposes we may disclose your Data to our service providers and related companies for the completion of the sales contract, as well as to other third parties where there is a legal obligation to do so. A complete list of these companies will be made available by sending a written request to the contacts below.

 

How will the transfer of your Data to non-EU countries be regulated?

 

For requirements strictly related to the establishment of pre-contractual measures and possibly for the proper execution of the intercurrent relationship, your personal data may be transferred and/or communicated to other companies in countries outside the EU, and in which case appropriate or adequate safeguards will be taken to protect your rights, as provided by the GDPR. In fact, the transfer will only be possible based on an adequacy decision by the European Commission, or on the basis of appropriate safeguards by the data controller such as legally binding instruments between the parties, Binding Corporate Rules (so-called BCRs), model contractual clauses adopted or approved by the European Commission, Codes of Conduct or Certifications. In addition, the transfer will also be possible, based on the exceptions provided for in Article 49 of the GDPR

 

How do social media interactions work?

 

The users who adhere to IdressItalian's social media pages (fans of the page or subscribers to a group of followers of a given promotional initiative or sales incentive of products or catalogue news of IdressItalian), decide, by this action, to express their interest to receive news, comments, developments of the IdressItalian's social media pages. Such users may lawfully receive promotional messages concerning the topics for which they have manifestly declared - by joining the IdressItalian's social media pages - their interest. Marketing messages concerning a given brand, product or service as sent by the Data Controller the relevant page may be considered to be lawful if it can be inferred unambiguously from the context or the operational arrangements of the user, also based on the information provided, that the user did intend in this manner to also signify his/her intention to consent to receiving marketing messages from IdressItalian. Therefore, in accordance with the provision of the Italian Supervisory Authority guidelines on promotional activities and the action against spam of July 04, 2013, No. 330, the Data Controller may contact the active members of its social pages in order to send messages of an informative and promotional nature on initiatives, services, events and direct sales activities and promotions to develop its business.

 

Therefore, if the user unsubscribes from the group or stops "following" the brand or personality or exercises the right to object to the processing of data for promotional purposes, the Data Controller may process the data for such promotional and institutional activities, only with the user's consent.

 

What rights are you entitled to?

 

You have the right to request access to, rectification or erasure of your Data, restriction of processing and object to the processing of your Data by us, as well as the right to request the delivery of some of such Data.

 

Data subject’s rights:

 

Right of access

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a) The purposes of processing;

(b) The categories of personal data concerned;

(c) The recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients of third-party countries or international organisations, with confirmation as to whether adequate safeguards are in place;

(d) Where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;

(e) The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing;

(f) The right to lodge a complaint with a Supervisory Authority;

(g) Where the personal data have not been collected from the data subject, any available information on their source;

(h) The existence of an automated decision-making process, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her and, at least in those cases, meaningful information about the rationale, the significance and the envisaged consequences of such processing for the data subject.

 

 

Right to rectification

The data subject has the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning him or her.

 

Right to erasure (‘right to be forgotten’)

The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay and the data controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) The data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;

(c) The data subject objects to the processing and there are no overriding legitimate grounds for the processing;

(d) The personal data have been unlawfully processed;

(e) The personal data have to be erased for compliance with a legal obligation under the European Union or Member State law to which the data controller is subject.

 

Right to restriction of processing

The data subject has the right to obtain from the data controller restriction of processing where one of the following applies:

(a) The accuracy of the personal data is contested by the data subject. Data processing will be restricted for a period enabling the data controller to verify the accuracy of such personal data;

(b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use;

(c) The data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) The data subject has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject.

 

Right to object

The data subject has the right to object at any time to the processing of personal data concerning him or her which is based on the data controller’s legitimate interest, including profiling. The data subject has the right to object at any time to the processing of personal data concerning him or her for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

 

Right to data portability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the:

(a) Processing is based on consent or on a contract; and

(b) Processing is carried out by automated means.

In exercising his or her right to data portability, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible.

 

How to contact IdressItalian in order to exercise your rights

 

You may exercise your rights by writing to the data controller, MotorK Italia s.r.l. and/or the Data Protection Officer to the following addresses:

 

Idressitalian s.r.l.

in via San Marco 21

20121, Milano, P.IVA: 10019240968

Italia

Email: [email protected]

PEC: [email protected]

 

How to contact the relevant Supervisory Authority to lodge a complaint

 

Any complaints may be submitted to your local data protection authority or, if you prefer, to the Italian Data Protection Authority:

 

Garante per la Protezione dei Dati Personali [Authority for the Protection of Personal Data]

Piazza di Venezia n. 11

00186 Roma

ItalyFax: (+39) 06.69677.3785

Telephone: (+39) 06.696771

Email: [email protected]

Certified email: [email protected] 

 

 

Changes to this Privacy Policy

 

This Privacy Policy may be subject to changes and updates. Any such changes will ensure that your rights are fully safeguarded. If changes are made to the effect that the safeguards protecting your Data and your rights may be hindered as compared to the current version, before the processing of your data according to the new method begins you will be promptly informed through the contact details you provided and you will be entitled to exercise your right, at any rate, to change your consents and preference.

In any event, we encourage you to check from time to time the updated Privacy Policy published on the Site: Privacy Policy

 

Last update: 08/30/2022