Personal data (“Data”) may be defined as any information concerning an individual person which is identified or identifiable (e.g. personal details, phone no. and e-mail address, location data, characteristics relative to physical, physiological, genetic, psychological, economic, cultural or social identity).
Data will only be processed following explicit approval by the user of the Site (“User”) at the time of the voluntary transmission of the Data by the User, solely for the purposes specified in this Policy, in a fair, lawful, correct and transparent manner and in compliance with the current Italian and EU regulations.
1. Data Controller
The Data Controller (“Controller”) is Homemania S.r.l. in the person of the pro tempore legal representative with headquarters in Via Mazzolari, 30 – 25019, Sirmione. The Controller, without affecting the full responsibility in the interests of the User, reserves the right to appoint one or more managers who process the User’s Data on behalf of the Controller. The Controller may appoint as the data manager an individual who provides sufficient guarantees to put into practice technical and organisational measures such as to safeguard the User’s rights.
2. Data and Purposes of the Processing
We automatically collect certain Data.
The User’s Data will be processed in the following cases:
1. Managing and guaranteeing the purchasing request sent by the User using our online Site, including the management of requests for information relative to the products marketed;
2. Managing the registration of the User on the Site;
3. Providing the newsletter service;
4. Carrying out statistical analyses and preparing in-house scheduling/profiling of customers.
In all the above-mentioned cases, the User’s Data which is processed consists in non-sensitive personal information such as, for example, name, surname, residential address, email address and phone no.
For points 1) and 2) the Data will only be processed to allow the User to use the requested service (purchasing of products) and to manage the requests for information or support relative to the products and/or orders (reimbursements, changing products, etc.).
If a credit card is used for making payment, the Data Controller will not have access to this data as the processing is carried out directly by the party providing the financial service.
The Data processed for points 1) and 2) are essential and indispensable in order to provide the requested service. Consequently, if the User does not provide this Data we will be unable to dispatch the product purchased.
The Data will be processed for point 3), after explicit approval by the User, in order to provide a newsletter, which will be sent to the e-mail address provided by the User, in order to provide the User with information regarding news, promotions and events relative to Homemania S.r.l. products.
The Data will be processed for point 4), after explicit approval by the User, for marketing and profiling purposes such as, for example, for analysing the User’s preferences in order to provide a promotional service in line with the preferences expressed during the previous purchases.
The Data will always be processed using electronic tools.
3 Storage and security: where and how will we store your Data?
Any Data collected and processed will be held in a private and protected server located in Italy.
The Data collected through the Site will not be held by the Site Controller but transmitted directly to Homemania S.r.l. who will store the Data in the server referred to above.
The processing will be carried out by means of IT and/or telematic tools, with organisational methods and logics strictly related to purposes indicated in point 2).
The Data are processed in such a way as to guarantee an adequate security and we will adopt technical and organisational measures for their protection which are able to prevent unauthorised or illegal processing, or loss, destruction or accidental damage to the Data.
4. Storage period and duration of processing
The Data collected for points 1) and 2) of section 2 will be held for the time necessary to guarantee the requested service and for a period of time not greater than that required to achieve the aims for which they are processed as specified in point 2) and always provided that these purposes are no longer lawful on the basis of the applicable regulations, unless their retention for a longer period is not provided for by laws in the sector (e.g. fiscal laws) and in any case for the period necessary to demonstrate the correct fulfilment of the service (legitimate interests).
The Data collected for points 3) and 4) of section 2 will be held until the User revokes consent.
5. Disclosure, transmission and transfer of Data to third parties
The Data processed for points 1) and 2) of section 2 will not be communicated or transferred to third parties, unless to parties strictly necessary to perform the service and solely for such purposes (e.g. transport courier).
The Data processed (including IP addresses) for points 3) e 4) of section 2 may be communicated and/or disclosed to third parties for statistical, profiling, commercial, advertising and marketing purposes.
In all cases, the Controller may share the Data acquired with other entities of the Group, who may process the Data within the limits of this Policy and solely for the purposes for which consent has been granted.
6. Disclosure of Data for security reasons
We reserve the right to decipher, conserve and disclose information which we can reasonably consider necessary to (i) satisfy requests from the Public Administration (ii) demonstrate correct implementation of this Policy (iii) resist and prevent fraud or technical problems which are a danger for security (iv) respond to requests for support from the User.
7. Change of Data Controller
In the case of discontinuance of the Data Controller, that is, bankruptcy, transfer to third parties, change of corporate structure and/or ownership, the Data collected will be stored and protected in compliance with the terms and conditions specified in this Policy or deleted.
8. User’s Rights
8.1. Knowledge of the Data
The User has the right, at any time, to obtain confirmation of the existence, or otherwise, of one’s Data, even if not yet registered, and their communication in an intelligible form.
The User also has the right to obtain the updating, correction or, when of interest, integration of the Data and to check the exactness and know the content, origin and duration of the period of storage of the Data.
8.2. Withdrawal of consent and cancellation of Data
The User has the right, at any time, to request and obtain cancellation of Data and to withdraw consent previously granted for their processing, without prejudicing, in the latter case, the lawfulness of the processing based on the consent prior to the withdrawal. The cancellation and withdrawal requests must be addressed to the Data Controller and they must be handled with the same ease and with the same means with which the consent has been granted and the data has been transmitted.
8.3. Portability of the Data
9. Data violations
In the event of a Data violation, the Data Controller notifies the violation to the competent control authority without unjustified delay and in any case within 72 hours from when the Data Controller becomes aware of the violation.
Likewise, if a manager has been appointed and the latter becomes aware of a data violation the manager shall notify the Data Controller without delay, within 72 hours of becoming aware of the violation.
The Data controller shall notify the User of any violations in the case of a high risk for the rights and freedoms of the individual person.
11. Reference regulations