Privacy Policy

PRIVACY POLICY

INDEX:

1. Introduction
2. DATA CONTROLLER AND CONTACT DETAILS
3. INTERESTED
4. PURPOSE, CATEGORIES OF DATA AND LEGAL BASES
5. DATA RETENTION TIME
6. OPTIONAL/MANDATORY PROVISION OF DATA
7. AUTHORISED TO PROCESS DATA AND OTHER RECIPIENTS
8. DATA TRANSFER ABROAD (EXTRA-EU OR EEA)
9. RIGHTS EXERCISABLE BY PROVIDERS ON PERSONAL DATA
10. RIGHT OF OBJECT
11. RIGHT TO WITHDRAW CONSENT
12. COMPLAINT

 

1. Introduction

This Statement, in accordance with the provisions of Regulation (EU) 679/2016 on the protection of personal data (“GDPR”), is intended to inform all customers (even potential) of the online shop (“Shop online”) hosted on the website www.thezazu.it (“Site”) about the processing of their personal data (“Data”).

2. DATA CONTROLLER AND CONTACT DETAILS

1. DUCCETTI since 1972 di Luciana Duccetti (“Titolare”), Partita Iva 01761860475, Via Guglielmo Marconi n.884/D, 51036 Larciano (PT);

• Sito: thezazu.it;
• email: info@thezazu.it.

3. INTERESTED

Natural persons who maintain relations with the Owner as users and (also potential) customers of the online shop (“Interested”).

For the treatment of cookies, the Owner refers to the cookie policy available on the Site.

4. PURPOSE, CATEGORIES OF DATA AND LEGAL BASES

PURPOSES OF THE PROCESSING :	Categories of personal data:	Legal bases:
a. to manage the operations necessary for carrying out the pre-contractual measures in favour of potential Customers, to enable customers to make purchases on the Online Shop, to pay and obtain the corresponding invoice/receipt, to receive the products purchased, as well as exercise the right of withdrawal and warranty.	– Identification data (name, surname, tax code) – Shipping, delivery and contact details (telephone numbers, email/PEC and civic addresses) – Payment and bank details (IBAN) – billing data (VAT number, company name or business name)	– execution of pre-contractual measures and obligations (Article 6.1.b. GDPR) – compliance with legal obligations (Article 6.1.c. GDPR)
b. create your own user profile (“Profile”) on the Online Shop to enjoy more features than unregistered users	– identification data (name, surname, nickname) – contact details (email address)	– consent (Article 6.1.a. GDPR)
c. send informative, promotional and commercial communications – including coupons and discount vouchers – by email, to subscribers to newsletters and/or through the personal area on the Profile	– identification data (name, surname, nickname) – contact details (email address)	– consent (Article 6.1.a. GDPR)
d. send to the email addresses provided by the Customers informative, commercial and promotional communications concerning the service already provided and/or the products already purchased under a previous business relationship (“Soft Spam“), unless the Customers disagree (“Opt-out”).	– email	– legitimate interest (Article 6.1.f. GDPR)

 

The Owner does not use the customer segmentation function that the provider of the WordPress-WooCommerce platform on which the Online Shop is developed makes available without the possibility to deactivate it.

 

5. DATA RETENTION TIME

The Customer Data necessary to perform the purpose referred to in point 4.a of the Information are processed by the Controller for the duration of the contractual relationship and, except for the Data that must be retained on the basis of legal obligations (for example, invoices and other documents required for accounting records), are deleted after the termination of the relationship, at the expiry of the prescribed time limits provided for by the applicable legislation.

The Profile (point 4.b) can be deleted using the settings available on your personal area.

The data processed for the promotional purposes referred to in point 4.c. are processed until the consent is withdrawn.

The data processed for the purpose of soft spam (point 4.c of the Information) are processed until the exercise of the right of opt-out by the customers, and in any case deleted after 24 (twenty four) months from the last purchase made by the customer, without prejudice to further storage and use within the scope of purpose 4.a of the Policy.

The possible institution of a trial before the judicial authorities or any negotiations/ agreements of an extrajudicial nature in progress between the Data Controller and the Data Subjects, involve the extension of the above-mentioned time limits and data retention criteria until the dispute is settled.

The deletion/anonymisation of the Data takes place on the occasion of the first periodic deletion/anonymisation procedure following the expiry of the respective retention periods as determined above.

6. OPTIONAL/MANDATORY PROVISION OF DATA

The provision of the data referred to in point 4.a of the Information is necessary to allow the Owner to comply with its legal obligations and contractual obligations, or to respond to pre-contractual requests. Any refusal to provide the data, in whole or in part, will not allow the Owner to respond to the request, to execute the contract and/ or comply with legal obligations.

The data referred to in points 4.b and 4.c of the Information are essential for the purposes of creating the profile (point 4.b) and promotional (point 4.c), which is subject to the will of the interested parties.

The purpose referred to in point 4.c is Data freely provided by the Customer in connection with a previous service and/or product purchased and/or requested from the Controller.

7. AUTHORISED TO PROCESS DATA AND OTHER RECIPIENTS

1. the data controller’s staff (employees/collaborators), specifically authorised and instructed on the processing of Data;
2. external entities, belonging to the following categories: (i) service providers on which the Online Shop is developed (WordPress-WooCommerce); (ii) IT infrastructure development, management, support and maintenance providers; (iii) management software providers, applications, hardware and related assistance/maintenance; (iv) couriers delivering and/or collecting products; (v) providers of connectivity and e-mail services and related support/maintenance; (vi) legal, accounting and tax advisors; (vii) providers of payment systems available on the Online Shop; (viii) credit and insurance institutions; (ix) Authorities and public bodies, even outside the purposes for which the Data were originally collected.

 

8. DATA TRANSFER ABROAD (EXTRA-EU OR EEA)

The online shop is developed on WordPress-WooCommerce, a service provided by WooCommerce, Inc.. companies based in San Francisco, CA 9411, the country to which the transfer of personal data takes place on the basis of an adequacy decision taken pursuant to Article 45 of the GDPR.

Some providers of the IT solutions used by the Data Controller are located in the United States (for example, Google, Microsoft and PayPal). The use of these solutions involves the transfer of data in the United States, the country to which transfers of personal data are guaranteed by the adequacy decision adopted by the European Commission

Apart from the above transfers, there is no further transfer of data outside the European Union or the European Economic Area (EEA). If such a need arises, the transfer shall in any case be made after verification of compliance with the provisions contained in articles 44 et seq. of the GDPR and prior communication regarding the third country of destination of the data and its safeguard mechanism for such processing.

9. RIGHTS TO PERSONAL DATA

The data subjects, using the contact details referred to in point 2, may exercise the following rights:

• the right to be informed about the processing and access to Data (articles 12, 13, 14 and 15 GDPR);
• right to rectification and correction of Data (article 16 GDPR);
• the right to request the deletion of Data (article 17 GDPR);
• the right to request a restriction of processing or to object to it (Articles 18 and 21 GDPR);
• the right to be notified in case of correction/limitation/deletion (Article 19 GDPR);
• the right to data portability (Article 20 GDPR).

 

10. RIGHT OF OBJECT

In the same manner as provided for in the previous point, the Data Subjects may object, in whole or in part, to the processing of the Data, where the relevant legal basis is constituted by the legitimate interest of the Controller, pursuant to Article 21 GDPR.

 

11. RIGHT TO WITHDRAW CONSENT

The consent given by the data subjects is always freely revocable. The exercise of the right to withdraw consent by the Data Subjects will oblige the Controller to cease processing (for example, not sending more marketing communications or deleting the Profile).

 

12. COMPLAINT

Anyone who believes that the processing of data concerning him is carried out in violation of the GDPR, in accordance with what is established by article 77 of the GDPR, you may file a complaint with the supervisory authority of the place where you are usually resident or work, or with a supervisory authority where the alleged data breach occurred. For more information, the link to the website of the Italian Garante is as follows: https://www.garanteprivacy.it/.