Splen S.r.l.s., with headquarters at Via G.Ferraris 55, 59100 Prato PO - Italy as controller of the data processing is committed constantly to protect the online privacy of users who use the site www.splenfirenze.com
In general, the processing of any information or Personal Data which you provide or which will be collected in other ways through the website, will be carried out in accordance with the internationally recognized principles of lawfulness, correctness, transparency, limitation of purpose and storage, data minimization, accuracy, integrity and confidentiality and will be finalized to the provision of the services offered on the site itself, to the sale of the Products and to the activation of a newsletter service.
1. HOLDERS OF THE DATA PROCESSING
Splen S.r.l.s., as identified at the beginning of this document, are Data Controllers for all the Personal Data processed through this website. The Splen S.r.l.s. data protection officer ("DPO") is David Gistri and you could contact him at: email@example.com.
2. PERSONAL DATA SUBJECT TO PROCESSING
Following the navigation of the Site, we inform you that the Data Controllers will process your Personal Data, which may be - also depending on your decisions on how to use the Services - an identifier such as your name and surname, an identification number, an online identifier or one or more elements representing your physical, physiological, cultural or social identity, suitable for making yourself identified or identifiable (hereinafter "Personal Data").
Failure to provide certain Personal Data may make it impossible for the website to provide its services. Users are responsible for any Personal Data of third parties obtained, published or shared through this website and confirm that they have the third party's consent to provide the Data to the Owner.
The Personal Data processed through the platform include the following:
a. Name, contact details and other Personal Information
In different sections of the Website, in particular those relating to the creation of a personal account and the subscription to the newsletter, you will be asked to enter information such as Email address, Password, name, surname, date of birth, gender.
b. Special categories of personal data
Some sections of the Website Platform include free fields where you can provide the Owners with certain information, which may contain Personal Information.
Given that these fields are free, you could use them to communicate (voluntarily or not) certain sensitive categories of Personal Data, such as data suitable to reveal racial or ethnic origin, political opinions, religious or philosophical convictions, union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to the health, sexual life or sexual orientation of the person.
The Data Controllers recommend not to provide such Personal Data unless it is strictly necessary.
Indeed, such special categories of Personal Data may be processed only with your explicit consent (given by flagging the relevant box in the form) and in compliance with the pro tempore regulations in force.
Therefore, should you decide to share such information, Data Controllers underline the importance of expressing your explicit consent to the processing of the special categories of Personal Data.
c. Data voluntarily provided by the User
As already mentioned above, in some parts of the Site you can enter text messages or information, visible to the Data Controllers, which may contain Personal Data of third parties.
In this case, you will assume the role of independent data controller, assuming all consequent legal obligations and liability. You accordingly grant full indemnity against all complaints, claims, or requests for damages in consequence of the processing, etc. that the data controller might receive from the third parties whose personal data were processed through your use of the Services in violation of applicable laws and regulations governing the protection of personal data.
In any event, if you provide or otherwise process the personal data of third parties while using the Site, you hereby guarantee - assuming all consequent liability - that this particular instance of processing is based on your first having received the third party's consent to processing of the information that regards him or her.
d. Navigation data
The IT systems and software procedures used to operate the platform gather, during their normal operation, some Personal Data whose transmission is needed while using Internet communication protocols. This information is not collected to be associated with identified parties; however, by their very nature, through processing and association with data held by third parties, they may involve the identification of Users. This category of Personal Information includes IP addresses, or domain names of computers used by Users who connect to the Site, the URI (uniform resource identifier) of the resources requested, the time of the request, the method used in submitting the request, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer framework of the User.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, as well as to identify any anomalies and / or abuses, and are deleted immediately after processing.
The Personal Data may also be used to ascertain liability in case of computer crimes against the platform or third parties.
e. Management and payment data
The management of payment services allow this website to process payments by credit card, bank transfer or other payment methods. The data used for payment are acquired directly by the requested payment service provider.
f. Address management and sending of email messages
These services are managed by Mailup and allow you to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services may also allow us to collect data relating to the date and time the messages are displayed by the User, as well as to the User's interaction with them, such as information on clicks on the links included in the messages.
g. Interaction with social networking sites and external platforms
These services allow interaction with social networking sites, or with other external platforms, directly from the Website pages. The interactions and information acquired by this website are in any case subject to the User's privacy settings related to each social network. If an interaction service with social networking sites is installed, it is possible that, even though the Users are not using the service, the latter will collect traffic data relating to the pages in which it is installed.
Like button and Facebook social widgets (Facebook, Inc.)
The "Like" button and Facebook social widgets are services of interaction with the social network Facebook, provided by Facebook, Inc. Personal data collected: cookies and usage data.
i. Google Analytics (Google)
Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this website, creating reports and sharing them with other services developed by Google. Google may use the Personal Data to contextualize and personalize the advertisements of its advertising network.
Personal data collected: cookies and usage data.
l. Tracking of Google AdWords (Google) conversions
Google AdWords Conversion Tracking is a statistics service provided by Google, Inc. which combines data from the Google AdWords ad network with actions performed within this Application.
Personal data collected: cookies and usage data.
m. Content displayed from external platforms
These services allow you to view content hosted on external platforms directly from the pages of this website and interact with them. In the event that a service of this type is installed, it is possible that, even though the Users are not using the service, the latter will collect traffic data relating to the pages in which it is installed.
n. Youtube Video Widget (Google)
Youtube is a video content visualization service provided by Google Inc. which allows this application to incorporate such contents in its pages. Personal data collected: cookies and usage data.
o. Vimeo, LLC
Display of content from external platforms. Vimeo is a video content visualization service provided by Vimeo, LLC which allows this application to incorporate such contents in its pages.
Personal data collected: cookies and usage data.
3. PURPOSES OF DATA PROCESSING
The Data Controllers will use your Personal Data, gathered through the Platform, for the following purposes:
purchase and delivery of products and services: we use your personal data to receive and manage orders; to provide products and services; to verify your identity and help you, in case you lose or forget the login / password details of your personal account on the platform; to purchase a fidelity card; to send you the newsletter you requested as a Service by registering; to allow you to save your favorite items and provide any service you require;
marketing and remarketing: we use your personal data to show you advertising based on your interests in relation to features, products and services that may interest you; to send you e-mail promotions, SMS, by phone, banners, IM, through the official social media pages of the Data Controllers, relating to products and / or services also referable to third parties;
soft Spam: the processing for this purpose is based on the interest of the owners to send marketing communications via email regarding products and services similar to those you have already purchased through the Site. You can stop receiving these communications, without any consequence for you (except the fact that you will not receive further communications of this kind from the Owners).
compliance: to allow the Data Controllers to comply with legal obligations which require them to collect and / or further process certain types of personal data;
abuse / fraud: to prevent or detect any abuse in the use of the platform, or any fraudulent activity and therefore to allow the Owners to protect themselves in court.
4. LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF DATA PROCESSING
The legal bases used by the Data Controllers to process your Data, according to the purposes indicated in the previous Paragraph 3, are the following:
purchase, delivery and supply of services and products: the processing for this purpose is necessary to provide you with the Services and products and, therefore, to execute the contract with you. It is not obligatory to provide the Data Controller with your Personal Data for this purpose, yet otherwise it will not be possible to provide you with any Service. The same applies to the newsletter service which you may have specifically requested by entering an email address and which you can revoke at any time by following the instructions in Paragraph 7 of this document.
marketing and remarketing: the treatment for this purpose is based on your consent. It is not mandatory to give your consent to the Owners for this purpose and you are free to revoke it at any time without any consequence (except the fact that you will no longer receive marketing communications from the Owners). You can revoke your previously granted consent by following the instructions in Paragraph 7 of this document.
soft Spam: the processing for this purpose is based on the interest of the Owners to send marketing communications via email regarding products and services similar to those you have already purchased through the Site. You can stop receiving these communications, without any consequence for you (except the fact that you will no longer receive communications of this kind from the Owners).
compliance: processing for this purpose is necessary for the Data Controllers in order to fulfill any legal obligations. When you provide Personal Data to the Data Controllers, these shall be processed in accordance with the applicable regulations, which could entail their conservation and communication to the Authorities for accounting, tax or other obligations.
abuse / fraud: the information collected for this purpose will be used exclusively to prevent and / or identify any fraudulent activity or abuse in the use of the Site and therefore allows the Owners to protect themselves in court.
5. PERSONAL DATA RECIPIENTS
Your Personal Information may be shared with the following entities ("Recipients"):
duly appointed data processors (internal and external), that is: i) persons, companies or firms which provide assistance and advice to the Data Controllers in accounting, administrative, legal, tax and financial matters;
owners of websites on the platform;
entities with whom it is necessary to interact for the provision of the Services;
selected individuals authorized to perform technical maintenance activities (including maintenance of network equipment and electronic communication networks);
individuals authorized by the Data Controllers to process the Personal Data necessary to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g. employees of the Data Controllers);
public entities, bodies or authorities to whom it is mandatory to disclose your Personal Data for purposes of Compliance, Abuse or Fraud, or for binding orders of those authorities.
6. RETENTION OF PERSONAL DATA
The Personal Data processed for the purpose of purchase, delivery and provision of services and products will be retained by the Data Controllers for the time strictly necessary for the aforementioned purposes (e.g. for sending the purchased product).
In any case, as such Personal Data is processed to provide you with the Services, the Data Controllers may retain them for a longer time, in particular for as long as it is necessary to protect the interests of the Data Controllers from possible complaints about the Services.
Personal Data processed for the purposes of Marketing and Remarketing will be retained by the Data Controllers unless and until you withdraw your consent.
In any case, we will remind you of the consents you have given us every 24 months. Once the consent is revoked, the Data Controllers will no longer use your Personal Data for these purposes, but may in any case retain them, in particular for as long as it is necessary to protect the interests of the Data Controllers from possible complaints based on such processing.
Personal data processed for the purpose of Soft Spam will be retained by the Data Controllers until you withdraw your consent to the processing through the link at the bottom of each of the Soft Spam emails you receive.
Personal Data processed for the purposes of Compliance will be retained by the Data Controllers for the period provided for by specific legal obligations or applicable regulations.
Personal Data processed in order to prevent Abuse / Fraud will be retained by the Data Controllers for the time strictly necessary to fulfil the aforesaid purposes and therefore until such time as the Data Controllers are bound to keep them for legal protection to communicate said data to the competent Authorities.
7. RIGHTS OF THE USERS
You have the right to request the Data Controllers at any time:
access to your Personal Data, (or a copy of such Personal Data), as well as further information on the processing being carried out on them;
the correction or updating of the Personal Data processed by the Data Controllers, if they are incomplete or out of date;
the cancellation of your Personal Data from the Owners’ databases;
the limitation of the processing of your Personal Data by the Data Controllers;
to obtain the Personal Data concerning you in a structured, commonly used and automatically readable form;
In addition, you can:
object to the processing of your Personal Data by the Owners (e.g. Soft Spam);
withdraw your consent for the purposes of Marketing and Remarketing.
Please note that most of the Personal Information you have provided to the Data Controllers may be changed at any time, by accessing, where possible, to the personal account you have created on the Website.
When requesting the Services, you may have selected the communication channels through which you wish to be contacted for marketing purposes (i.e., phone, text message, email, mail, push notifications, social media).
You can revoke the Marketing-related consent given to each of these communication channels through your personal account on the Site, unflagging the relevant options.
You can also revoke the Marketing-related consent sent via email and stop receiving Soft Spam using the appropriate link at the bottom of each email received. The same procedure can be used to stop receiving the newsletter, if you have requested it as a Service.
In addition to the above, you can exercise your rights by writing to the Owners at the following address: firstname.lastname@example.org
In any case, you are always entitled to lodge a complaint with the competent Supervisory Authority (Personal Data Protection Authority) if you believe that the processing of your Personal Data constitutes violation of the applicable legislation.