Privacy policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 EU REGULATION 2016/679
Website
October 2023 edition
1. DATA CONTROLLER
1.1. The data controller is CASSETTI GIOIELLI S.R.L. with registered office in Milan 20122 Via Fontana 5.
1.2. Contact details: a) telephone: 055287361; b) e-mail: info@cassetti.it
2. PURPOSE, LEGAL BASIS OF THE PROCESSING, NATURE OF THE PROVISION, PERSONAL DATA PROCESSED AND STORAGE PERIOD
2.1. In this paragraph, in relation to each purpose, the following will be indicated: the personal data processed, the legal basis of the processing, the nature of the provision and the retention period.
A. Website navigation. Personal data processed: personal data transmitted implicitly during the use of internet communication protocols (IP, domain names of the computers used to connect to the site, addresses in URI - Uniform Resource Identifier - notation of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response to the server and other parameters relating to the operating system and the user's IT environment). Purpose: to allow navigation and consultation of the website. Legal basis: art. 6.1 letter f) GDPR as the processing is necessary for the pursuit of the legitimate interest of the owner. Nature of the provision: necessary to be able to browse the website. Retention period: the entire duration of the browsing session in relation to the data collected during it and for a maximum period of seven (7) days, without prejudice to a further period if necessary to ascertain responsibility for any computer crimes
B. Requests for assistance or information. Personal data processed: name, surname, e-mail address, telephone number and other information that you may voluntarily transmit to us (e.g. information on the product purchased or to be purchased) in addition to that relating to browsing the website. Purpose: to respond to requests for assistance or information that we receive. Legal basis: art. 6.1 letter b) GDPR as the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted upon requests of the same. Nature of the provision: necessary to be able to make requests for assistance or information. Retention period: for the entire duration necessary to respond to your requests for assistance or information and in any case for a maximum period of three (3) years once we have responded to your requests.
C. Registration in the reserved area. Personal data processed: name, surname, tax code, address, e-mail address, telephone number, password. Purpose: registration in the reserved area of the website. Legal basis: art. 6.1 letter b) GDPR as the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted upon requests of the same. Nature of the provision: necessary to register on the website. Retention period: your personal data will be retained for as long as you remain registered in the reserved area, and in any case for a period of ten (10) years for administrative and accounting purposes.
D. Purchase of products and services and related delivery. Personal data processed: data necessary for processing and conclusion of the order, delivery and after-sales customer service, such as: name, surname, shipping address, e-mail address, telephone number and other information that may be necessary to fulfill the delivery of the product or provision of the service. Purpose: receive and manage orders, provide services and deliver the requested products, manage payments and strictly related activities. Please note that in the event of a purchase, the data will be transmitted to the company that owns the brand of the product purchased which will act as independent data controller and to whose information please refer. Legal basis: art. 6.1 letter b) GDPR as the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted upon requests of the same. Nature of the provision: necessary for the purchase of products and services. Retention period: for the entire duration of the management of the order and related delivery and for ten (10) years from delivery of the product or provision of the service for administrative and accounting purposes.
E. Legal obligations. Personal data processed: the same collected during the purchase of products and services and related delivery/supply. Purpose: to fulfill legal, accounting and tax obligations connected to the sale of products and services. Legal basis: art. 6.1 letter c) GDPR as it is necessary to fulfill a legal obligation to which the data controller is subject. Nature of the provision: Once the data has been provided for the purchase of products and services, the same will also be processed for this purpose. Retention period: ten (10) years from delivery of the product or provision of the service for administrative and accounting purposes, without prejudice to a further period of time imposed by law.
F. Sale of products or services similar to those purchased. Personal data processed: name, surname, e-mail address and information relating to previous purchases. Purpose: exclusively via e-mail, to promote products or services similar to those purchased by you unless you have objected to such processing initially or on the occasion of subsequent communications pursuant to art. 130 co. 4 Legislative Decree 196/2003 as amended by Legislative Decree. 101/2018. By similar products we mean those that have similar characteristics to those purchased or in any case attributable to the same type of product. The interested party is informed, at the time of collection (with this Information) and at the time of sending any communication made for this purpose, of the possibility to object to the processing at any time. This right can be exercised not only by clicking on the appropriate link contained in the promotional emails, but also by sending an email to info@cassetti.it in which you indicate your wish not to receive further communications. Legal basis: legitimate interest of the owner pursuant to art. 6.1 letter f) GDPR and art. 130 co. 4 Legislative Decree 196/2003. Nature of the provision: the processing will take place under the conditions just described, once the e-mail address has been provided, exclusively if you have not initially objected. However, you may object in subsequent communications. Conservation period: until you object to processing pursuant to art. 21 GDPR and art. 130 co. 4 Legislative Decree 196/2003.
G. Subscription to the newsletter. Personal data processed: name, surname, e-mail address. Purpose: to receive news on products, including non-similar ones, services and activities of the owner (e.g. organization of events). Legal basis: your consent pursuant to art. 6.1 letter a) GDPR. You can revoke your consent at any time by writing to info@cassetti.it or by clicking on the appropriate link contained in promotional emails. The revocation of consent does not affect the lawfulness of the processing based on consent before the revocation. Nature of the provision: optional, and does not affect the other processing purposes. Retention period: until your consent is revoked.
H. Fraud prevention. Personal data processed: behavior on the website, including IP addresses. Purpose: security and prevention of fraudulent conduct, for which the owner uses an automatic control system which involves the detection and analysis of user behavior on the site associated with the processing of personal data, including the IP address. Legal basis: art. 6.1 letter f) GDPR as the processing is necessary for the pursuit of the legitimate interest of the owner. Nature of the provision: necessary to be able to browse the website. Retention period: seven (7) days, unless an anomaly occurs. In this case, the data will be kept until the behavior is ascertained and, in the case of legal action, until the end of the action.
2.2. In relation to cookies, please read the cookie policy available on this website.
2.3. Your personal data may be processed, if necessary and following its provision for the aforementioned purposes, to ascertain, exercise or defend a right in court, on the basis of the legitimate interest of the data controller (art. 6.1 letter f ) GDPR).
3. ANY RECIPIENTS OF THE DATA
3.1. To provide the requested services, the data controller may entrust your personal data to various service providers with whom he has drawn up a specific contract aimed at protecting his personal data and complying with the legislation on the protection of personal data.
3.1.1. These are subjects identified as data controllers pursuant to art. 28 GDPR to which the owner has entrusted, but is not limited to, the following services: a) creation, management and maintenance of the website; b) strategic marketing consultancy; c) user and customer database management; d) newsletter service; e) technical maintenance activities (including maintenance of network equipment and electronic communications networks); etc.
3.2. The owner may need to communicate his personal data to third parties for other purposes such as, for example, shipping couriers, consultancy in specific matters (privacy), legal actions, company that owns the brand of the product purchased, etc.
3.2.1. These subjects may process, depending on the case, your personal data on the basis of a specific assignment pursuant to art. 28 GDPR - therefore following the instructions and directives provided by the owner - or as independent data controllers - to whose information please refer.
3.3. In relation to payment, following the chosen method it may be necessary to transfer personal data to the provider of the chosen service and to the subjects to whom communication is necessary to allow the conclusion of the transaction.
3.3.1. These will act as independent data controllers and for whose information please refer to the relevant websites
3.4. The owner may communicate his personal data to subjects, bodies or authorities to whom communication is mandatory pursuant to legal provisions or orders of the authorities.
3.4.1. These subjects will operate as independent data controllers.
3.5. Your personal data may be processed by people authorized by the owner to process pursuant to art. 29 GDPR, who are committed to confidentiality or have an adequate legal obligation of confidentiality, such as employees of the owner.
3.6. The complete list of data controllers is available by sending a request to the owner at one of the contact points indicated in this information.
4. DATA TRANSFERS TO NON-EU COUNTRIES
4.1. The management and storage of personal data carried out by the owner will take place:
a) on servers located within the European Union of the owner and/or companies designated as Data Processors;
b) on servers located outside the European Economic Area (EEA), in compliance with the provisions of the GDPR.
4.1.1. The list of these countries can be requested from the owner at one of the contact points above.
5. RIGHTS OF THE INTERESTED PARTY AND COMPLAINT
5.1. In relation to the data themselves, the interested party, or a person delegated in writing, can exercise the following rights, also by writing to the contact points of the owner indicated in this information: a) the right of access pursuant to art. 15 GDPR; b) the right of rectification pursuant to art. 16 GDPR; c) the right to be forgotten pursuant to art. 17 GDPR; d) the right to limit processing when one of the hypotheses provided for by the art. 18 GDPR; e) the right to receive certification that the operations carried out pursuant to articles. 16, 17 and 18 GDPR have been brought to the attention of those to whom the data have been communicated, unless this proves impossible or involves a disproportionate effort (art. 19 GDPR); f) the right to data portability pursuant to art. 20 GDPR; f) the right to object to the processing of personal data pursuant to art. 21 GDPR; g) the right not to be subjected to a decision based solely on automated processing pursuant to art. 22 GDPR; g) the right to withdraw consent at any time pursuant to art. 7 GDPR; h) the right to lodge a complaint with a supervisory authority pursuant to art. 77 GDPR.
5.2. Consent may be revoked at any time, according to the methods described in this information; the revocation of consent does not affect the lawfulness of the processing based on consent before the revocation.
6. FURTHER INFORMATION
6.1. Changes to this information will be published in this section.
6.2. The owner remains available for any clarification needs.
6.3. Given that the purchase of products made from this website is reserved for adults, the person exercising parental authority, if he/she believes that the minor has transmitted some personal data to the owner, please contact us at the contact details indicated within of this information.
[] I declare that I have read and understood this information
[] I agree to subscribe to the newsletter