Privacy protection
privacy information pursuant to EU regulation 2016/679 and granting of consent
Dear user
Below is the information pursuant to articles. 12, 13 and 14 of the GDPR – REGULATION (EU) 2016/679, as completed by Legislative Decree 101 of 2018, relating to the processing of personal data (GDPR) provided by the Customer/interested party through the compilation and signing of the relevant modules/forms to the purchase of products/services offered by the Data Controller, as well as when visiting the Site, using software/applications, registering for events, and interacting with users with the services and features of the Site.
* * * * * * *
1. Identity and contact details
We inform you that the "Data Controller" of the processing is Cotton candy of Chiara Cavagna , registered office in locality. Saint Lucia n. 6, 38061 Ala (TN), operational headquarters in Via Marconi n. 2, 38061 Ala (TN), tax code CVGCHR86M60H612Z, VAT number 02469240226, privacy contact Ms Chiara Cavagna. The following contact details are reported: telephone 3519955743; e-mail address sugar.filato.ala@hotmail.com, customer support sugarfilato.associazioneclienti@hotmail.com; certified email inbox (PEC) sugar.filato_cavagna@pec.it
2. Purpose of data processing and legal basis of processing, purpose limitation and data minimization
The processing of your personal data is aimed solely at providing the provision of services referred to in the corporate purpose (retail trade of men's, women's and children's clothing and footwear), communications without commercial and commercial purposes only with specific consent, user profiling and similar always inherent to the aforementioned purposes referred to in the corporate object only with consent, duly collected in the forms permitted by the means of sale (store or online shop). It is specified that the Data Controller will comply with the principle of limitation of the purpose of the processing and that any processing subsequent to the initial ones will not have a purpose incompatible with the original one.
The provision of common identifying personal data is strictly necessary for the purposes of carrying out the activities referred to in the previous point. The personal data that the Data Controller processes are collected directly by the same as Data Controller from the Customer/interested party at the time of registration and while browsing the Site or using applications/social media or web, or, also through its collaborators on the occasion of, or subsequent to, the signing of the registration and during its execution
3. Accuracy
The Data Controller will keep your data updated by deleting them at your request, except as provided therein, and promptly rectifying inaccurate data, following exercise of this right by the interested party.
4. Limitation of storage - duration of treatment
The data will be stored in a form that guarantees your identification for a period of time not exceeding the achievement of the purposes referred to in point 2, as well as in application of the relevant tax legislation.
5. Integrity and confidentiality
In order to guarantee adequate security of the data processed, including the protection of the same from unauthorized or illicit processing or from loss-destruction or accidental damage, the following measures are implemented: backup of the data stored in computer format at least annually; IT accesses tracked via username And password modified on a regular basis at least annually; use of programs software only fired; use of licensed antivirus only; paper archive of data accessible only by those in charge of processing formally designated to process them; written presentation of the data access methods; archive of sensitive data with controlled access.
6. Data processing methods
-
The processing is partly on paper and partly electronically and is carried out by means of the operations or complex of operations of collection, recording, organisation, conservation with the duration limits indicated above and subsequent paper and/or electronic archiving with the possibility of access and consultation only to those in charge of processing regulated in writing.
-
The operations can be carried out with or without the aid of electronic or automated tools and all appropriate technical and organizational measures will be implemented in order to guarantee security and protection of the data such as passwords access to the data held only by those in charge of processing (modified on a regular basis at least annually) and system application to prevent unauthorized third parties from accessing the databases
-
Archives containing sensitive data will be protected by key lock and accessible only by authorized personnel, with written records of each access.
-
The subjects who can access the premises outside closing hours are specifically identified and registered: the list can be requested from the Owner or the relevant person in charge.
7. Data Processor pursuant to art. 29 GDPR
The data is processed within the organization by authorized data processing entities under the responsibility of the Data Controller for the purposes indicated above.
8. Data Controller pursuant to art. 28 GDPR
The data may be communicated to external data processors who have stipulated specific agreements, conventions or memoranda of understanding, contracts with the data controller.
The data may be communicated, by way of example and not exhaustively, to the following categories of recipients: consultants, other suppliers and service providers (accountant, employment consultant, training and certification consultants, lawyers and legal consultants, system administrator, consultants IT, insurer and brokers), whose references may be requested from the Data Controller.
9. Data communications and provision of data
We inform you that the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, in order to be able to use the services offered by the Data Controller identified in point 1.
Failure to provide the data will not allow the interested party to proceed with completing the procedure.
10. Dissemination of data.
Personal data are not subject to disclosure, except as expressly authorized in the consent and as strictly necessary for the activity referred to in point 2.
11. Transfer of data abroad.
Personal data will not be transferred to European Union countries and to countries outside the European Union.
Taking into account the state of the art and costs of implementation, as well as the nature, object, context and purposes of the processing, as well as the risk, in terms of probability and severity, for the rights and freedoms of natural persons , the Data Controller adopts technical and organizational measures deemed appropriate to guarantee a level of security appropriate to the risk.
12. Rights of the interested party.
We wish to inform you that the EU Regulation 2016/679 and the Legislative Decree 101 of 2018 in completion regarding General Data Protection Regulation The they confer specific rights to be exercised on your personal data, including the right to ask the Data Controller for processing access to personal data and the rectification or the cancellation of the same or the limitation of the processing of personal data concerning you or the right to oppose for legitimate reasons to their processing. The right to portability of data, understood as the right to receive the data concerning you in a structured format of common use and intelligible by automatic device and the right to transmit such data to another data controller without impediments. The right to obtain the direct transmission of personal data from the Data Controller to another Data Controller if technically feasible.
16. Legitimate interests of the Data Controller
The legitimate interests of the data controller or third parties may constitute a valid legal basis for the processing, provided that the interests or fundamental rights and freedoms of the interested party do not prevail. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the data controller and the data subject, for example when the data subject is a client of the data controller. In particular, it constitutes the legitimate interest of the Data Controller to process the user's personal data: for the purposes of carrying out institutional activity safely, for direct marketing purposes towards existing users (via e-mail, also after direct profiling to personalize communications commercial, for products/services similar to those purchased previously), to ensure the free circulation of the same data within the Data Controller's infrastructures, including IT infrastructures, or relating to traffic, in order to guarantee the security of the networks and information, i.e. the ability of a network or system to resist unexpected events or illicit acts that could compromise the availability, authenticity, integrity and confidentiality of data.
17. Cookies
For more information on the cookies used by this website, see the cookies policy below link .