This document is an informative report, provided by the Data Controller pursuant to art. 13 and 14 of the E.U. Reg. No. 2016/679 – General Data Protection Regulation ("GDPR"), which describes the methods of processing the personal data of users browsing the shop.kartos.it; users who send their personal data to the portal for the purpose of carrying out the pre-contractual and contractual activity of sale of the products marketed by the Data Controller; of users who, by giving their consent, adhere to the newsletter service organized by the Data Controller; for marketing and promotion purposes of the products marketed by the Same. Further detailed information can be found on the pages of the sites belonging to the Owner such as: www.kartos.it , – www.toscanacartepregiate.it – in relation to specific services.
The data controller is Toscana Carte pregiate S.R.L.. based in Via Luciano Lama, 101 - 51015, Monsummano Terme (PT) - and which can be contacted at the following ordinary email address: firstname.lastname@example.org and/or registered email address: email@example.com
Type of data processed
The information technology (IT) systems and software procedures responsible for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but which by their very nature could, through processing and associations with data held by third parties, allow users to be identified.
This data category includes the IP addresses or domain names of computers, used by the user, to connect to the site, the Uniform Resource Identifier (URI) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and IT environment.
Browsing data will be collected exclusively in the legitimate interest of allowing the user to use the contents published on the Data Controller's websites and their correct administration and management. This data is used for the purpose of obtaining anonymous statistical information about the use of the site and to check its proper functioning and is deleted immediately after processing. The data in question could be used to ascertain responsibility in case of any computer crimes against our site: without prejudice to this eventuality, data about web contacts are generally not stored for more than seven days.
Data voluntarily provided by users/visitors
When the visitor/ user of the portal sends shop.kartos.it personal data to the Data Controller to request information on the supply of goods and/or services, to make purchase orders, to register for the portal, as well as, in the event that you give explicit consent, intends to subscribe to the newsletter on the initiatives, events and news promoted by the Data Controller, the user is aware of the need for the Data Controller to acquire and process the personal data of the data subjects, necessary for the performance of the requests received and for the execution of the supplies of goods and services requested.
In the event that the data subject has made purchases of products and services marketed by the Data Controller, the Owner may process only the data relating to the e-mail address of the data subject,
to make communications relating to the offer of similar products and services, without prejudice to the right of the data subject to refuse such processing and to object even at a later date. The personal data provided by users/visitors will be communicated to third parties only in the event that the communication is necessary to comply with the requests of the visitors / users themselves for the execution of the contract including the delivery of the goods or the execution of the service, by legal obligation (e.g. as in the case of billing).
The processing carried out and the relative data retention times may be different for each specific purpose and are described in detail in the specific information that will be provided for it in relation to the services and /or supplies requested.
In addition to the data expressly given to the Data Controller, other data deriving from the user's navigation on the site may be recorded: when the user accesses it, in fact, the site can send the user a "cookie". A "cookie" is a small text file that the site can automatically sends to the user's computer when he / she views our pages. The "cookies" serve to make navigation more convenient, as well as to obtain information on the navigation of the individual user within the site and to allow the operation of some services that require identification of the user's path through different pages of the site. For any access to the site, regardless of the presence of a "cookie", the Site registers the type of browser (e.g. Internet Explorer, Chrome, Firefox), the operating system (e.g. Windows, Macintosh) and the host and URL where the navigator-user comes from, as well as the data on the requested page. This data can be used in aggregate and anonymous form for statistical analysis of the use of the site.
On shop.kartos.it only technical session cookies and third-party analytical cookies set anonymously are used, for statistical purposes only[MP1] . No computer techniques are used for the direct acquisition of personal user identification data or user tracking or profiling systems. Cookies are not used for the transmission of personal information, nor are so-called “session cookies” or “persistent cookies” of any kind used, let alone profiling cookies. The Content Management System (WordPress), used by shop.kartos.it, releases, technical cookies essential for the correct display or navigation of the site.
The site, through the Share this article function, provides users with buttons for sharing shop.kartos.it content via social networks or other communication tools. Pages that contain such buttons do not issue neither portal nor third-party cookies. However, as is obvious, by clicking on the symbol of the chosen sharing tool the user will access third-party features or platforms – for which the Site Owner is not responsible in any way – that could release cookies and collect personal data.
In this regard, we invite you to always refer to the information on the processing of personal data provided by the respective social networks.
Purpose of the processing
In addition to those indicated above and those that precede the compilation of the forms of the different sections of the site, the purposes of the processing carried out by the Data Controller must be intended to be understood as:
1. collection, storage and elaboration for the purposes of the establishment and operational and administrative management of the contractual relationship related to the provision of the sale and services offered on the site; use of the user's personal data (in particular the e-mail address) to carry out communications related to the performance of the contractual relationship established;
2. processing of the personal data provided and those taken from the navigations on the site in order to provide a service consistent with the indications transmitted during the use of the service;
3. collection, storage and processing of data to carry out statistical analysis anonymously and/or aggregated;
4. purposes functional to the performance of our activity, such as the offer of personalized content, for example: newsletter services;
5. for the communication of commercial information on future initiatives, announcements of new products or services;
6. for market research, statistical and economic analysis;
7. for the sending of advertising or promotional material, promotional initiatives in general.
Legal basis for processing
The legal basis of the processing of customer data carried out by the owner through the site lies in the request, contract or pre-contractual agreements with the data subject (art. 6, co.1 lit.b - Reg. Eu 679/2016); while, in the absence of it, the legal basis is to be found in the legitimate interest of the Owner (art. 6, co.1 lit. f- Reg. Eu 679/2016 - art. 130 paragraph 4 Legislative Decree 196/2003). With regard to the additional purposes that require consent, it is requested, subject to the understanding of this information and expression of consent and must also be considered as a valid legal basis for the further processing pursuant to /given Art. 6, co.1 lit. a - Reg. Eu 679/2016.
Place of data processing and transfer to a third country
The data controller uses, for the services offered by the site, an external data controller, based in the Republic of San Marino, duly charged according to the standard contractual clauses referred to in the Decision of the European Commission dated 5 February 2010. The External Manager declares and guarantees that he adopts appropriate technical and security measures and that he is subject to regulatory requirements (San Marino Law No. 171 of 21 December 2018 on the protection of natural persons with regard to the processing of personal data) similar and in accordance with those provided for by Reg. 2016/679/EU, and which, therefore, offers adequate guarantees for transfer pursuant to art. Article 46 of that Regulation.
Time and place of data retention
For the purposes of execution of the requested services and supplies, for the consequent administration activities, accounting, orders, budget management and the entire flow of production, service and maintenance, shipment, invoicing, services, management of any litigation shall be: 10 years as established by the provisions of Art. 2220 C.C., subject to any delayed payment of the consideration justifying its extension.
The data relating to the subscription to the newsletter and/or for the purposes of information on initiatives organized by the Data Controller, are kept for a period of 2 years unless, in the meantime, there is a request for opposition and cancellation from the same by the data subject.
The data relating to navigation, collected automatically, are kept only the time necessary to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing
Technical and analytical cookies are stored for 7 days
Optionality or mandatory provision of data
Apart from what is specified for navigation data that automatically captures data, users/visitors are free to provide or not provide their personal data. Failure to provide them can only make it impossible to obtain what is requested.
Rights of the data subject
The data subject has the right to:
request from the Data Controller, pursuant to articles 15, 16, 17, 18, 19 and 21 of E.U. 679/2016, access to his /her personal data and all information; the rectification of inaccurate personal data and the integration of incomplete data; the deletion of its data, except for those contained in articles that must be kept by the Data Controller and unless there is a prevailing legitimate reason to proceed with the processing; the limitation of the treatment where one of the hypotheses referred to in Article 18 of the above mentioned regulation occurs.
The data subject also has the right to object to the processing of his personal data, subject to what is provided with regard to the necessity and obligation of its processing for the purpose of establishing the contractual relationship; to revoke any consent given for non-mandatory processing of data, without prejudice to the lawfulness of the processing based on the consent given before the revocation.
The data subject can exercise all the above rights by sending an e-mail to the Data Controller, firstname.lastname@example.org
The data subject also has the right to lodge a complaint with the Supervisory Authority for the Protection of Personal Data pursuant to Art.77 of EU Reg. 679/2016.
The information provided here may be subject to change as a result of:
• changes in privacy legislation, for the aspects of interest here;
• technological implementations of the site that impact on the current methods of treatment;
• organizational changes in the privacy structure of the Data Controller that may be of interest to the user.
Users are kindly invited to periodically visit this Policy in order to be constantly updated on the characteristics of the treatment.