Cristiano di Thiene S.p.A., as the Data Processor, wishes to inform you that European Regulation 2016/679 “General Data Protection Regulation” (GDPR), is a collection of dispositions that standardises the protection of personal data across all member states of the EU. In Italy, that Regulation is applied jointly with the “Privacy Code” Legislative Decree 196/2003 as modified by D.Lgs. 101/2018.
Pursuant to the provisions of articles 13 and 14 of EU Regulation 2016/679, we hereby provide you with this information, which will enable you to understand all our policies regarding the processing of the data that we collect, both in terms of understanding how your personal information is used when you use our services, and in terms of whenever you make use of online services on our site http://www.cristianodithiene.it, wherever your personal data is requested. We are doing this to enable you to then consent to your personal data being processed in a manner that is clear, aware, informed, and specific, independently from the means of communication and purposes for which you come into contact with the Data Processor.
Purposes of data processing on the site
Access to the site and navigation are free, but the possibility of making use of some of the online services available on the site and/or on third party websites, which can be reached from the site, is only permitted with the user’s prior registration. The registration process consists in completing an online form whereby the user is requested to provide some personal data. It is compulsory for a certain sort to be provided in order to activate authentication credentials (login and password) with which said user will then be able to access all areas and services on the site reserved for registered users. Therefore, first and foremost, the primary aims of processing encompass the need to consent to the activation of the user’s profile on the site. Registered users, once authenticated, are then able to use specific services available on the site, particularly e-commerce.
The processing that we intend to carry out thus also has the aims that follow and that do not pertain solely to collecting data online, but also refer to all means, procedures and services – including offline – by which the Data Processor collects your personal data:
a) the formation and execution of obligations derived from sale/purchase contracts;
b) the management of payments (with any related processing – pursuant to law – of payment data, including identifying details on credit cards where such a payment method is selected by the client);
c) the compliance with legal, accounting, fiscal, administrative and contractual obligations connected to existing relationships, or those yet to exist;
d) the management of relationships with authorities and third party public bodies for purposes connected to particular requests, to comply with all obligations set out by law;
e) the provision of measures designed to protect an adverse credit risk, including activities used to identify the client, ascertaining the veracity of all data provided, its economic/solvency integrity, whenever that may be;
f) the collection, preservation and processing of your data to complete statistical analysis in an anonymous and/or aggregated manner, without being able to identify the user, to verify the quality of the services offered.
Communication and disclosure of personal data.
Your personal data will never be disclosed.
They may, however, be communicated:
to any other external third party when such communication is obligatory pursuant to law or so that Cristiano di Thiene S.p.A. can correctly comply with contractual, precontractual or post-contractual services (e.g. technical assistance and requests for support or sending complaints presented by the client regarding the delivery services of products purchased);
• to authorities, public bodies for their respective institutional aims and legitimate recipients pursuant to law, including third parties in the case of extraordinary operations (mergers, acquisitions, company transfers) to carry out commercial activity;
• to police forces and other public administrations to comply with obligations set out by law. regulations and Community legislation;
• to advisors and/or partners of the Data Processor, who offers services of legal, tax-related or financial auditing services;
• to companies that offer payment management services;
• to companies, authorities, consortiums and associations that carry out credit protection activity.
The legal base for processing for the purposes described above are the following:
- carrying out the contractual relationship in the case of purchases on the site or contacting our customer services;
- processing the user’s personal data for identification and the prevention of tax fraud is necessary to comply with our obligations regarding money laundering;
- complying with legal, accounting, fiscal, administrative and contractual obligations connected to existing relationships;
- satisfying a legitimate interest of ours consisting of managing the site’s services and functionalities, preserving security, administration and the protection of our services, carrying out marketing;
- your consent to develop a commercial profile about the user, and sending commercial communication.
Mandatory or optional nature of consent
When processing is necessary to comply with an obligation set out by law, regulations or Community law, or to carry out obligations deriving from a contract to which the interested party belongs, or to comply, before the conclusion of a contract, with any specific requests made by the interested party, consent is mandatory. If data is not provided, the Company will not be able to maintain said contractual relationship or comply with their own obligations.
Your consent is optional regarding the sending of our commercial and promotional communications (through traditional ways, such as by post (paper) or calls through operators; or using email, fax, SMS, MMS, automatic systems without an operator). In the case that consent for marketing is denied, there will be no interference and/or consequences regarding business or contractual relationships, or any other sort of relationship.
Processing of the personal data of the interested party for the purposes of commercial profiling.
It may be that, for the purposes of marketing and improving the site’s services and functionalities, the Data Processor proceed with the processing of so-called “profiling” data. Based on what is indicated by the Data Protection Authority, profiling data may regard “individual” personal data or “aggregated” personal data derived from detailed individual personal data. To clarify what “profiling” consists of, please refer to the parameters below:
• data is structured and coordinated based on predefined parameters identified from time to time, based on the company’s needs (independently from the marketing, contractual, administrative etc. purposes);
• starting data, considered individually, might include varied personal information, including data of a contractual nature, but only following profiling (in other words, structured according to pre-established parameters), about which it is possible to infer things subsequently attributable to each interested party, subsequent indications (in other words, the “profile”, for example, consumption range, the level of expenditure, active services, commercial habits etc.) from which no data individually or separately considered would derive from the mere informational predisposition. In other terms, the availability of an informational asset that goes well beyond information considered individually and related to each interested party may be obtained from profiling in the strict sense of the word. Furthermore, profiling in the strict sense of the word provides an added value given by the multiple correlations that can be established between pieces of data that have been collected, for the purposes of extracting further additional, useful information.
To continue with profiling processing, the Data Processor will request specific, separate consent (separate too from marketing consent), which is express, documented, prior and entirely optional.
• Wherever the interested party decides to provide its specific consent, it must be previously informed and aware that the purposes of processing are specifically of a commercial, advertising, promotional and marketing nature in general, based on a profiling processing. For the purposes of absolute transparency, we therefore inform you that all data collected based on your specific agreement may be subject to profiling processing.
• The lack of consent will not entail any consequence other than not allowing Cristiano di Thiene S.p.A. or any other third party to process your data for the purposes mentioned above. In the case that consent for profiling processing is denied, there will be no interference and/or consequences regarding business or contractual relationships.
Methods of processing, storing data and security measures
Data will be processed with the help of electronic or otherwise automatic means, and stored for the time periods defined by any legislation, mostly on servers located in Italy and in any case in the EU. In any case, the period during which your data will only be stored for the time necessary to carry out the purposes explained above, and will be equal to the duration of the service relationship between you and the Data Processor, unless it is otherwise necessary to comply with contractual, administrative, fiscal, accounting or legal obligations following the conclusion of the relationship. As soon as said obligations are complied with, your data will be destroyed, unless it must be stored based on different terms of law for the act and/or document that contains the data.
Transfer of personal data
Your data will not be transferred to other third-party countries that do not belong to the European Union.
Exercise of rights
At any time, you can exercise, in respect of the Data Processor, Cristiano di Thiene S.p.A., which can be contacted addressing to Cristiano di Thiene S.p.A. - Resp. del Trattamento - Viale del Lavoro 25 - 36016 Thiene VI - ITALY) or by e-mail to firstname.lastname@example.org the right to:
a) ask for the confirmation of the existence or otherwise of your own personal data;
b) obtain information regarding the purposes of processing, the categories of personal data held, the recipients or categories of recipients to whom your personal data has been or will be communicated, and, when possible, the period during which it will be stored;
c) amend or cancel your data;
d) limit processing of your data;
e) obtain data portability – in other words, receive them from a data processor in a structured, common and legible format from an automatic device, and transfer them to another data processor without impediments;
f) oppose processing at any time, including processing for the purposes of marketing
g) oppose an automatic decision-making process related to physical people, including profiling.
h) ask the data processor for access to your personal data, as well as to amend or cancel them, or limit processing or oppose their processing, as well as the right to data portability;
i) revoke consent at any time without damaging the validity of processing based on consent granted before said revocation;
j) complain to a supervisory authority (www.garanteprivacy.it)..