Privacy policy
Information pursuant to Art. 13 of the European Data Protection Regulation 679/2016 [GDPR])[GDPR])
In accordance with the requirements laid down in the General Data Protection Regulation, the Data Controller provides the data subject with the following information in relation to the processing of personal data carried out.
|
Data controller |
|
|
Data controller |
ICONS S.R.L. |
|
Address |
Roma - Via Portuense, 956 |
|
VAT number |
06747680483 / 06747680483 |
|
Contact |
PEC: icons2017@pec.it |
|
Legal representative |
Ferretti Damiano |
|
Privacy contact person |
Ferretti Damiano (icons2017@pec.it) |
|
Data protection officer |
Not present |
|
Joint data controllers |
|
|
Data processor |
LDA FASHION S.R.L.
|
|
If you intend to request further information on the processing of your personal data or to exercise your rights, please contact the above-mentioned Privacy Contact Person directly. |
|
|
Categories of interested parties |
|
|
List of data interested parties |
Customers or Users, Potential Customers, Members, Associates and Members, Minors |
|
PROCESSING CARRIED OUT |
|
|
Online businesses with or without customer loyalty |
|
|
Description |
Activity relating to the processing of personal data for the production, distribution and sale of goods or services online. It can provide for customer loyalty through the enrollment in a loyalty program. |
|
ORIGIN, PURPOSE, LEGAL BASIS AND NATURE OF DATA PROCESSED |
|
|
Origin |
The data are partly collected from the data subject and partly collected from third parties. Description of the source: the data may be collected via our own website(s) or those of third parties and managed by third parties who are in turn responsible for the processing of personal data, the information on which can be found at the following link https://goccia.shop/privacypolicy/ The data come from a publicly accessible source |
|
Purpose |
1. Mail order or telephone sales - Consent received from the data subject at the time of collection of personal data through acceptance included in the information notice. If consent is not given, no mail order or telephone sales will be possible. |
|
Legal basis |
For purposes 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17: Consent of the data subject
For purposes 4: Processing is necessary to comply with a legal obligation to which the data controller is subject
For Purpose 8: Processing is necessary for the pursuit of the legitimate interest of the data controller or third parties |
|
Personal data processed |
Subjects of interest, Tax code and other personal identification numbers, Telephone contacts, Bank account details, Contact and communication data, Behavioral data, Profiles of users, consumers, taxpayers, etc., Residential address, Email address, Name, address or other personal identification, Declared profession, Video surveillance footage, Sex m/f |
|
"Special" data (sensitive data) are those defined in Articles 9 and 10 of Regulation 2016/679/EU ("GDPR"). These data are processed in compliance with the GDPR as well as in light of the General Authorizations issued by the Data Protection Authority. |
|
|
Special data processed |
- |
|
Legal basis art. 9 |
|
|
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA |
|
|
Categories of recipients |
It is planned to communicate your personal data, carried out on the legal basis provided for in Article 6 of Regulation 2016/679/EU, to the following third parties: |
|
Judicial Offices, Consultants and freelancers also in associated form, Companies and Enterprises, Armed Forces, Police Forces, Employers, Associations of Entrepreneurs and Enterprises, Parent, Subsidiary and Associated Companies, Associations and Foundations, Associates and Subscribers, Judicial Authorities, Internal Managers, External Managers, Authorized Parties, Private Parties (natural or legal persons), companies that maintain or supply goods and services |
|
|
These entities, bodies, companies and professionals act as Data Processors appointed by ICONS S.R.L. or are themselves Data Controllers of the personal data transmitted to them. |
|
|
Your personal data, or the personal data of third parties in your possession, may also be communicated to external companies, identified from time to time, to which ICONS S.R.L. entrusts the performance of the obligations arising from the assignment received to which will be transmitted only the data necessary for the activities they require. All employees, consultants, interim and/or any other "natural person" who, authorized to process data, carry out their activities based on the instructions received by ICONS S.R.L., pursuant to Art. Art. 29 of the GDPR, are designated "Data Processors" (hereinafter also "Processors"). 29 of the GDPR, are designated "Data Processors" (hereinafter also "Processors"). To the Data Processors or Persons in charge, possibly designated, ICONS S.R.L. shall give adequate operating instructions, with particular reference to the adoption of and compliance with security measures, in order to ensure data confidentiality and security. Precisely with reference to personal data protection aspects, you are invited, pursuant to art. 33 of the GDPR, to report to ICONS S.R.L. any circumstances or events from which a potential "personal data breach" may arise in order to allow an immediate assessment and the adoption of any actions to counter such event by sending a communication to ICONS S.R.L. at the above-mentioned addresses. This is without prejudice to the obligation of ICONS S.R.L. to communicate the data to the Public Authorities upon specific request. |
|
|
TRASFERIMENTO ALL’ESTERO |
|
|
Transfers to foreign (non-EU) countries or international organizations |
No transfer to foreign countries or international organizations
|
|
The transfer abroad of your personal data may take place if it is necessary for the management of the assignment received. The processing of information and data that may be communicated to these parties will require the equivalent levels of protection adopted for the processing of personal data of its own employees. In any case, only the data necessary for the pursuit of the intended purposes will be communicated, and the regulatory tools provided for in Chapter V of the GDPR will be applied. |
|
|
MODALITIES, PROCESSING LOGICS AND RETENTION TIMES |
|
|
Duration of processing |
The data for loyalty purposes in the strict sense, i.e. necessary to enable membership of the loyalty programme and management of the fidelity card, will be processed and stored until the administrative duration of the relevant programme, or in any case until cancellation and/or termination by the member. In the event of any withdrawal, disabling due to non-use within a certain time frame, expiry or return of the card (in accordance with the provisions of the separate Loyalty Programme Regulations), the period of retention of personal data for administrative purposes only (and not also for profiling or marketing purposes) will not exceed one quarter (without prejudice to any specific legal obligations on the retention of accounting documents). The Data Controller, in such cases, has implemented appropriate mechanisms for the automatic deletion of the data, even from third parties to whom the same may have been communicated). For other purposes, the processing will last no longer than is necessary for the purposes for which the data were collected. |
|
Your data is collected and recorded lawfully and fairly for the above-mentioned purposes in accordance with the principles and requirements of Art. 5 c 1 of the GDPR. Your data are collected and recorded lawfully and fairly for the above-mentioned purposes in accordance with the principles and requirements of Article 5 c 1 of the GDPR. Personal data is processed by manual, computerized and telematic means with logic strictly related to the purposes and, in any case, in such a way as to guarantee its security and confidentiality. |
|
|
NATURE OF CONFERMENT |
|
|
Personal data will be processed for the following purposes: |
|
|
Purposes that do not require consent |
- Implementation of tax and accounting obligations - Acquisition of data for printing and sending invoices in both paper and digital form. - Marketing (market analysis and surveys) - Consent not necessary insofar as the communications, for the purpose of direct sales of its own products/services or for the purpose of satisfaction analysis or market surveys, use the e-mail details collected from the data subject in the context of the sale of a product or service similar to those being sold and without the data subject's express refusal to such use, either initially or on the occasion of subsequent communications. In every communication, information is given on the possibility of opposing the processing at any time (so-called opt out) |
|
Purposes that require consent |
- Sale by mail order or telephone - Consent received from the data subject at the time of collection of personal data through acceptance included in the information notice. In the event of non-consent, no sale by mail order or telephone will take place. - Sale by telematics or radio/television - Consent received from the interested party at the stage of collection of personal data through acceptance inserted in the information notice. In the event of non-consent, no telematic or radio/television sales will be carried out. - Customer management - Consent explicitly acquired from the interested party, stored in our management systems and specific assets, in the absence of which we will not proceed with the activities described. - Litigation management - Consent obtained explicitly from the person concerned, stored in our management systems and specific assets, without which the activities described will not be carried out. - Monitoring of contractual obligations |
|
Only with your explicit consent, to be given at the foot of this notice, will the data whose purposes require consent be processed. However, the provision of data is optional and does not affect the existing contractual relationship with the data controller. |
|
|
Your consent is not required for the data collected and used for the purpose of carrying out the activities related to the contractual relationship and the fulfillment of the legal obligations indicated. Failure to provide the aforementioned personal data will result in the impossibility of carrying out the relationship in question. For data collected and used for the legitimate interest of the Data Controller, your consent is not required (lett. f, art. 6, GDPR). The communication of the aforementioned personal data is optional but necessary for the performance of the services offered by the Controller. Any refusal to communicate such data will make it impossible to provide all or part of the services requested. |
|
|
RIGHTS OF DATA SUBJECTS (Articles 15 to 22 of the GDPR) |
|
|
Right of access |
The data subject has the right, in accordance with Articles 15 to 22 of the GDPR to request access to their personal data from the data controller. |
|
Right of rectification |
The data subject has the right, according to the provisions of Articles 15 to 22 of the GDPR to request the controller to rectify their personal data. |
|
Right of erasure |
A data subject shall have the right, in accordance with Articles 15 to 22 of the GDPR, to request the controller to erase his/her personal data. |
|
Right of restriction |
The data subject has the right, according to the provisions of Articles 15 to 22 of the GDPR to request the controller to restrict the data concerning him/her. |
|
Right to object |
The data subject has the right, according to the provisions of Articles 15 to 22 of the GDPR to object to their processing. |
|
Right of portability |
The data subject has the right, according to the provisions of Articles 15 to 22 of the GDPR to exercise their right to data portability. |
|
Right of revocation |
The data subject has the right, according to the provisions of Articles 15 to 22 of the GDPR to exercise his or her right to withdraw consent. |
|
Right to complain |
The data subject has the right, according to the provisions of Article 77 of the GDPR to exercise his or her right to lodge a complaint before the supervisory authority. |
|
AUTOMATED PROCESS |
|
|
Is there an automated process? |
Yes |
|
Automated processes or profiling methods |
Without prejudice to the fact that even in the event of the consent of the person concerned we will not process (in any case prohibited for profiling purposes) data liable to reveal the state of health and sex life, we inform you that the methods of processing will in any case be relevant and not excessive in relation to the type of goods marketed or services rendered. The profiling activity may concern 'individual' personal data or 'aggregate' personal data derived from detailed individual data. Such processing may be carried out using personal data that are also aggregated according to pre-defined parameters depending on the company's needs. Such data may include personal information of various kinds, including contractual data and data relating to consumption made, purchases made, spending habits and volumes, levels of provisioning of goods and/or services, etc. from which it is possible to infer further indications referring to each data subject (e.g. consumption band, level of expenditure incurred at regular intervals, etc.). We draw particular attention to the fact that the provision of personal data and consent to disclosure to third parties for the purposes outlined above are absolutely optional and optional (and in any case revocable without any formality even after the provision), and failure to provide such consent shall not result in any consequences other than the impossibility for the data controller to proceed with the aforementioned profiling. Even where you have given your consent to authorise the data controller to pursue the purposes of profiling, you will still be free at any time to revoke it by sending a clear communication to this effect without any formality. Following the receipt of such an opt-out request, the Data Controller shall promptly remove and delete your data from the databases (the latter in any case not interconnected or the source of data interlacements and comparisons with those used for profiling purposes in the strict sense) and inform any third parties to whom the data have been communicated for the same purposes of deletion. The mere receipt of your request for deletion will automatically count as confirmation of successful deletion. |
|
Legal basis |
Explicit consent of the data subject |
The Data Controller reserves the right to make such changes to this privacy policy as it deems appropriate or as may be made mandatory by applicable law, at its sole discretion and at any time. On such occasions users will be duly informed of the changes made.
The Data Controller
ICONS S.R.L
01/09/2023