Privacy Policy

PRIVACY POLICY
shop.annatwelve.com
Information pursuant to art. 13 of EU Regulation 2016/679
(Version updated to 30 March 2020)

Dear User,

the company Errecom S.p.A. (hereinafter also referred to as the "Owner") is particularly attentive to aspects concerning the privacy of its users and, through this page, intends to describe how to manage its website shop.annatwelve.com (hereinafter "Site") with reference to the processing and protection of personal data of users who access it. This is a general information provided in compliance with EU Regulation 679/2016 "Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data" (hereinafter EU Reg.) for the Site only and not for other websites that may be consulted by the user through links on its pages for which the Owner is in no way responsible.

1. Data controller
Data controller of the data provided by the user is the company ERRECOM S.p.A., with registered office in 25030 - Corzano (BS), Via Industriale, n. 14, Italy - Tax Code/VAT: 02179230988, Tel. 030.9719096, E-mail: [email protected].

2. Type of data collected
a) Navigation Data
The computer systems and programs used to operate the Site collect certain personal data whose transmission is implicit in the use of Internet communication protocols. This information, even if it is not collected to be associated with the identified data subjects, could, by its nature, through processing and association with data held by third parties, allow the identification of users. This category of data includes IP addresses or domain names of computers used by users who connect to the Site, addresses in URI notation (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.

b) Data provided voluntarily by the user (art. 4 p.to 1 EU Reg.)
For the consultation of the site is not required the provision of any personal data by the user. However, the voluntary registration of the user in the section "Register" of the Site or the insertion of personal data in the areas of the Site called ".Information >Shipment >Payment" (accessible from "Shopping Cart") will lead to the acquisition by the Holder or third parties operating in

collaboration of the Owner for the provision of services of the data entered by the user that will be processed for the purposes indicated in point 3 below. The data collected by the Owner are only common personal data (such as but not limited to: name, surname, e-mail address, shipping address).

b.1) Payment management
The payment management services allow the Site to process payments by credit card, bank transfer or other instruments through external payment service providers Stripe Inc. and PayPal. Users must provide payment details and personal information directly to these payment service providers. The data used for the payment are acquired directly by the operator of the payment service requested, as specified by the privacy policy of each service, without being processed in any way by the Owner who will instead receive only a notification from the service provider in question about the payment.

c) Cookies
For information regarding the use of cookies through this site please read the cookie policy.

3. Legal basis and Purpose of the treatment
The legal basis for the treatment of navigation data (point 2, letter a) is to pursue the legitimate interests of the Owner in relation to the management of the Site. Said data will be used by the Owner for the following purposes:

  • make it possible to access and navigate the Site;

  • collect data and information in aggregated form only and anonymous to verify the correct functioning of the Site;

  • collect data and information in order to protect the security of the Site (filters antispam, firewall, virus detection) and users;

  • obtain anonymous statistical information on the use of the Site.

In the event of computer crimes committed to the detriment of the Site, the navigation data may also be used to ascertain responsibility.

The legal basis for the processing of data provided voluntarily by the user through registration in the "Register" section (point 2 letter b) is the legitimate interest of the Owner to respond to the request for registration in the "Register" section in order to:

a) offer the services reserved for registered users (e.g. save your data and contact details, access all information relating to your orders and returns, provide assistance on services and products);

Furthermore, subject to the explicit consent of the User, the data provided by the latter through the "Register" section will be processed:

b) for the sending by the Owner of newsletters and any other informative and promotional material;
c) for the carrying out of marketing activities;
(d) to carry out profiling activities: the personal data provided may be

profiled by the Owner only internally for statistical/comparative purposes, for a better management of the services offered, or for the creation of commercial profiles and/or for the analysis of the preferences of registered users. The processing of personal data for profiling purposes will be carried out with appropriate tools and methods and in accordance with the requirements of the EU Reg., also in order to protect the rights, freedoms and legitimate interests of the data subject.

The personal data requested to the user by the Owner in the areas of the Site called "Information >Shipment >Payment" (accessible from the "Shopping Cart") (point 2 letter b) as well as requests to the user to process and manage payments by third party suppliers (point 2 letter b.1) are necessary for the conclusion and execution of the contract that the User intends to enter into with the Owner for the purchase of products on the SITE and may be processed for the following purposes:

(e) activities prior to the conclusion of the contract;

f) activities related to the execution of the contract, such as processing, operational and management requirements - within the limits established by laws or regulations - necessary for the operational and administrative activities of the Owner, or legal requirements related to civil, fiscal and accounting regulations, administrative management of the relationship, fulfilment of any contractual obligations, support and technical information regarding the products covered by the relationship;

(g) tax requirements, payment for the service/product provided and enforcement of laws and regulations in general.

    Furthermore, subject to the explicit consent of the User, the data provided by the latter through the areas of the Site called " ".Information >Shipment >Payment"will be dealt with:

    h) for the sending by the Owner of newsletters and any other information and promotional material;

    (i) for the performance of marketing activities;

    j) to carry out profiling activities: In case of explicit consent by the User, the personal data provided may be profiled by the Owner only internally for statistical/comparative purposes, for a better management of the services offered, or for the creation of commercial profiles and/or for the analysis of user preferences. The processing of personal data for profiling purposes will be carried out with appropriate tools and methods and in accordance with the requirements of the EU Reg., also in order to protect the rights, freedoms and legitimate interests of the data subject.

      4. Consequences of non-communication of personal
      data       The navigation data collected in the context of this treatment (point 2, letter a) are mandatory as they are strictly functional to the computer management of the site.

      The provision of personal data for the purposes referred to in paragraph 3 letter. a) is required to proceed with the required registration, so that, in case of failure to provide the same, the user will not be allowed to register in the section "Register"”.

      Failure to provide personal data for the purposes referred to in point 3 letter b), c), d) will not prevent the user from registering in the section "Register" but will not permit the Holder to carry out the purposes indicated.

      Failure to provide the data for the purposes referred to in letters e), f), g), will make it impossible to conclude and execute the sales contract between the user and the Owner.

      Failure to provide personal data for the purposes referred to in points h), i), j) will not prevent the user from concluding the sales contract with the Owner but will not allow the latter to fulfil the purposes indicated.

      5. Methods of data processing
      The processing, carried out only by personnel directly authorized by the Owner, is carried out according to principles of correctness, lawfulness, transparency and can be carried out with or without the aid of electronic or automated tools. This treatment will include all the operations provided for by art. 4, n. 2, EU Reg. (collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication through transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction of data) necessary for the treatment in question, including communication to the subjects listed in the following paragraph "Communication of data”.

      The data will be recorded and stored in both paper and computer files, according to principles of correctness, lawfulness, transparency, with organizational systems related to the purposes of processing. Moreover, in order to protect data from destruction or loss (even accidental) as well as to ensure their integrity and confidentiality (including against unauthorized access or disclosure) and in general to ensure the rights of the data subject, the Owner has adopted security measures of a technical and organizational nature, in accordance with the provisions of EU Reg. (with particular reference to Articles 24, 32 and 35).

      6. Communication of data
      Personal data provided by the user may be communicated:

      - within the company, to persons authorized to process data pursuant to art. 29 EU Reg., according to their respective profiles of competence and for the purposes of the processing itself (e.g. administrative, commercial, marketing, legal, system administrators, etc.). These subjects include the employees and/or collaborators of the Data Controller regardless of the relationship in place (e.g. administrators, interns, etc.) who, in order to carry out the work tasks entrusted to them, need to process personal data;

      • to subjects external to Errecom S.p.A., appointed for this purpose as Data Processors pursuant to art. 28 EU Reg. which the Owner uses or may use in the management of the contractual relationship, the provision of services offered and for organizational needs of its business, including third party service providers in order to make it possible to use, operate and/or receive services through the Site (such as, for example, companies that deal with the management or maintenance of the IT infrastructure on which the Site is based (Shopify Inc.), the address management and email message sending service (Mailchimp), in accordance with the privacy policy of each service. It is possible to obtain an updated list of the Data Processors by contacting the Data Controller.

      • to subjects who need access to the data for purposes ancillary to the relationship between the user and the Owner, within the limits strictly necessary to carry out auxiliary tasks (such as, for example, banks and credit institutions, technical service providers, computer companies, communication agencies, postal couriers and shipping companies); 

      • to persons who can access the data by virtue of provisions of the Law or Regulations, within the limits provided for by such rules.

       

      7. Dissemination of data
      Personal data collected for the purposes indicated will not be disseminated.

        8. Period of storage
        of data Navigation data (point 2, letter a) and data voluntarily provided by the user (point 2, letter b) will be stored for a period of time not exceeding the time necessary to achieve the purposes for which they are processed, without prejudice to the need for storage for a longer period in compliance with applicable legislation. Where the processing is based on the explicit consent of the data subject, the latter may always revoke the consent given. This, however, is without prejudice to the lawfulness of processing based on the consent given before the revocation.

        9. Place of data storage
        Personal data will be stored at the headquarters of the Owner and in any case within the European Union.

        10. User right
        s         The User to whom the personal data refer has the right to request and obtain, at any time, from the Data Controller, access (art. 15 EU Reg.), rectification (art. 16 EU Reg.) and cancellation (right to forget) (art. 17 EU Reg.) of his personal data. The User is also granted the right to limit the processing of personal data (art. 18 EU Reg.), the right to the portability of the same (art. 20 EU Reg.) and the right to object, for legitimate reasons, to their processing (art. 21 EU Reg.).

        Where the processing of data is based on the explicit consent of the data subject, the data subject shall have the right to withdraw the consent given at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

        In any case, the user has the right to lodge a complaint with the Guarantor, as provided for by art. 77 EU Reg., or to take appropriate legal action under art. 79, EU Reg. if he believes that the processing of personal data referred to him has occurred in violation of the provisions of the EU Reg.

        11.Methods of exercising rights
        Users can exercise their rights at any time by sending an e-mail to the address [email protected] or a registered letter with return receipt to the address: ERRECOM S.p.A., Via Industriale, n. 14, 25030 - Corzano (BS)- Italy.

        12.Changes to this Policy
        The Owner reserves the right to modify this Policy. The date indicated at the beginning of this Notice indicates the date of the last update. In case of substantial changes, a notice will be provided through the Website, or by other means, to give the user the opportunity to verify the changes before they take effect.