Privacy policy
Dear Visitor/User, compliance with the Privacy Policy is particularly important to us.
In particular, the "General Data Protection Regulation" (EU Regulation 2016/679, known by the English acronym "GDPR") requires us to provide you with the following information on the processing of your Personal Data, pursuant to art. 13 of the aforementioned Regulation.
“Processing of Personal Data”, in simple words, is any operation concerning any “information relating to an identified or identifiable natural person”. For example, name and surname, or an e-mail address with a "user name" that identifies you (e.g. mariorossi@....), is considered "Personal Data", and the actions of collection, registration with us and use to send you a communication, are considered "Processing" operations; as well as (again for example) the communication of Personal Data to other organizations and archiving.
Our organization is defined as the "Data Controller", as the person who establishes how and for what purposes to process information relating to natural persons.
You, if "natural person to whom the Personal Data refers", is defined as "Interested", and has the right to receive the following information on who we are, what Personal Data we process, why, how and for how long we process them, and what obligations and rights you have in this regard. However, if you operate on behalf of a private organization (e.g. partnership, joint-stock company, association, etc.), the interested parties are the natural persons who use the Site, and/or the Online Store, and/or benefit from of the Services under its authority (e.g. you and/or your Workers). Information strictly relating to the organization (e.g. tax code or VAT number) is not considered Personal Data.
Depending on whether you are a simple Visitor, have made purchases on the Online Store, or use any of the Services that may be available on the Site, we collect and/or need you to provide us with some Data, which is necessary for us to allow you to browsing the Site, and/or making purchases from the Online Store, and/or using the Services. When you simply visit the Site, we do not acquire information that allows you to be directly identified.
The following grid and clauses explain how the Company, as Data Controller, will process your Data.
The meaning of the capitalized terms used in this information is explained in the Glossary at the bottom of the page. For anything not expressly defined here, please refer to the definitions contained in the terms of service and/or in the general terms and conditions of the product sales contract, and/or in other legal texts available on the Site on the date on which you viewed the this information. In the event of any conflict between definitions, for the purposes of the Privacy Policy the definitions contained in the Glossary will prevail.
Who are we (“Data Controller”)? |
||||
IDT S.p.A., with registered office in Via Quittengo 35, 10154 Turin (TO), C.F. and VAT number 10010450012, registered in the Turin company register, REA number TO-1098199. |
||||
What categories of interested parties are addressed to this information? |
||||
Visitors and Buyers |
||||
What categories of Personal Data do we process? |
||||
Navigation Data and Common Data to the minimum extent necessary to achieve each of the Purposes indicated below. Please do not include any "sensitive" information in the texts of communications and in the description fields of our online forms (personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data and data relating to the person's health or sexual life or sexual orientation). |
||||
What is the origin of your Personal Data? |
||||
Normally it is you who transmit them yourself, or another natural person belonging to the organization for which you work authorized for this purpose. |
||||
Why do we process Personal Data (Purpose) and what is the Processing based on (Legal Basis) of each category of Data, and what is the Retention Period? |
||||
n° |
Purpose |
Categories of Personal Data |
Legal Basis |
Conservation Period |
1 |
Analyze the traffic on the Site (e.g. detect the most visited pages, the number of visitors per time slot or daily, the geographical origin, the average connection time, the browsers used, the origin of the visitor - from search engines or others sites -, phrases and words searched etc.) to understand how it is used and manage it, optimize it and improve it, or even just for statistical purposes; resolve operational problems (e.g. anomalies in page loading); carry out monitoring activities to repel and/or prevent cyber attacks and fraud. |
Browsing Data, anonymous information (which does not allow us to trace your identity) and Common Personal Data (e.g. full IP address) |
The need to make the Site available in accordance with the terms of service or other legal text performing a similar function available on the Site on the date of access considered (art. 6.1.b GDPR) |
1 week from the date of your last access to the Site. |
2 |
Satisfy the requests you wish to send to us using the contact details on the Site. |
Common Data |
The need to adopt pre-contractual measures at your request (art. 6.1.b GDPR) |
For a maximum of 2 years from your last request. |
3 |
Provide you with access to your profile page and reserved area |
Common Data |
The need to execute your service request governed by the terms of service or other legal text with a similar function available on the Site on the date of access considered (art. 6.1.b GDPR) |
For a maximum of 2 years Your last request |
4 |
Carry out operations relating to purchases of products made by you from our Online Store |
Common Data |
The need to execute the sales contract (art. 6.1.b GDPR) |
For a maximum of 10 years from the date of your last purchase. |
5 |
Marketing purposes, subject to profiling. In particular, it is specified that the Data, also with the aid of Cookies, will be used to re-target subjects who are already users of the Site, even only as Visitors, or to find new ones based on the characteristics of the subjects who are already users of the Site. Direct marketing activities, including but not limited to the newsletter, have the sole purpose of making users aware of the news, commercial and otherwise, proposed by the Site and the Company, and do not include the promotion of goods or services offered by third parties. La Società non trasferisce i Dati a soggetti terzi affinché tali terzi possano proporre loro prodotti agli utenti del Sito. |
Navigation Data and Common Data |
Express consent, also with respect to the installation of Cookies (art. 6.1.a GDPR). |
Until consent to processing is revoked. |
Clarifications on the Maximum Storage Period |
||||
Your Personal Data will be processed for the maximum periods indicated above for the respective inherent processing purposes, unless the Applicable Law requires us to retain them for a longer period or allows it to protect our rights and/or legitimate interests. |
||||
To whom do we communicate the Data (Categories of Recipients)? |
||||
To the minimum extent necessary to achieve each of the Purposes, on the basis of the Applicable Regulations and/or a contractual agreement with the Owner, to:
The Data Controller does not disseminate Personal Data, except in the case where it is requested, in accordance with the law, by Authorities, information and security bodies or other public entities for the purposes of defense or security of the State or prevention, detection or repression of crimes. |
||||
Do we transfer Personal Data outside the European Union? |
||||
Yes, for the provision of the Site and the Online Store, the Company uses, in addition to subjects located in the territory of the European Union, also subjects located outside this territory, with particular reference to the storage of the servers on which they are stored the Personal Data of Users (located in the United States). The Data Controller ensures that the transfer of data outside the EU takes place in compliance with the applicable legal provisions and that the transfer is carried out to subjects (third countries and/or international organisations) for which there is an adequacy decision of the European Commission pursuant to of Article 45 GDPR, or by stipulating, where necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission, and in any case in compliance with the other guarantees or derogations provided for in Chapter V of the Regulation EU 2016/679 (GDPR). Furthermore, in compliance with the principle of minimization, the data will be processed outside the territory of the European Union as indicated above exclusively for the purpose of applying, via a plug-in installed on the Site, discounts or other benefits in favor of Buyers, and therefore such cross-border processing will last exclusively for the duration of the purchasing session. If you do not accept that your Personal Data may be transferred to non-EU countries, we invite you not to sign any Contract with the Company and to stop using the Site, the Online Store and the Services. |
||||
Does the Site use Cookies? |
||||
Yes. To find out more and to view our policy in this regard, you can consult the Cookie Policy. |
||||
Are you obliged to provide us with Personal Data? |
||||
Due to the functioning of the Internet network, you cannot refuse the communication of Navigation Data; the refusal to communicate some Personal Data (such as the IP address of your device) is not foreseen. |
||||
What happens if you refuse to communicate your data? |
||||
If you refuse to communicate the Personal Data for the contractual purposes indicated above in numbers 2, 3 and 4, we will not be able to establish the contractual relationship and fulfill your request, sell the products, or provide the Service. |
||||
What communications do we send you? |
||||
We will only send you communications necessary for the execution of the Contract, based on the applicable contractual purpose among those indicated above. For example, we will communicate with you to respond to your general request (Purpose 2), or we may send you notifications to inform you of issues relating to access to your profile page/reserved area, as well as to update you on the purchase orders you have submitted . |
||||
What rights do you have as an “Interested Party”? |
||||
Lei, in quanto persona a cui si riferiscono i dati (“Interessato”) ha diritto di:
The exercise of the above rights may also be delayed, limited or excluded in the cases provided for by the art. 2-undecies d. lgs. 196/2003. |
||||
Who can you contact with questions or to exercise your rights? |
||||
You can contact the Data Controller for questions relating to the processing of your Personal Data and to exercise your rights by sending an email to the address [contact@ducadimorrone.com], or by post to the address [Via Quittengo 35, 10154, Turin – Italy] . |
||||
This Privacy Policy is effective from March 2022; we reserve the right to modify its content, in part or completely, also following changes to the Privacy Law; we will publish the updated version of the Privacy Policy on the Site and from that moment it will be binding: you are therefore invited to visit this section regularly.
We do not intentionally collect personal information relating to natural persons who, based on their national law of origin, lack the legal capacity to act for the purposes of stipulating contracts, except for requests relating to minors made by subjects exercising parental authority or custody. on the minors in question. In the event that information on such subjects is recorded, we will delete it promptly, at the request of the interested party or whoever exercises authority over him.
GLOSSARY
“Supervisory Authority”: the independent public authority established by a European Union State, or by the European Union itself, responsible for supervising the application of the Privacy Legislation (for Italy, the Guarantor for the Protection of Personal Data , http://www.garanteprivacy.it).
“Authority”: body or organisation, public or private, with administrative, judicial, police, disciplinary and supervisory powers.
“Authorized”: the natural person, placed under the direct authority of the Data Controller, who receives instructions from the latter on the Processing of Personal Data, pursuant to and for the purposes of the art. 29 of the GDPR.
“Privacy Code”: Legislative Decree 196/2003 and subsequent amendments and/or additions (in particular by Legislative Decree no. 101/2018).
“Committee” or “EDPB”: the European Data Protection Board, established by art. 68 of the GDPR and governed by articles. from 68 to 76 of the GDPR, which replaces WP29 from 25/5/2018.
“Buyer”: the natural or legal person who makes purchases from the Online Store or who uses any of the other Services that may be available on the Site.
“Communication”: “giving knowledge of personal data to one or more specific subjects other than the interested party, the owner's representative in the territory of the European Union, the manager or his representative in the territory of the European Union, authorized persons, pursuant to article 2-quaterdecies, to the processing of personal data under the direct authority of the owner or manager, in any form, including by making them available, consulting or interconnecting them" (as defined in art. 2 -ter, paragraph 4, letter a of the Privacy Code).
“Contract”: agreement stipulated with the Customer User, through acceptance by the latter of the Terms and Conditions.
“Cookies”: short fragments of text (letters and/or numbers) that allow the web server to store information on the browser to be reused during the same visit to the site (session cookies) or later, even days later (cookies). persistent). Cookies are stored, based on the User's preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories are taken into consideration:
- Technical cookies: these are essential cookies for the correct functioning of the site and are used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service” (see art. 122, c. 1, of the Privacy Code).
- Analytical cookies: these are cookies used to collect and analyze traffic and use of the site anonymously. These Cookies, even without identifying the User, allow, for example, to detect if the same User returns to connect at different times. They also allow you to monitor the system and improve its performance and usability. The deactivation of these Cookies can be performed without any
loss of functionality. - Profiling cookies: these are persistent cookies used to identify (anonymously or otherwise) the user's preferences and improve their browsing experience.
- Third-party cookies (analytical and/or profiling): these are Cookies generated by organizations not belonging to the Site, but integrated into parts of the Site page. Think for example of Google's "widgets" (e.g. Google Maps) or “social plugins” (Facebook, Twitter, LinkedIn, Google+, etc.).
“Common Data”: are Personal Data concerning your general information, including, by way of example and not limited to, name and surname, e-mail address, telephone number, tax code, VAT number, as well as other data that you may provide to us , for example through the forms or contact details of our organization available on the Site.
“Navigation Data”: are the data that the computer systems and software procedures used to operate the site acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User's IT environment. Such data, necessary for the use of web services, are also processed for the purpose of: obtaining statistical information on the use of the Services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.); check the correct functioning of the Services offered.
“Personal Data”: “any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characteristic of his physical identity, physiological, genetic, psychic, economic, cultural or social”, as defined by the art. 4, subparagraph 1, n. 1, of the GDPR).
“Data” or “Data”: one or more of the categories indicated as Personal Data.
“Recipient”: “the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party”, as defined by the art. 4, subparagraph 1, n. 9, of the GDPR.
“Dissemination”: “giving knowledge of personal data to undetermined subjects, in any form, including by making them available or consulting them” (as defined in art. 2-ter, paragraph 4, letter b of the Privacy Code) .
“GDPR”: EU Regulation 2016/679 “relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data and which repeals Directive 95/46/EC (General Data Protection Regulation) ”.
“Interested party”: “identified or identifiable natural person”, as defined by the art. 4, subparagraph 1, n. 1, of EU Regulation 2016/679 (so-called “GDPR”).
“Limitation”: “the marking of personal data stored with the aim of limiting their processing in the future”, as defined in the art. 4, subparagraph 1, n. 3, of the GDPR.
“Regulations” or “Regulations”: one or more of the sets of rules indicated, in this Act, as Privacy Regulations and Applicable Regulations.
“Applicable Regulations”: any provision, of any rank, belonging to Italian or European Union law, in any way applicable to the Site and/or the Contract.
“Privacy Legislation”: EU Regulation 2016/679 (“GDPR”), Legislative Decree 196/2003 and subsequent amendments and/or additions (“Privacy Code”), as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR and the Privacy Code, and the further applicable legislation, of any rank, including the opinions and guidelines developed by the Committee.
Privacy Policy: this information on the processing of personal data for the management of the Site.
“Profiling”: “any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning professional performance, economic situation, health , personal preferences, interests, reliability, behaviour, location or movements of said natural person”, as defined in art. 4, subparagraph 1, n. 4, of the GDPR.
“Publication”: the action with which the Owner communicates information on the Site, without implementing procedures that require the Visitor to view it.
“Data Controller”: “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller”, as defined by art. 4, subparagraph 1, n. 8, of the GDPR.
“Services”: indicates the services offered by the Company through the Site, including the provision of the Site itself.
“Site”: the web pages displayed through www.ducadimorrone.com, including subdomains.
“Company”: the company IDT S.p.A., with registered office in Via Quittengo 35, 10154 Turin (TO), C.F. and VAT number 10010450012, registered in the Turin company register, REA number TO-1098199.
“Online Store”: indicates the section of the Site acting as e-commerce through which you can purchase our products sold online.
“Third party”: “a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons authorized to process personal data under the authority directly by the owner or manager", as defined by the art. 4, subparagraph 1, n. 10, of the GDPR.
“Data Controller”: “the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data”, as defined by the art. 4, subparagraph 1, n. 7, of the GDPR.
“Processing”: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction", as defined by the art. 4, subparagraph 1, n. 2, of the GDPR.
“User”: indicates, without distinction, Visitors and Buyers.
“Visitor”: the natural or legal person who uses a device and navigates, via the internet, on the public pages of the Site.
“WP29”: the Working Group for the protection of individuals with regard to the processing of personal data, established pursuant to art. 29 of Directive 95/46/EC, whose tasks are set out in art. 30 of Directive 95/46/EC and art. 15 of Directive 2002/58/EC.
