Privacy policy

PRIVACY NOTICE AND CONSENT TO THE PROCESSING OF PERSONAL DATA

For the purposes set out in EU Regulation No. 2016/679, also known as the General Data Protection Regulation (“GDPR”), concerning the protection of natural persons with regard to the processing of personal data, as defined below, we inform you that the data you provide to the data controller, as identified below, will be processed in full compliance with the aforementioned legislation and according to the following principles:

1. Data Controller

The data controller is LOMA SRL, with registered office in Italy, Ponte nelle Alpi (BL), Viale Dolomiti 54/Q, email: loma@orodolomiti.it, Tax Code and VAT No. 00936650258 (the “Data Controller”).

2. Categories of Personal Data Processed

For the purposes of this Notice, “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity, pursuant to Article 4 of the GDPR.

The following categories of Personal Data concerning you may be collected through the various services and contact channels described in this Notice, with particular reference to the e-shop available on the website https://www.orodolomiti.it/ (the “Website”):

Contact details – name, address, landline or mobile phone number, email address and similar information;

Other Personal Data – information you provide to us regarding your date of birth, education or professional status, tax code, bank details, credit card number and similar information;

Use of the Website and receipt of communications – information relating to how you use our websites, open or forward our communications, including information collected through cookies and other tracking technologies. Our Cookie Policy is available at the following link: https://www.cammillifirenze.com/it/cookie-policy.

3. Purposes and Legal Bases of Processing

The Personal Data collected are used by the Data Controller for the purposes and on the legal bases indicated below:

To provide the products and services requested by the customer in a timely and accurate manner, including the completion of online sales transactions exclusively on the Website, in accordance with the terms and conditions of sale available in the e-shop section of the Website. In this case, the processing is necessary for the performance of a contract to which the Data Subject is party or in order to take pre-contractual steps at the request of the Data Subject, pursuant to Article 6(1)(b) of the GDPR;

To comply with legal, administrative, accounting and financial obligations arising from any legal relationship to be concluded or already existing with the Data Controller, as well as related ancillary activities, and to comply with all obligations imposed by law, regulations and/or EU/international legislation. In this case, the processing is necessary for compliance with a legal obligation to which the Data Controller is subject, pursuant to Article 6(1)(c) of the GDPR;

To provide assistance services, including warranty and after-sales assistance, and related ancillary activities, including verification of the level of customer satisfaction. In this case, the processing is necessary for the performance of a contract to which the Data Subject is party or in order to take pre-contractual steps at the request of the Data Subject, pursuant to Article 6(1)(b) of the GDPR;

To inform customers about the activities and products offered on the Website by sending commercial communications via email. In this case, the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties, pursuant to Article 6(1)(f) of the GDPR;

To inform users about the activities and products offered on the Website by sending commercial communications via email. In this case, the processing is based on the circumstance that the Data Subject has given consent, which is optional, to the processing of their Personal Data for one or more specific purposes, pursuant to Article 6(1)(a) of the GDPR;

To carry out profiling activities of Data Subjects, based on characteristics, behaviours, choices and habits, in order to provide them with personalised services or promotions. In this case, the processing is based on the circumstance that the Data Subject has given consent, which is optional, to the processing of their Personal Data for one or more specific purposes, pursuant to Article 6(1)(a) of the GDPR.

Please note that consent may be personally given only by a Data Subject who is at least 14 years old. Where the minor is under the age of 14, processing is lawful only if and to the extent that such consent is given or authorised by the holder of parental responsibility.

4. Processing Methods and Security Measures

The processing of Personal Data is based on the principles of fairness, lawfulness and transparency and is carried out using IT tools or paper archives suitable for the management and transmission of such data. Processing takes place using appropriate tools, insofar as reasonable and in line with the state of the art, to ensure security and confidentiality through the use of suitable procedures designed to prevent the risk of loss, unauthorised access, unlawful use and dissemination.

The Website may contain links to third-party websites or platforms. The Data Controller cannot control or be held responsible for the conduct of such third-party websites or platforms in relation to Personal Data protection legislation. We invite you to read the privacy notices of third-party websites to verify how they collect, store or otherwise process Personal Data.

Security measures have been adopted in the settings and processing activities carried out through the Website to prevent the loss, destruction or dissemination of Personal Data. Nevertheless, the inherent security risks connected with the online transmission of Personal Data cannot be completely excluded.

5. Data Processors

For the pursuit of the purposes indicated above, the Data Controller may communicate and have the Personal Data you provide processed, in Italy and abroad, by third parties appointed by the Data Controller to process Personal Data on its behalf.

The Data Controller only uses Data Processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that processing meets legal requirements and ensures the protection of the rights of the Data Subject.

The Data Controller shares with Data Processors only the Personal Data strictly necessary for the Data Processors to perform their functions and provide the services requested by the Data Controller in relation to activities concerning Data Subjects.

The Data Controller undertakes to ensure that the processing of Personal Data by a Data Processor is governed by a contract or other legal act binding the Data Processor to the Data Controller, which sets out the subject matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data and categories of Data Subjects, as well as the obligations and rights of the Data Controller.

Furthermore, Personal Data may be communicated to competent public bodies and authorities where required by applicable legislation and/or to third parties for the exercise of a right in judicial proceedings, in accordance with the GDPR.

The categories of Data Processors to whom Personal Data are communicated may be obtained by contacting the Data Controller at the following email address: loma@orodolomiti.it.

6. Transfer of Personal Data Outside the European Union

Within the scope of its contractual relationships, the Data Controller may transfer the Personal Data processed to countries located outside the European Economic Area (EEA), including by storing them in databases managed by entities operating on its behalf. The management of databases and the processing of Personal Data are connected to the purposes of processing and are carried out in compliance with applicable Personal Data protection legislation.

Where Personal Data are transferred outside the EEA to countries for which no adequacy decision has been adopted by the EU Commission, or where processing outside the EEA is not necessary for the performance of contractual services in favour of the Data Subject, the Data Controller will adopt all appropriate contractual measures to ensure an adequate level of protection of Personal Data, including agreements based on the standard contractual clauses adopted by the EU Commission to regulate the transfer of Personal Data outside the EEA.

7. Retention of Personal Data

The Data Controller retains Personal Data only for the time necessary to achieve the purposes for which they were collected or for any other related legitimate purpose, for example where they are relevant for defending against claims brought against the Data Controller or where there is a legitimate interest. If consent is withdrawn, the Personal Data may still be retained in order to manage any disputes and/or litigation.

Without prejudice to the right to erasure within the limits provided for by law, where the retention of Personal Data is no longer permitted or required by applicable legislation, the maximum retention period for Personal Data will be seven (7) years from the date of the Data Subject’s last interaction with the Website.

8. Rights of Data Subjects

We remind you that each Data Subject may exercise their rights relating to the protection of Personal Data at any time.

In particular, the Data Subject has the right to:

Receive, free of charge, clear information regarding the Personal Data that the Data Controller processes and stores, including the right to know what Data have been collected and how they are processed;

Request the amendment of their Personal Data where they are no longer up to date or accurate;

Request the deletion of their Personal Data, within the limits provided for by law;

Restrict the processing of the Personal Data provided in certain circumstances;

Receive the Personal Data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another data controller without hindrance from the data controller to whom they were provided;

Object to the processing of their Personal Data;

Withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

Lodge a complaint with the competent supervisory authority.

These rights may be exercised by sending a written communication by email to: loma@orodolomiti.it.