This document contains the description of the management of the website www.shop.iarp-plugin.com (hereinafter also referred to as “website”), with reference to the processing of personal data of the users who use it.
Pursuant to and for the purposes of Article 13 of EU Regulation 2016/679, Epta SpA, as Data Controller (hereinafter also “Data Controller” or “Company”) is required to provide this Information Notice – regarding the processing of personal data of individuals- who access through this website. The information is provided only for this website and not for other websites that may be consulted by the user through links.
The purpose of this document is to provide information about the methods, purposes, storage times of data, the place of processing and the rights of the interested parties.
1. Data Controller
Following consultation of this website, data relating to identified and identifiable persons may be processed.
The data controller of personal data is EPTA S.p.A. with registered office in Milan, via Mecenate 86, zip code 20138.
2. Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system and computer environment.
An indicative list of information we may collect is as follows:
− Internet Protocol (IP) address;
− browser type and parameters of the device used to connect to the site; ü name of the internet service provider (ISP);
− date and time of visit;
− Web page of origin of the visitor (referral) and of exit;
− possibly the number of clicks.
The data in the possession of the Owner are normally collected directly from the interested parties and, only occasionally, also from third parties.
These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
3. Data provided voluntarily by the user
The use of the website services, the optional, explicit and voluntary sending of electronic mail to the addresses indicated on the site or the filling in of the appropriate forms, involves the subsequent acquisition of the sender’s address and personal data necessary to provide the requested service and/or respond to requests, as well as any other personal data included in the message (and attachments to the same) or in the appropriate forms.
The data will be processed by computer and telematics, to provide the requested service and / or respond to requests.
4. Purposes and legal basis of the treatments
The data collected are processed by the Owner solely for the purposes listed below:
a) respond and/or follow up on your requests;
b) further develop, customize and improve our Services, based on the common or personal preferences, experiences and difficulties of Visitors and Users;
c) provide you with ongoing technical assistance and support;
d) fulfill a legal obligation to which we are subject;
e) Allow navigation through the public web pages of the website;
f) respond to requests received through the e-mail addresses published on the site;
g) obtain anonymous statistical information on the use of the site (e.g. analysis of the most visited pages);
h) obtain anonymous statistical information on the geographical areas of origin;
i) check the correct functioning of the site;
j) the ascertainment of eventual responsibilities in case of offences committed to the detriment of the site.
5. Communication to third parties and disclosure of personal data (Dissemination)
Salesforce.com Italy S.rl. works with a number of selected service providers whose services and solutions complement, facilitate, and enhance ours. These include server hosting and co-location services, communications, information security services, billing and payment processing services, web analytics, session recording and remote access services, content providers, and our legal and financial advisors.
Such Third Party Services may receive or otherwise have access to our Users’ Personal Information, in whole or in part, depending on their particular roles and purposes aimed at facilitating and improving our Services and may use it only for such purposes.
6. Temporal duration of processing and storage of personal data
The processing operations referred to in this information notice will have the duration strictly necessary to fulfil the obligations imposed on the Data Controller by national and/or supranational laws, as well as by the laws of the countries to which the data may be transferred. By way of example, personal data, in the event of a contractual relationship, will be processed and stored for the entire duration of the relationship and, subsequently, for 10 years (ordinary limitation period). In case of pre-contractual commercial negotiations, the data will be kept for the period of one year from the conclusion of the negotiation.
For the purpose of direct marketing, the duration of data retention is 24 months from the registration to the website, or until revocation of consent given by you for that purpose if earlier.
7. Categories of personal data processed for contractual and legal purposes
The categories of personal data processed are personal data, contact data, contractual data (e.g. customer code, product code), tax data, data relating to products purchased, website registration data, navigation data.
The conferment of personal data referred to in the preceding paragraph – for the purposes of executing the sales contract – is necessary to manage your purchase and provide services related to the sale (such as after-sales service, registration to the website). The refusal to provide such personal data does not allow the possibility to finalize the purchase and use the services indicated.
We may also process personal data in pursuit of our legitimate interests, provided that the interests or fundamental rights and freedoms of the Data Subject do not prevail.
8. Rights of the interested parties (articles 15 to 22 of the Regulation)
Finally, we would like to inform you that articles 15 to 22 of the Regulation give the interested parties the right to exercise specific rights. In particular, the interested parties may obtain from the Data Controller, with regard to their personal data: access (art. 15); rectification (art. 16); erasure – oblivion (art. 17); limitation of processing (art. 18); notification in case of rectification, erasure or limitation (art. 19); portability (art. 20); right to object (art. 21) and not to be subject to automated decision-making processes and profiling (art. 22). The interested parties have the right to lodge a complaint with the Control Authority.