Della Spiga respects the privacy of every user who visits the Website and uses the Services (“User”). The policy does not apply to third party sites accessible via external hyperlinks on the Della Spiga website.
The processing of personal data of individuals will be in accordance with applicable law, with particular reference to Legislative Decree no. June 30, 2003, n. 196, containing the Code regarding the protection of personal data, as amended by Regulation (EU) no. 679 of 27 April 2016 – applicable from 25 May 2018 (hereafter referred to as “Applicable Privacy Law”).
Links to the sites mentioned above and not to other websites that may be consulted by the user through special links.
This policy and how to use and manage cookies may be subject to updates at any time. In this case, Della Spiga will publish a notice on the homepage of the site. In any case, Della Spiga invites you to periodically check the privacy statement to be informed of any changes.
TYPE OF DATA PROCESSED AND PURPOSE OF THE TREATMENT
1) Navigation data
The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data that are then implicitly transmitted in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes:
- Identification and contact data (ex. name, surname, e-mail, telephone number, etc.);
- data relating to the content of electronic communications exchanged with Della Spiga for the purposes referred to in paragraph 2 (a);
- data relating to the IP address or the ID of the device of a User through which the Site is accessed or the Services are used;
- data relating to the type of browser used by Users, as well as the date and time of use to access the Site or the Services.
2) Data retention times and conservation purpose
The data referred to in the previous paragraph are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, as well as for the following purposes:
- respond to requests from Users sent via the Site;
- improve the presentation, features and functionality of the Website and the Services, as well as the administration and management of user requests;
- allow Users to participate in surveys and surveys anonymously;
- provide assistance on the services offered, at the request of Users;
- prevent fraud or crimes committed through the Site or Services;
- fulfill legal or tax obligations pursuant to applicable law;
- subject to consent, contact Users through automated tools (email, sms, mms, social, unmanned calls) and non-automated (paper mail and telephone with operator) to offer them commercial offers and promotions, as well as involve them in market research and surveys, also by sending regular newsletters;
- subject to consent, analyze the choices and commercial preferences of Users in using the Site or Services, in order to customize the offer of products and services dedicated to them.
For the purposes referred to in letters A) to F), Della Spiga will process the personal data of Users based on their requests and their legitimate interest. For the purposes referred to in letters g) and h), Della Spiga will process the personal data of Users on the basis of their consent. Personal data processed by Della Spiga on the basis of the User’s consent will be kept for the time strictly necessary to achieve the purposes for which they were originally collected and, in any case, will no longer be processed as a result of any revocation of consent given. Where the processing of personal data should instead take place in compliance with legal, tax or judicial obligations, or to ascertain responsibility in case of hypothetical computer crimes against the site, the data may be stored up to a maximum of ten (10 ) years. For more information about the criteria and time frame for which we store your data, you can contact at the e-mail address: email@example.com
3) Data provided voluntarily by users / visitors
If users / visitors, connecting to this site, send their personal data to access certain services, or to make requests in chat and / or email mode, this involves the acquisition by Della Spiga of the address of the sender and / or any other personal data that will be processed exclusively to respond to the request, or for the provision of the service. Personal data provided by users / visitors will be communicated to third parties only if the communication is necessary to comply with the requests of the users / visitors themselves.
The data that will be provided to us through this form are the name and surname, your e-mail address and telephone number and will be used exclusively to respond to your requests or questions you would like to contact us. Providing such data is mandatory in order to formulate a request to Della Spiga and any refusal to grant them will prevent you from obtaining an answer.
5) Processing methods
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. All personal data will be processed mainly through electronic tools and methods, however the treatment by paper means is not excluded a priori by Della Spiga. The Data Controller will take all necessary security measures in order to minimize the risk of destruction or loss, even accidental, of the data, unauthorized access or processing that is not permitted or does not comply with the purposes indicated in this document. However, since it is not possible to guarantee that the measures taken for the security of the Site and the transmission of data are such as to exclude any risk of unauthorized access or loss of data, we urge the user to make sure that his computer is equipped with software updated antiviruses for data network protection – both inbound and outbound – and that your Internet service provider has adopted firewalls and anti-spam filters, or other appropriate measures for the security of data transmission.
6) Optional supply of data
Apart from that specified for navigation data, users / visitors are free to provide their personal data. Failure to provide such data may entail the impossibility of obtaining what is requested.
7) Information collected passively
In providing our services we will use software and / or third-party services to collect information passively, without your knowledge, while you are browsing or interacting with the content of our website, as well as information on the device you use. The only purpose of passive collection of this information is to learn more about how you use and interact with the Web, with the aim of improving your experience in the use of our services and identify possible errors during the implementation of the our site. The information collected includes, by way of example and not exhaustively:
- The IP address of your device
- The screen size of the device used
- Device (unique identifier) and browser information
- Geographical position (country)
- Selected language with which the website is displayed
- Pages visited
- Date and time when the pages were visited
For this purpose, we use the third-party web analysis service, which passively collects information in order to examine the use of the website and, in general, to gather information about the activities of the website. It is also noted that Della Spiga may use third party services such as Google Analytics, which collects information about your browsing through cookies or other mechanisms. Under no circumstances does Della Spiga collect or store identifying data (including, in particular, bank details or payment procedures).
8) Transfer of personal data abroad
Users’ personal data will not be transferred to countries that do not belong to the European Union and which do not ensure data protection levels in line with the applicable Privacy Law.
9) Processing of personal data of minors
The use of the Site and the Services is reserved only for users over 18 years of age. Della Spiga does not process personal data of minors under eighteen (18) years without parental consent.
10) Place of data processing
The processing operations connected to the web services of the sites indicated above take place at the registered office of Della Spiga, in Milan, Corso Venezia 21 and / or at the headquarters of the hosting company and / or management of the website and are only handled by technical staff of the Office in charge of processing, or by persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated. The personal data provided by users who request dispatch of informative material are used only to perform the service or provision requested and are communicated to third parties only if this is necessary for that purpose.
11) Data controller
The holder of the processing of personal data, as defined by art. 29 of the Privacy Code, is Della Spiga (firstname.lastname@example.org).
12) Rights of the interested parties
Pursuant to the Applicable Privacy Law, Users will be entitled to:
- be informed of the purposes and methods of processing their personal data;
- access to personal data;
- obtain a copy of your personal data, where these are stored in countries outside the European Union, as well as obtain information on the place where such personal data is stored or transferred;
- request the correction, updating or integration of personal data;
- request cancellation, anonymisation or blocking of the processing of personal data;
- oppose, in whole or in part, any processing performed through automated decision-making processes, including profiling;
- revoke your consent to the processing, where provided, freely and at any time;
- contact the Data Protection Manager of the Data Controller;
- file a complaint with the Guarantor for the protection of personal data.
Pursuant to the Applicable Privacy Law, from May 2018, Users will also have the right to exercise the following rights:
- the right to data portability, that is the right to receive personal data in a structured format, commonly used and readable by automatic device, and the possibility of being able to transmit them to another data controller freely and without impediments;
- the right to request the limitation of the processing of personal data.
Requests for updating, rectification, cancellation or otherwise relating to the processing and storage of data must be forwarded to the Data Controller at our registered office in Florence, Via dei Tornabuoni n. 1, or via email at email@example.com indicating as object: “Cancellation of personal data”. The letter must contain:
- Name and surname of the applicant
- Written request for cancellation / updating / correction
- E-mail address used for registration (e-mail)
- Password to access your personal area (if available)
- Photocopy of the identity card or passport
- Address and contact telephone
What cookies are?
As clarified by the Privacy Guarantor, available on the website www.garanteprivacy.it, cookies are small files sent by the websites visited by users and stored on the device used to access such sites (eg computer, smartphone, tablet and any other device used to access the sites). When users visit the same site again, the browser reads the cookies stored on the device and retransmits the information to the site that originally created the cookies. They are cookies that allow, for example, to perform statistical analysis based on your choices or remember which language you selected the first time you surfed our site.
Change to cookie settings
Most browsers are configured to automatically accept cookies. You can also change cookie settings or accept others and disable others. Della Spiga reminds you that removing cookies from a bit of space may limit the ability to browse the site and prevent you from doing its functions.
Below you can see how you can manage or disable cookies in each browser.
What types of cookies we use
To allow the provision of our services, we use both c.d. persistent cookies (cookies that refer to a long-term scheduled date) and c.d. session cookies, which are not stored permanently on the visitor’s computer and disappear when the browser is closed.
How we use cookie
- Technical cookies: useful in order to provide a better service to users. These include navigation cookies and internal functionalities, thanks to which the user navigates the site fluently and accesses the login area with stored credentials and preferences.
- analytical cookies: thanks to the help of Google Analytics (also includes DoubleClick), Zoopim, Yandex Metrica can be used to detect the number of visitors to the site, the pages visited, the time spent on the site and any statistical data useful to understand the profile of users and to improve the performance of our service and its tool.
- profiling cookies: they are useful in order to create “user profiles” and to send promotional messages in line with the preferences and choices that emerge from the user’s browsing. The following cookies can be used for remarketing activities with Google and / or with Facebook.
- third-party cookies: they are used to allow the sharing of site content through social networks (eg Facebook cookies, linked to the social media buttons, LinkedIn, Twitter …)
Personal data are not subject to disclosure.
Rights of the interested party.
In relation to the treatments described in the Notice, as an interested party you may, pursuant to Article 7 of the Privacy Code, exercise specific rights, including that of:
- obtain from the Controller confirmation of the existence or not of their data and their availability in an intelligible form; to have knowledge of the origin of the Data, the logic, the purposes and the modalities on which the treatment is based, together with the identification details of the Data Controller;
- obtain the indication of the managers and of the designated representative pursuant to Article 5, paragraph 2, of the Privacy Code, of the subjects or categories of subjects to whom the Data may be communicated or who may become aware of it as appointed representative in the territory of the State, of managers or agents;
- obtain cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as updating, correction or, if interested, integration of data;
- obtain confirmation that the information relating to the origin of the Data, the purposes and the method of treatment have been brought to the attention, including as regards their content, of those to whom the Data have been communicated or disseminated, except for the case where such fulfillment proves impossible or involves the use of clearly disproportionate means to the protected right;
- object, in whole or in part, for legitimate reasons to the processing of data concerning you, even if pertinent to the purpose of collection, as well as to the processing of data concerning you for the purpose of sending advertising material or direct sales or for the fulfillment of market research or commercial communication. As of 25 May 2018, as an interested party, you may exercise the following specific rights pursuant to articles 15-21 of the GDPR:
right of access – Article 15 of the GDPR: the right to obtain confirmation that personal data concerning you is being processed and, in this case, obtain access to your personal data – including a copy thereof – and communication , among others, of the following information:
- purpose of the processing;
- categories of personal data processed;
- recipients to whom these have been or will be communicated, in particular if they are recipients of non-EU third countries or international organizations;
- data retention period or criteria used;
- rights of the interested party (correction, deletion of personal data, limitation of processing and right to object to the processing);
- right to make a claim;
- right to receive information on the origin of personal data, if they have not been collected from the person concerned;
- the existence of an automated decision-making process, including profiling; in the event that the data are transferred to a non-EU third country or international organization, the existence of adequate guarantees pursuant to art. 46 GDPR;
right of rectification – Article 16 GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data;
right to cancellation (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the cancellation of personal data concerning you when:
- the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- You have revoked your consent and there is no other legal basis for the processing;
- Has successfully opposed the processing of personal data;
- the data were processed unlawfully;
- the data must be deleted to fulfill a legal obligation;
- the personal data have been collected with regard to the information society service offer referred to in Article 8 (1) of the GDPR. It is understood that the right to cancellation does not apply to the extent that the processing is necessary for the Owner, for the exercise of the rights to freedom of expression and information, for the fulfillment of a legal obligation or for the execution of a task performed in the public interest, for purposes of archiving in the public interest, scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.
right to limitation of treatment – Article 18 GDPR: right to obtain limitation of treatment, when:
- the interested party disputes the accuracy of personal data, for the period necessary for the holder to verify the accuracy of such data;
- the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
- personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
- the interested party opposed the treatment pursuant to art. 21 GDPR, in the period of waiting for the verification on the possible prevalence of legitimate reasons of the holder of the treatment with respect to those of the interested party.
right to data portability – Article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Owner and the right to transmit them to another holder without impediments, if the treatment is based on consent and is done by automated means. Furthermore, the right to obtain that your personal data is transmitted directly by the Data Controller to another data controller if this is technically feasible;
right of opposition – Article 21 GDPR: right to object, at any time for reasons related to your particular situation, to the processing of personal data concerning you based on the lawfulness of legitimate interest or the performance of a task in the public interest or exercise of public powers, including profiling, unless there are legitimate reasons for the Data Controller to continue processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defense of a right in court. Furthermore, the right to oppose the processing at any time if personal data are processed for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing. In particular, you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that affect you or that significantly affects your person, except that this decision is necessary for the conclusion or execution of a contract between you and the Owner, or is authorized by European Union law or by Italian law, or based on your explicit consent;
right of withdrawal of consent – right to withdraw consent to the processing of your data at any time, while maintaining the lawfulness of the processing based on consent before revocation;
The above rights may be exercised against the Owner by contacting the indicated references. The exercise of your rights as an interested party is free under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Holder may charge a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.