INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA
At SAPHIR we protect the personal data of our customers and guarantee that the way in which we process your data complies with the provisions of the privacy legislation as per Legislative Decree 30 June 2003, n. 196 referring to the "Code regarding the protection of personal data" (the “Code”) and integrated with the amendments introduced by Legislative Decree 10 August 2018, n. 101 to implement EU Regulation no. 679/2016 (the "GDPR").
Graziella Boutique s.r.l. Headquartered in Italy, C.so G. Matteotti 47, Sanremo, registered in Imperia, tax code and VAT number 01427380082, certified electronic mail address firstname.lastname@example.org, telephone number +39 0184 532634 (hereinafter "SAPHIR" or the "owner") is the Controller of the data collected on the Website and will process the personal data for the purposes and in accordance with the procedures set out below. The user can contact SAPHIR via e-mail at email@example.com.
Processing of personal data shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Collected personal data and purpose of the processing INFORMATION AUTOMATICALLY COLLECTED THROUGH THE USE OF THE WEBSITE To customize the user navigation experience, the Website uses profiling cookies, also of third-parties, and similar technologies, through the web platform Google Analytics.
To improve its services, SAPHIR may designate third parties, such as web marketing agencies, to carry out profiling activities for their own account.
Cookies are small text files saved by the browser and stored on the user device. Cookies allow the site to function efficiently and/or improve its services.
demographic information; location information information concerning the use of Website functionalities and browsing; elaborations and associations with data owned by third parties; log data and device information. This information is not collected to be associated with specific individuals. It is used for the sole purpose of collecting anonymous statistical information on the use of the Website, to control its correct functioning and to improve the browsing experience.
The data could be used to determine responsibility in case of hypothetical computer crimes against the Website.
The association with a specific user occurs only following the purchase of a product, the registration on the Website and/or the subscription to the newsletter and enables SAPHIR to provide a service in line with the preferences expressed.
INFORMATION PROVIDED DIRECTLY BY THE USER
To access the Website and its content and to make a purchase, no registration is required.
SAPHIR shall process the following identifiable, non-sensitive personal data, which must be communicated by the user who decides to purchase a product on the Website:
e-mail address; full name; Country full address telephone number tax data needed for each country; billing address if different from shipping address information regarding the payment transactions, partly encrypted, collected by SAPHIR in order to be able to verify the correctness of the payment. The communication of the user personal data is compulsory to purchase, pay and receive the products, as well as to enable our Customer Service to provide customers with after-sale service. It is a necessary condition for the proper and timely execution of the contract. In its absence, it will be impossible to provide the requested services..
With reference to the data necessary for the delivery, please note that they are communicated to the commercial partners who supply the products, as well as to couriers in order to carry out the delivery service.
With reference to the transaction information, please note that payments are received through authorized external payment providers in charge of managing payment data in compliance with the law (Paypal), or directly to SAPHIR current account via bank transfer.
At this stage, SAPHIR may process the following categories of personal data, obtained through automated processes:
historical data, relating to possible previous purchases and order information SAPHIR processes the following identifiable, non-sensitive personal data, which must be communicated by the user who decides to register on the Website creating an account:
e-mail address; password (encrypted) provided by the user during the account registration process in order to access the account. At this stage, SAPHIR may process the following categories of personal data, obtained through automated processes:
data regarding the user activity on the Website (e.g. pages visited, content viewed, clicks...) data regarding purchase history In his/her personal area, the user may optionally indicate other personal data (name and surname, gender, residence or domicile, telephone number, date of birth, tax code and preferences for brands, types of articles and sizes).
The data shall be used by SAPHIR for the account management and the improvement of the use of services by the user.
In case the registered user decides to make a purchase, compulsory data and optional data eventually provided during registration will be used, if necessary, for order management, too; the missing data for the order management will be requested during the purchase.
The registration shall enable a faster purchasing process, the possibility of monitoring orders’ status, managing vouchers, view purchase history and details, write reviews about the purchased products, manage the account settings, keep the information updated.. At any time, the user shall have access to his/her personal data to modify them, request that SAPHIR delete their personal data where possible, exercise the rights set forth in the law. In case the user, during the registration, declares he/she wants to receive newsletters, selecting the non compulsory option of subscribing to our newsletter and providing the required consent, the provided e-mail address will also be used to communicate promotions and marketing content.
SAPHIR shall process the following identifiable, non-sensitive personal data communicated by the registered or unregistered user who decides to subscribe to the newsletter service; this data will be processed only upon specific consent:
e-mail address optional preferences regarding the news service (e.g. updates on men’s/women’s products) At this stage, SAPHIR shall process the following categories of personal data, obtained through automated processes:
location data and data regarding the way the service is used (open rate, clicks...) These data will be used to update the user, via e-mail and other digital communication channels (e.g. through advertising platforms, such as Facebook and Google), on new arrivals, exclusive discounts and to share marketing content related to the offered services based on the preferences expressed by the user.
The user can choose not to receive marketing communications at any time, by clicking on the dedicated unsubscribe link at the bottom of any marketing e-mail. Alternatively, the user can send an e-mail to firstname.lastname@example.org with "Unsubscribe" in the subject, expressing their wish to stop receiving marketing communications
OPTIONAL DATA PROVIDED BY THE USER
As already stated, the user can choose to provide extra data to improve his/her browsing experience. This extra data will be processes only upon specific consent:
Additional information. The user may choose to provide additional information (such as gender and language preferences) through the account settings. Failure to provide the optional data shall not affect the conclusion of the purchase.
The optional, explicit and voluntary sending of e-mail messages to the addresses posted on the Website entails the subsequent acquisition of the sender address, which is necessary to answer any queries, as well as of any other personal information included in the message.
PURPOSE OF PROCESSING
Users’ personal data, freely communicated and acquired directly and/or through third parties in the course of the activity carried out by SAPHIR, are collected electronically in relation to the purpose for which they are processed.
A) Without the express consent of the user (art. 24 lit. a, b, c and art. 6 lit.b of the Code, and GDPR), for the following purposes related to the activation and operation of the services furnished by SAPHIR:
to fulfil pre-contractual, contractual and fiscal obligations (e.g. to allow order management, invoicing and product delivery, also through Customer Service, to provide the customer with the procedures for the execution of this contract and the necessary communications); to fulfill the obligations required by laws, regulations and Community legislation, or provisions issued by authorities empowered to do this by law; to prevent or find out abuse and fraudulent conduct harmful to the website; to exercise the Data Controller rights, e.g. the right to legal defense. The supply of the data as required during the activation of Services is mandatory, since strictly necessary to pursue the purposes in question.
B) Only upon specific and distinct consent (articles 23 and 130 of the Code and art. 7 GDPR), for these marketing purposes:
to send, via e-mail or other digital communication channels, newsletter, commercial communications and/or advertising materials for products and services offered by SAPHIR, also according to the preferences expressed by the user; The supply of the data for the above purposes is optional. Failure to provide consent shall not have any consequences on the purchase of products and/or the supply of Services.
METHODS OF DATA PROCESSING
The processing of personal data is performed through the operations listed in Art. 4 of the Code and in Art. 4 n. 2 GDPR: collection, recording, organization, consulting, communication, storing, processing, modification, selection, retrieval, comparison, utilization, interconnection, blocking, erasure and destruction of data, mainly carried out using electronic means by ensuring the use of adequate measures for the safety of the data processed and by guaranteeing the confidentiality of such data.
DATA TRANSMISSION SAPHIR
undertakes to treat as confidential all personal data and information provided by the user and to not reveal them to unauthorized persons, or use them for reasons other than those for which they were collected. Personal data will be transmitted, after the signing of a commitment to confidentiality of data, only to delegated and/or appointed subjects who carry out activities necessary for the execution of the contract between supplier and customer, whether they are SAPHIR employees or third parties, such as for example consultants, suppliers of products, transport services and payments, and used exclusively for this purpose. Personal data may be transmitted to Public Administrations, judicial authorities and subjects to whom the communication is mandatory for the performance of the institutional functions within the limits established by the law or regulations.
User personal data, memorized on electronic supports, is preserved and archived on servers placed on the European Union territory. SAPHIR software is protected by encrypted access and through appropriate passwords, complying with appropriate safety requirements. In any case, it is expressly understood that the Data Controller may move its servers to extra-EU territories. In this case, SAPHIR ensures that the extra-EU data transfer will occur pursuant to applicable provisions of the law, only after the signing of the standard contractual clauses provided by the European Commission.
DURATION OF DATA STORAGE
In any case the collected data will be kept for a period of time depending on the processing purpose. At the end of the processing period, all data will be safely deleted or otherwise rendered anonymous in an irreversible way.
At any time, the user has the right to request information regarding his/her personal data owned by the Data Controller. In particular, as data subject, the user enjoys the rights provided by articles. 7 of the Code and 15 of the GDPR, and precisely:
1. to receive confirmation of the existence or not of personal data concerning himself/herself, even if not yet registered, and their intelligible communication;
2. to obtain the following information: a) the source of personal data; b) the purposes and method of processing; c) the method applied in the case of processing carried out with the aid of electronic means; d) information identifying the Data Controller, the Processors and the designated representative of the company, pursuant to art. 5, paragraph II of the Code and art. 3, paragraph 1 of the GDPR; e) subjects or categories of subjects to which personal data may be provided or who may be made aware of it as supervisors or officers;.
3. to obtain: a) the updating, correction or, when they are interested, additions to the data; b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed; c) certification that the parties to which the data have been transferred or disseminated have been notified of the operations specified in points a) and b), also regarding their content, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected;
4. to fully or partially object: a) for legitimate reasons, to the processing of personal data, even if pertinent to the purpose of collection; b) to the processing of personal data for the dispatch of advertising or direct sales material or for the conduction of market research or business information, through automated calling systems, e-mail and/or traditional methods of marketing, telephone and/or mail.
If applicable, the person concerned enjoys the rights provided by artt. from 16 to 21 GDPR (right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object to the processing), as well as the right to lodge a complaint with the authority in charge.
MODALITIES FOR THE EXERCISE OF THE RIGHTS
To exercise his/her rights, as well as to receive information regarding the subjects where data is stored or to whom data is communicated, or rather regarding the subjects that, as data processors or persons in charge, may learn about personal data, the user can contact at any time SAPHIR at the e-mail address email@example.com.
MINORS This website and the goods of services are not intended for minors; therefore, the owner does not intetionally collect personal data referring to minors. Should any information about minors accidentally collected, the owner will promptly delete it, if required by users.
CHANGES TO THE PRESENT DOCUMENT