This document describes how to manage the website (“Site”), with reference to the processing of personal data of users (“User / Users”) who consult it.
It is a disclosure pursuant to art. 13 of Legislative Decree no. 196/2003, so called Code regarding the protection of personal data (hereinafter “Privacy Code”) and article 13 of EU Regulation 679/2016 (hereinafter “GDPR”), to all those who visit the Site and interact with the web services of IDT Spa – Ayay, accessible through the Site.
1. DATA PROCESSING HOLDER
The data controller of your personal data is IDT Spa, with registered office in Via Varallo 24 / b 10153 Turin – Italy, P.iva (insert), (hereinafter “Ayay” or “Owner”) firstname.lastname@example.org.
2. WHICH TYPES OF DATA WE TREAT
2.1 NAVIGATION DATA
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This information is not collected to be associated with identified subjects, but by their very nature could allow users to be identified.
These data are used only to obtain anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing.
For the processing of data by cookies, please read the relevant policy, available at this link.
2.3 THE DATA PROVIDED TO US
The Data Controller processes personal, identifying and non-sensitive data (name, surname, e-mail address, address, city, data relating to the shipment, telephone number) in the following “Personal Data”.
The User assumes responsibility for the data of third parties published or shared through the Website and guarantees to have the right to communicate or disseminate them. The User declares to be of age, freeing the Owner from any responsibility.
3. WHY WE TREAT YOUR DATA AND WHAT LEGAL BASIS
The processing of the User’s Personal Data by the Owner is aimed at:
- pursue, in accordance with art. 6.1, lett. f) of the GDPR, its own legitimate interest, consisting in guaranteeing the security of the Site and the information exchanged on it, that is the ability of such Site to withstand, at a given level of security, unforeseen events or unlawful or malicious acts compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible;
- for the fulfillment of pre-contractual and contractual obligations following a request for information, sale of the products offered by ayay.it, purchase made in-store / online, (eg tax and accounting obligations);
only with his specific and distinct consent, in accordance with articles 23 and 130 of the Privacy Code and art. 7 of the GDPR, for marketing purposes:
a. sending newsletters and communications with commercial and promotional, informative and / or advertising content in relation to Ayay products or services, as well as statistical analysis and market research strictly related to the services offered through the www.ayay.it portal;
b. to send commercial proposals relating to services and products provided by third parties or unrelated to the products and services provided by the Ayay site;
- to exercise the rights of the Owner, for example the right of defense;
only with his specific and distinct consent, in accordance with articles 23 and 130 of the Privacy Code and art. 7 of the GDPR for the performance of profiling activities, such as the analysis of habits or consumption choices of Ayay customers by dealing, mainly(i) data relating to the date and time of display by the User of e-mail messages containing information, including commercial and promotional information relating to the www.ayay.it site, as well as to the User’s interaction; with them and information on clicks on the links inserted in the messages.
(ii) the data acquired during the customer’s purchases of products on the www.ayay.it website, therefore, also through the detection of the type and frequency of purchases;
- to fulfill the obligations required by law, by a regulation, by EU legislation or by an order of the Authority.
4. WHAT HAPPENS IN THE EVENT OF ANY REFUSAL TO ANSWER
5. METHOD OF TREATMENT
Personal Data is processed by computer and automated systems for the time necessary to achieve the purposes for which it is collected.
It should be noted, in particular, that the User’s personal data are processed both on paper and / or electronically, also with the aid of electronic means by the Data Controller or by subjects duly appointed to perform of these tasks (data entry companies, for purposes related to the execution of the service, to the management of the purchase order of the online products, to the payment management), constantly identified and / or named, appropriately trained and informed from the constraints imposed by the law, as well as through the use of security measures aimed at guaranteeing the protection of your privacy and avoiding the risks of loss or destruction, unauthorized access, unauthorized processing or processing that does not comply with the aforementioned purposes.
6. TO WHOM WE CAN COMMUNICATE YOUR DATA
In any case, the communication of data to companies expressly entrusted with performing certain services within the activity carried out by the Owner and / or, in general, in his favor, which will operate as autonomous holders and / or data processors, as well as the communication and / or dissemination of data required, in accordance with the law, by police forces, judicial authorities, information and security bodies or other public entities for defense or security purposes. State or prevention, detection or repression of crimes. The data are not subject to disclosure.
7. DATA TRANSFER
Personal Data is managed and stored on servers located in the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers in Italy and / or in the European Union territory and / or in extra-EU countries. In this case, the Data Controller ensures from now on that the extra-EU data transfer will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses envisaged by the Commission European.
8. YOUR RIGHTS
According to the art. 7 of the Privacy Code and Articles 15 and ss. of the GDPR, the User has the right to obtain:
- confirmation of the existence or not of Personal Data concerning you, even if not yet recorded, their communication in intelligible form and access to them;
- a copy of your personal data;
- the correction of your Personal Data which may be inaccurate;
- the cancellation of your Personal Data;
- the limitation of the processing of your personal data;
- in a structured format, commonly used and readable by automatic device, the Personal Data that you have provided to us or that you yourself have created;
- the indication:
- of the origin of Personal Data;
- of the categories of Personal Data processed;
- of the purposes and methods of processing;
- of the logic applied in the case of processing carried out with the aid of electronic instruments;
- of the identification data concerning the Data Controller and any data supervisors;
- of the period of storage of your Personal Data or of the criteria useful for determining this period;
- the subjects or categories of subjects to whom the Personal Data may be communicated or who can learn about them as appointed representative in the State, as managers;
- updating, rectification or, when interested, integration of data;
- the transformation into anonymous form or blocking of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- Furthermore, the User has the right to object, in whole or in part:
- for legitimate reasons, to the processing of Personal Data concerning you, even if pertinent to the purpose of the collection;
- to the processing of Personal Data concerning you for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication.
To exercise the aforementioned rights, Users can send a communication to the Holder’s e-mail address, as per the previous art. 1, indicating “Privacy” in the subject. Finally, we inform you that if you believe your rights have been violated by the owner and / or a third party, you have the right to complain to the Guarantor for the Protection of Personal Data and / or to another competent control authority in strength of the GDPR.
9. FOR HOW LONG WE KEEP AND TREAT YOUR PERSONAL DATA
The User’s Personal Data will be processed by the Data Controller for the period of time necessary to achieve the purposes of the processing referred to in article 3 above, after which they will be kept only in compliance with the applicable legal obligations, for administrative purposes and / or to assert or defend one’s own right. In particular, for marketing purposes, the User’s Personal Data will be kept by the Data Controller for a maximum of two years; for profiling activities the Data will be kept for a period not exceeding one year.
Finally, we inform you that if you believe that your rights have been violated by the Owner, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data and / or other competent control authority under the Regulation. To this page http://www.garanteprivacy.it/home/urp