The website www.steloitaly.com is managed by Stelo srl unipersonale, in the capacity of Data Controller, and the security and privacy measures applicable to this website have been defined and developed to ensure that the personal data, provided directly by the User on the pages of the website at the time of registration and subsequently for the use of the services provided by Stelo srl unipersonale, are processed in compliance with the provisions of Legislative Decree 196/2003 integrated with the amendments introduced by Legislative Decree no. 101 of 10 August 2018 regarding the protection of personal data (“Privacy Code”) and, following the entry into force of EU Regulation no. 679/2016 (“GDPR”), in accordance with the provisions of Article 13 of the aforementioned former Regulation
Stelo srl unipersonale informs the User of the following:
Processing of personal data shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not stored in a database, whether or not by automatic means, such as collection, recording, organisation, structuring storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction. The data will be processed by Stelo srl unipersonale in compliance with the necessary security and confidentiality, using the following methods: collection of data from the data subject, collected and recorded for specific, explicit and legitimate purposes and used in further processing operations in terms compatible with those purposes, processing carried out with the aid of electronic and automated tools (collection of data by telematic means, directly from the data subject).
1. SOURCES AND PERSONAL INFORMATION THAT Stelo srl unipersonale COLLECTS FROM USERS:
- Information provided by the User during the site registration process such as:
◦ Personal data
◦ email address
- Browsing Information. When the User navigates on the Site, Stelo srl unipersonale uses certain technologies, logs and cookies (see below for more information) that automatically collect certain information, such as the IP address used by the User to navigate on the Site, the pages viewed, technical information that may include the User’s URL, browser information, language.
This information allows Stelo srl unipersonale to constantly improve the browsing experience and purchasing mechanism of its products and services and monitor the site’s correct functioning. This information includes only statistical data on the activities performed by the User, and is not intended to be associated with the User’s personal identification data (anonymisation).
2. DATA CONTROLLERS.
The data controller of personal data is the company pursuant to art. 26 of the GDPR: Stelo srl unipersonale with registered office Via Monte Stelvio 1 - 36030 Caldogno (VI);
3. PURPOSE OF PROCESSING
The User’s personal data, freely communicated and acquired as a result of the activity carried out by Stelo srl unipersonale, will be processed lawfully and fairly for the following purposes:
A. Contractual purposes
The information collected by Stelo srl unipersonale is used for the following contractual purposes without the users’ prior consent, pursuant to Articles 6 and 7 of the GDPR:
- to enable users to register on the Site;
- to provide the services available through the Site (e.g. management of the registration and account access procedure, account management);
- for the technical management of the Site and its operational functions, including the resolution of any technical problems, statistical analysis, testing and research;
- to prevent or deter fraudulent activities or misuse that may damage the site or compromise the security of operations;
- to comply with obligations laid down by law, regulation or EU legislation and to exercise their rights in court.
- to fulfil the User’s requests (e.g. handling of information requests);
- to send users operational communications related to the provision of the service.
B. Commercial purposes
Only with the specific and separate consent of the User and until this is revoked (Art. 130 of the Privacy Code and Articles 6 and 7 GDPR):
- use of one’s personal data, in particular of email and mail addresses, by the holders, to send commercial proposals relating to and/or connected with the services and for sending advertising material relating to the aforementioned products or services or commercial communications, including the newsletter relating to offers on the Site. Failure to consent to the purposes set out in point 3B will in no way affect the User’s ability to register with the Site and to use its services.
You may object to the processing referred to in 3B at any time after giving your consent:
- - via a link at the bottom of any promotional email sent;
- - by sending an email to firstname.lastname@example.org;
- - by accessing the ‘contact’ section within the site and sending a specific request for cancellation/modification of the preferences granted;
4. REGISTRANT’S ACCOUNT
- Personal data
- email address
5. LEGAL BASIS OF PROCESSING
The legal basis for the processing is the User’s consent, the fulfilment of a contractual obligation and legal provisions.
6. LEGITIMATE INTERESTS PURSUED BY DATA CONTROLLERS
The legitimate interests pursued by the data controller in data processing is to respect and honour the contractual obligations between the parties. Pursuant to Article 6 of the GDPR, the lawfulness of the processing is based on the manifestly expressed consent of the data subject, documented in writing.
7. NATURE OF THE PROVISION OF PERSONAL INFORMATION AND CONSEQUENCES OF REFUSAL
The provision of information for contractual purposes is voluntary and optional.
The provision of the data requested at the time of activation of the services, for the purposes set out in section 3A above, is compulsory, insofar as it is strictly necessary for the performance of the services.
Any refusal to provide data will result in the impossibility of completing the user registration process and thus of providing the desired services. The provision of data for the purposes set out in section 3B above is optional.
8. METHODS OF PROCESSING
The processing of user information is carried out only if necessary and carried out by means of the operations indicated in Article 4 of the GDPR, namely, the data are collected electronically and processed by means of registration, consultation, communication, storage, deletion, carried out mainly with the aid of electronic instruments, ensuring the use of appropriate measures for the security of the processed data and guaranteeing their confidentiality.
The User’s data, stored on electronic media, will be kept and archived on a server or cloud space owned by the data controller.
In particular, the data controllers declare that the data recorded on the server are protected against the risk of intrusion and unauthorised access and that they have also adopted appropriate security measures to guarantee the integrity and availability of the data as well as the protection of the relevant areas and premises for their safekeeping and accessibility. Personal data will be processed by collaborators and/or employees of the data controllers as data processors or persons in charge of the processing, within the scope of their respective functions and under the instructions given by the data controllers. The data controllers guarantee the highest level of security in handling user data.
Any information provided relating to credit cards is not stored. Holders do not have access to confidential information relating to credit cards, which intermediaries and card issuers will process in accordance with the Privacy Code and European Regulation 679/2016.
9. CATEGORIES OF PERSONS WHO MAY ACCESS THE DATA
Any personal information provided will be processed by Stelo srl unipersonale as Data Controller. Personal information will be processed by the staff responsible for processing the personal information collected:
- - employees and consultants authorised to manage the Site and provide related services (e.g. customer service, computer systems management) as data processors and/or systems administrators and/or internal processors;
These suppliers will process personal information as external data controllers based on appropriate contractual commitments and/or letters of appointment.
Finally, information may be accessed by the external data controller to manage the services (e.g. commercial communications) and fulfil the contractual purposes outlined above, including data analysis and the provision of marketing assistance.
Stelo srl unipersonale is committed to protecting user information and informs users that the password is one of the mechanisms for protecting the account, so users are advised to use a sufficiently secure password kept in a safe place, limiting access to the account to their own computers and browsers, and logging out after visiting the site.
Appropriate security measures are used to protect information from unauthorised access or modification and from the transmission or distribution of data.
To prevent unauthorised access, maintain data accuracy and ensure the correct use of information, appropriate physical, electronic and managerial procedures are used to safeguard and secure the information and data stored in its system.
Stelo srl unipersonale believes that the measures taken reduce the possibility of security problems to a level appropriate for the data type in question.
11. DURATION OF PROCESSING AND DATA RETENTION PERIOD
The processing of personal data regarding the purposes set out in section 3A shall last as long as necessary for the performance of the services requested, to which shall be added the further period provided for by law in order to comply with the civil, tax and fiscal obligations in force.
The processing of personal data regarding the purposes set out in section 3B shall last as long as necessary to perform the services requested unless explicitly requested to be deleted.
At the end of the data processing period, the data must be deleted, i.e. permanently anonymised.
12. RIGHTS OF THE USER’S DATA
Pursuant to Article 15 GDPR, the User has the right to:
- - obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet recorded, and their communication in intelligible form;
- - obtain the indication:
- ◦ the origin of personal data;
- ◦ the purposes and methods of the processing;
- ◦ the logic applied in the case of processing carried out with the aid of electronic instruments;
- ◦ the identification details of the holder, the persons responsible and the representative designated pursuant to Articles 2 and 3(1) GDPR;
- ◦ of the persons or categories of persons to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees;
- - to obtain:
- ◦ updating, rectification or, when interested, supplementation of data;
- ◦ the deletion, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is not necessary for the purposes for which the data were collected or subsequently processed;
- ◦ certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or to which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- - object in whole or in part:
- ◦ for legitimate reasons to the processing of personal data concerning him/her, even if relevant to the purpose of collection;
- ◦ to the processing of personal data concerning him/her to send advertising or direct sales material or for the performance of market research or commercial communication, using automated calling systems without the intervention of an operator, by email and/or by traditional marketing methods via telephone and/or paper mail. Please note that the data subject’s right to object for direct marketing purposes by automated means extends to traditional marketing methods and that, in any case, the data subject’s right to object may also be exercised in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication;
- - to ask the Data Controllers for access to personal data (art. 15 GDPR), rectification (art. 16 GDPR) or erasure (art. 17 GDPR) of the same, restriction of processing or to object to their processing (art. 18 GDPR);
- - the outward portability of your data processed in automated form where applicable;
- - to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before revocation;
- - to lodge a complaint with the Italian Data Protection Authority; To exercise the above-mentioned rights, as well as to receive information on the subjects where the data are stored or to whom the data are communicated, or on the subjects who, in their capacity as data processors or persons in charge of data processing, may become aware of your data, you may contact the data controllers by sending a request to the following email address: email@example.com.
13. TRANSFER OF PERSONAL DATA
The management and storage of personal data will take place on servers located within the European Union. Data will not be transferred outside the European Union.
14. DATA OF UNDER-AGE USERS
The website is not intended for minors under the age of 18 and Stelo srl unipersonale does not knowingly collect personal information from them.
In the event of accidental registration of any information on minors, Stelo srl unipersonale will promptly delete it at the request of users.
Should Stelo srl unipersonale make changes that the company deems important, users will be informed via the website.
16. LINKS TO THIRD-PARTY WEBSITES
The User should therefore contact and/or consult the third party in question directly for further information on the privacy procedures adopted by the third party.