This privacy policy outlines the nature, extent, and purpose of processing personal data (referred to as “data” hereafter) within our online services, including associated websites, features, content, and external online presences, such as our Social Media Profiles (collectively referred to as “online services”). For definitions of terms used, such as “personal data” and “processing,” please refer to Article 4 of the General Data Protection Regulation (GDPR).
Types of data processed
Usage data (e.g., visited websites, content interests, access times), meta/communication data (e.g., device information, IP addresses), processing of special categories of data (Article 9(1) GDPR): No special categories of data are processed.
Purpose of the processing
Providing the online services, their content, and functionalities; delivering contractual services, service and customer support, marketing, advertising, market research, and security measures.
Applicable legal basis
As per Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not specified in this data protection declaration, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and responding to inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR. Article 6(1)(d) GDPR serves as the legal basis in cases where vital interests of the data subject or another natural person require the processing of personal data. Amendments and updates to the Data Protection Declaration. We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the Privacy Policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to cooperate (e.g. to give your consent) or any other individual notification.
Security measures
In accordance with Article 32 GDPR and considering the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk. These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transmission, safeguarding availability, and separation. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted, and we respond to any threats to the data. Additionally, we consider the protection of personal data from the early stages of hardware, software, and procedure development, in line with the principle of data protection by design and by using data protection-friendly default settings (Article 25 GDPR). Security measures also include the encrypted transmission of data between your browser and our server.
Cooperation with Data Processors and Third Parties:
If, during our processing, we disclose data to other individuals and companies (data processors or third parties), transmit it to them, or otherwise grant them access to the data, this will only be done based on legal permission (e.g., for processing your order) or if you have provided consent. We may also do so on the basis of a legal obligation or our legitimate interests (e.g., when using agents, web hosts, etc.). If we engage third parties to process data based on a so-called “contract processing agreement,” this is done in accordance with Article 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosing or transferring data to third parties, this will only occur if it is necessary to fulfill our contractual obligations, based on your consent, on a legal obligation, or for our legitimate interests. Any such processing will comply with the special requirements of Articles 44 ff. GDPR.
Rights of data subjects
You have the right to obtain confirmation as to whether or not data concerning you is being processed and to obtain information about this data and receive a copy of the data in accordance with Article 15 GDPR. You have the right to request the completion of data concerning you or the correction of incorrect data concerning you in accordance with Article 16 GDPR. According to Article 17 GDPR, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with Article 18 GDPR, to demand that the processing of the data be restricted. You have the right to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to request its transfer to other responsible parties. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR.
Right of withdrawal
You have the right to revoke consents granted in accordance with Article 7(3) GDPR with effect for the future.
Right of objection
You can object to the future processing of data concerning you at any time in accordance with Article 21 GDPR. The objection may be directed in particular against processing for the purposes of direct advertising.
For the remainder of the content, please provide it in a similar format to maintain compliance with Italian laws.
Establishment of contact
When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR. The user’s details may be stored in our customer relationship management system (“CRM system”) or a comparable inquiry organization.
Collection of Access Data and Log Files:
We collect data based on our legitimate interests in the sense of Art. 6 Para. 1 lit. f. GDPR on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address, and the requesting provider. For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
Online presences in social media:
We maintain online presences based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Cookies & range measurement
Cookies are information that is transferred from our web server or web servers of third parties to the web browsers of the users and stored there for later retrieval. Cookies can be small files or other types of information storage. We use “session cookies”, which are only stored for the duration of your current visit to our online presence (e.g. to enable the storage of your login status or the shopping basket function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and, for example, log out or close the browser. Users will be informed about the use of cookies in the context of pseudonymous range measurement within the scope of this data protection declaration. If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer. You can object to the use of cookies that serve to measure reach and advertising purposes via the deactivation page of the network advertising initiative and additionally the US American website or European website.
Google Analytics
Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Article 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement, thereby providing a guarantee of compliance with European Data Protection Law. Google will use this information on our behalf to evaluate the use of our website by users, compile reports on the activities within this website, and provide us with further services associated with the use of this website and the internet. Pseudonymous user profiles of the users can be created from the processed data. We use Google Analytics to display the advertisements placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or exhibit certain characteristics (e.g., interests in certain topics or products determined by the websites visited), which we transmit to Google (referred to as “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we also aim to ensure that our advertisements correspond to the potential interest of the users and do not appear annoying. We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly. Users can also prevent the collection of data generated by the cookie and relating to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the available browser plugin. Further information on Google’s use of data, settings, and objection options can be found on Google’s websites (“use of data by Google when you use the websites or apps of our partners”), (“use of data for advertising purposes”), (“manage information that Google uses to show you advertising”). Otherwise, personal data will be anonymized or deleted after a period of 14 months.
