Privacy policy

Privacy and Cookie Policy

PRIVACY POLICY

This Privacy Policy is provided in accordance with Article 13 of the European Regulation No. 679/2016 and applies exclusively to all data collected through the website www.duestelleitalia.it. This Privacy Policy is subject to updates, which will be promptly published on the website. This Privacy Policy, together with the Terms and Conditions, any other documents referred to within it, and the Cookie Policy, establish the basis on which the personal data of the Data Subject will be processed.

Data Controller

The Data Controller of the data collected by this website is Duestelle Italia by Eniko Juhaszova, with its registered office at Baronissi (SA), 84081, via La Fora 5, email: duestelleitali@gmail.com

Personal Data

"Personal Data" means any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to their physical identity.

Categories of Personal Data Processed

Among the Personal Data processed by this website, either independently or through third parties, are common data such as: cookies, usage data, name, surname, email, phone number, tax data useful for purchase (including tax code), and personal data necessary for the delivery of the purchased product.

Methods of Processing Personal Data

The Personal Data provided or acquired will be processed based on principles of fairness, lawfulness, transparency, and protection of confidentiality in accordance with current regulations. The Data Controller processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Personal Data. Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.

Purposes of Personal Data Processing and Legal Basis

Personal Data may be collected independently by the Data Controller or through third parties. In this case, the computer systems and software procedures used to operate this website acquire some technical-informatic Personal Data of Users (e.g., IP address, type of browser used, operating system, domain name, and addresses of websites from which access or exit was made, etc.), the transmission of which is inherent to the normal functioning of the internet. These data may be processed solely for the purpose of obtaining anonymous statistical information on the use of the site and/or to ensure its proper functioning and will be deleted immediately after processing.

The Data that the Data Subject voluntarily chooses to provide will be processed in compliance with the conditions of lawfulness pursuant to Article 6 GDPR and will be processed to enable the website to provide its services, as well as for the purposes indicated below, and will be stored for the time necessary to fulfill the aforementioned purposes.

The purposes of the processing are:

a) Pre-contractual Information and Fulfillment The Data will be processed in order to be contacted or to follow up on specific requests made to the Data Controller by the Data Subject for informational communications and/or interest in purchasing the Products of the Data Controller, via email messages or by filling out the contact form and other communication tools such as, for example, phone calls.

Legal basis: This processing is optional and based on the consent of the Data Subject; however, the provision of data is necessary for the achievement of the indicated purpose.

Data retention period: Until the consent is revoked by the Data Subject.

b) Processing necessary within the scope of a contract The Data will be processed to fulfill the obligations arising from the contract entered into between the Data Subject and the Data Controller for the sale of Products on the website, to contact the Data Subject regarding the contract, and for its management, for handling legal warranty requests, assistance, withdrawal requests, contract management, and resolution.

Legal basis: This processing is necessary for the performance of the contract to which the Data Subject is a party, for the execution of pre-contractual measures, or to fulfill a legal obligation to which the Data Controller is subject.

Data retention period: 10 (ten) years or as required by law.

c) Compliance with any obligations under current laws The Data will be processed to fulfill any obligation contemplated and provided for by current laws, regulations, related standards, commercial practices, and tax/financial matters, including for the purposes provided for by anti-money laundering legislation D.lgs. 231/2007 and subsequent amendments.

Legal basis: This processing is necessary to comply with a legal obligation to which the Data Controller is subject.

Data retention period: 10 (ten) years or as required by law.

d) Soft Spam The Data will be processed to allow the Data Controller to send the Data Subject commercial and promotional communications via email, regarding products and/or services similar to the products/services subject to the sale, without the need for the express and prior consent of the Data Subject, as provided for by Article 130, 4th paragraph, Privacy Code as amended by D.lgs. n.101 of 2018, provided that the Data Subject does not exercise the right to object.

Legal basis: This processing is based on the legitimate interest of the Data Controller under Article 6, letter F, and Recital 47 of the GDPR.

Data retention period: Until the Data Subject objects.

e) Direct Marketing The Data will be processed for the direct sale of products/services, market research, sending communications and promotional, commercial, and advertising material, or related to initiatives and events, through newsletters, emails, SMS, WhatsApp, chat, direct messaging from social media, social networks, or by phone, paper mail, and other informational material.

Legal basis: This processing is based on the freely given consent of the Data Subject pursuant to Article 6, paragraph 1, letter A of the GDPR.

Data retention period: Until the consent is revoked by the Data Subject.

f) Statistics The Data will be processed to perform statistical analyses on aggregated and anonymous data to analyze the behavior of the Data Subject to improve the products and services provided by the Data Controller and to meet the Data Subject’s expectations.

Legal basis: This processing is based on the freely given consent of the Data Subject.

Data retention period: Until the consent is revoked by the Data Subject.

 

Data Processing Purposes

1. Profiling:

   • Purpose: Analyze interests, habits, and consumption choices to create profiles for personalized promotional materials.
   • Legal Basis: Consent provided by the data subject (art. 6, par. 1, lett. A of GDPR).
   • Data Retention: Until the consent is withdrawn by the data subject.

2. Satisfaction Surveys:

   • Purpose: Send surveys to assess customer satisfaction to improve products/services, without marketing intent.
   • Legal Basis: Legitimate interest of the Data Controller (art. 6, lett. F, and Consideration 47 of GDPR).
   • Data Retention: Until the data subject objects.

Data Communication

Data may be accessed by:

• Internal Personnel: Such as administrative, marketing, and IT staff involved in the website's organization.
• External Parties: Including technical service providers, hosting providers, IT companies, communication agencies, appointed as Data Processors under art. 28 GDPR.
• Public/Private Entities: Obliged by law to access the data.
• Auxiliary Entities: Performing accessory tasks related to the Controller's activities.

Data Retention Period

Data is stored for the time necessary to fulfill the service or purposes stated in the document. After this period, personal data will be deleted, meaning rights like access, deletion, rectification, and portability cannot be exercised anymore.

Cookies

The website uses cookies to enhance user experience, personalize content, provide social media features, and analyze traffic. Refer to the Cookie Policy for more details.

Data Processing Location and Transfer Abroad

Data is processed at the Data Controller's operational headquarters and may be handled by individuals or entities under contractual obligations within or outside the EU. If transferred outside the EEA, contractual measures will be taken to ensure adequate data protection.

Exercising Data Subject's Rights

Data subjects have rights under articles 7, 15-22 of the GDPR, including the right to withdraw consent, access personal data, request data portability, and object to data processing. Complaints can be lodged with the Privacy Authority or through judicial proceedings. Rights can be exercised by contacting the Data Controller via email at: duestelleitalia@gmail.com.

 

Tools Used for Personal Data Processing

CONTACT FORM

By filling out the Contact Form with their Data, the Data Subject consents to their use for responding to information requests or any other purpose indicated in the form's header. Personal Data collected through the Contact Form: Email, Name, and Phone.

EMAIL ADDRESS MANAGEMENT

These services allow the management of an email contact database, phone contacts, or contacts of any other type used to communicate with the Data Subject. These services might also allow for the collection of data related to the date and time messages are viewed by the Data Subject, as well as the Data Subject’s interaction with them, such as information on clicks on links within the messages.

Newsletter

By subscribing to the newsletter, the Data Subject's email address is automatically added to a contact list to which email messages containing information, including commercial and promotional content, related to this website may be sent. The Data Subject's email address might also be added to this list as a result of registering on this site or after making a purchase. The Data Subject can unsubscribe from the newsletter at any time by clicking a specific button found within the emails. After clicking the unsubscribe button, the Data Subject's data will be immediately deleted from the "email marketing" software. Personal Data collected: email and Name. This website uses the newsletter service provided by:

Mailchimp (The Rocket Science Group)

Mailchimp is a service that organizes and analyzes newsletter distribution. If a Data Subject does not want their Data managed by Mailchimp, they must unsubscribe from the newsletter. A link is provided in each sent newsletter for this purpose. Personal Data collected: email and name. Place of Processing: USA – Privacy Policy (link to activate https://mailchimp.com/legal/privacy/)

SECURITY MEASURES ADOPTED

This website uses an SSL certificate and HTTPS protocol to secure the input of Personal Data. With the use of this protocol, transactions and data transmitted on websites are conducted with the utmost security, and the content of the communication is not read or manipulated in any way by third parties.

reCAPTCHA

This website uses reCAPTCHA, a service subject to Google's privacy policy (link to activate https://policies.google.com/privacy?hl=en) and terms and conditions (link to activate https://policies.google.com/terms?hl=en).

REGISTRATION ON THE WEBSITE

With the registration service, the Data Subject allows the Site to identify them and grant access to dedicated services.

Registration and authentication services can also be assisted by third parties. In this case, the application may access some Data stored by the third-party service used for registration and identification.

Direct Simple Registration

The Data Subject registers directly on the site by filling out the Form and providing their Data.

Indirect Registration

The Data Subject accesses the website via:

Facebook Connect (Meta Platforms, Inc.)

Facebook Connect is a service provided by Meta Platforms, Inc. that facilitates and integrates the connection of the site with the social network. This website may request certain permissions from Facebook that allow it to perform actions with the Data Subject's Facebook account and collect information, including Personal Data, from it. For more information on the permissions involved, the Data Subject can refer to Facebook's Privacy Policy (https://www.facebook.com/privacy/explanation).

Google Account Access (Google Ireland Limited)

This service, offered by Google Ireland Limited, allows this website to connect with the Data Subject's Google account. Personal Data collected: Various types of Data as specified by the service's Privacy Policy. Place of Processing: Ireland – Privacy Policy (link to activate https://policies.google.com/privacy?hl=en)

Apple ID (Apple Inc.)

This service, offered by Apple Inc., allows this application to connect with the Data Subject's Apple account. Personal Data collected: Various types of Data as specified by the service's Privacy Policy. Place of Processing: California – Privacy Policy (link to activate https://www.apple.com/legal/privacy/en-ww/)

STATISTICS

Statistical services allow the Data Controller solely to monitor and analyze traffic data and track the behavior of the Data Subject. This website uses the following services:

Google Analytics (Google Ireland Limited)

Google Analytics is an analysis service provided by Google Ireland Limited. Google uses the Personal Data collected to track and examine the use of this website, compile reports, and share them with other Google services. Google may use Personal Data to contextualize and personalize ads on its advertising network. Google may also transfer this information to third parties where required by law or where such third parties process the information on behalf of Google. This site has IP address anonymization enabled. The IP address sent by the browser for Google Analytics purposes will not be merged with other data held by Google.

The browser add-on for disabling Google Analytics is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://policies.google.com/privacy?hl=en)

Facebook Conversion Tracking Pixel (Meta Platforms, Inc.)

Facebook Conversion Tracking (Facebook Pixel) is a statistics service provided by Facebook. The Facebook Pixel monitors conversions that can be attributed to Facebook ads. Personal Data collected: Cookies; Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://www.facebook.com/about/privacy/)

INTERACTION WITH SOCIAL NETWORKS

These services allow for interactions with social networks directly from the pages of this website. Interactions and information acquired from this website are always subject to the Data Subject’s privacy settings related to each social network. If a social network interaction service is installed, it may collect traffic data related to the pages where it is installed, even if Users do not use the service.

Facebook (Meta Platforms, Inc.)

Facebook buttons are services for interacting with the Facebook social network, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://www.facebook.com/privacy/explanation)

Instagram (Meta Platforms, Inc.)

Instagram buttons are services for interacting with the Instagram social network, provided by Meta Platforms, Inc. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://help.instagram.com/519522125107875)

Youtube (Google Ireland Limited)

Youtube buttons are services for interacting with the video content viewing service managed by Google. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://policies.google.com/privacy?hl=en)

REMARKETING AND RETARGETING

These services allow this website to communicate, optimize, and serve advertisements based on the Data Subject’s past use of this website. This activity is carried out through the tracking of Usage Data and the use of Cookies. This website uses the following services:

Facebook Remarketing (Meta Platforms, Inc.)

Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook that links the activity of this website with the Facebook advertising network. This website uses Facebook Pixel to measure conversions. With the Facebook Pixel, actions performed by people on the website can be understood. The collected Data can be used to:

• Ensure ads are shown to the right people;
• Create audience groups for targeting ads;
• Utilize additional advertising tools on the advertising platform

The information collected is anonymous to the operators of this site and cannot be used to identify an individual Data Subject. However, the information is saved and analyzed by Facebook, which may link the action to an individual profile and use this information for internal advertising purposes on Facebook, as outlined in Facebook’s privacy policy. This allows Facebook to display ads on both Facebook and third-party sites. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, refer to Facebook’s Privacy Policy (link to activate https://www.facebook.com/about/privacy/)

Google ADS

Google ADS is a service provided by Google Ireland Limited that connects this website with Google’s advertising network. This website uses Google Analytics Remarketing features combined with Google ADS cross-device adaptation capabilities. This feature allows linking target groups for promotional campaigns created by Google Analytics Marketing with the adaptability of Google ADS across different devices. This enables the display of ads based on the Data Subject's personal interests, identified through behavior analysis on the web, whether on a mobile device or other devices. Targeting and remarketing functions can be permanently disabled by disabling the “personalized ads” feature in the Google account. To do this, follow this link: https://www.google.com/settings/ads/onweb/ Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://policies.google.com/privacy?hl=en)

CONTENT ON EXTERNAL PLATFORMS

These services allow viewing content hosted on external platforms directly from the pages of this website and interacting with it. If such a service is installed, it may collect traffic data related to the pages where it is installed, even if Users do not use the service.

This website uses:

Google Maps

Google Maps is a map visualization service managed by Google that allows this website to integrate such content into its pages. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://policies.google.com/privacy?hl=en)

Youtube (Google Ireland Limited)

Youtube is a video content viewing service managed by Google that allows this website to integrate such content into its pages. Personal Data collected: Cookies and Usage Data. Place of Processing: Ireland – Privacy Policy (link to activate https://policies.google.com/privacy?hl=en)

Google Fonts

Google Fonts is a font style visualization service provided by Google Ireland Limited that allows this website to integrate such content into its pages. Personal Data collected: Usage Data; Various types of Data as specified by the service's privacy policy. Place of Processing: Ireland – Privacy Policy (link to activate https://policies.google.com/privacy?hl=en)

Stripe

Stripe is a payment service provided by Stripe Inc., which allows this website to process online payments. Personal Data collected: Various types of Data as specified by the service's privacy policy. Place of Processing: USA – Privacy Policy (link to activate https://stripe.com/privacy)

User Rights

Data Subjects have the right to:

• Access their personal data.
• Request data correction or deletion.
• Object to or restrict data processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the supervisory authority.

CHANGES TO THIS POLICY

The Data Controller may update this Privacy Policy to reflect changes in regulations or site operations. Users are encouraged to review the policy periodically. Any changes will be communicated through the website.