(Articles 13 and 14 of European Regulation No. 679/2016)
Introduction The following information is intended for all individuals who visit and interact with the e-commerce website of the company:
Brusidue srl, Via Paolo Lomazzo No. 58, 20154 Milan, Italy
referred to as the "web store" ("e-shop"), where products can be purchased online.
Brusidue srl, VAT number 07587590154, in its capacity as "Data Controller," informs you, in accordance with Articles 13 and 14 of European Regulation No. 679/2016 (hereinafter "EU Regulation"), that your data will be processed as follows:
1. Purpose of Processing
The Data Controller informs you that personal data, including identification data (e.g., name, surname, company name, address, phone number, email, bank and/or payment information, etc.), hereinafter referred to as "personal data" or simply "data," related to you, acquired verbally or directly through third parties in the past, as well as data that will be collected in the future, may be subject to processing in full compliance with the EU Regulation. The Data Controller processes the data lawfully, specifically for the execution of a contract of which you are a party or for the execution of pre-contractual measures (e.g., preparation of an offer, etc.) requested by you (Art. 6 of the EU Regulation).
Processing of data means any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, erasure, and destruction of the data.
2. Legal Basis and Purpose of Processing
Legal basis: EU Regulation No. 679/2016 A) Without your express consent (Art. 6 letters b), c), e) of the EU Regulation), for the following purposes:
To manage access to the e-shop services and facilitate online product purchases, as well as to enable your registration on the e-shop and the possible conclusion of a purchase contract through the e-shop;
To fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with you;
To allow you to access the e-shop, even as a non-logged-in user, and browse the e-shop;
To enable you to register on the website, create an account, and use services reserved for registered users, including, in particular, the ability to purchase through the e-shop;
To enable you to access and navigate the e-shop as a logged-in user;
To maintain and manage your account;
To store data and information in your account, such as, for example, your personal data, the history of your orders and any returns, your preferred delivery and/or billing addresses;
To enable you to add products to your cart and conclude the purchase contract through the e-shop.
To fulfill the obligations arising from the purchase contract concluded through the e-shop, such as, for example, the delivery of the products sold;
To enable you to fulfill the obligations arising from the purchase contract concluded through the e-shop, such as, for example, payment, including online, for the products purchased;
For general assistance and customer care activities and to respond to information requests from users or to address complaints, reports, and disputes;
To comply with legal obligations, regulations, European legislation, or orders from authorities (such as anti-money laundering regulations);
To exercise the rights of the Data Controller, such as the right to defend in court;
For general accounting purposes;
For administrative purposes (billing, document management, etc.);
For credit management;
For statistical analysis and quality control;
For insurance management;
For technical support. In particular, your data will be processed for purposes related to the implementation of the following obligations, whether legislative or contractual:
Technical and functional access to the website; no data is retained after closing the browser;
Advanced navigation purposes or personalized content management;
Statistical and navigation analysis purposes.
B) Only with your specific and separate consent (Art. 7 of the EU Regulation), for the following commercial and/or marketing and/or profiling purposes:
Sending newsletters, commercial communications, and/or advertising material via email, mail, and/or SMS and/or telephone contacts regarding products or services offered by the Data Controller and/or assessing the level of satisfaction with the quality of services provided upon your request;
Sending commercial and/or promotional communications via email, mail, and/or SMS and/or telephone contacts from third parties (e.g., business partners).
3. Processing Methods
The processing of your personal data is carried out through operations specified in Art. 4(2) of the EU Regulation, namely: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination, or any other form of making data available, comparison or interconnection, restriction, erasure, or destruction, blocking. Your personal data is subject to both paper and electronic and/or automated processing (suitable to guarantee the security and confidentiality of the data).
4. Data Retention Period and Other Information
The Data Controller will process personal data for the time necessary to achieve the purposes mentioned above and in any case not beyond the legal deadlines following the termination of the relationship for the purposes mentioned in the existing relationship (e.g., data necessary for the execution of the purchase contract until product delivery or, in the event of non-delivery, until the resolution of the contract). With regard to personal data processed for Marketing or Profiling purposes, they will be stored in compliance with the principle of proportionality and until the purposes of the processing are achieved or until specific consent is revoked by the data subject. Specifically, the Data Controller will process the data for no more than 2 years from the data collection for Marketing purposes and one year for data collected for Profiling purposes. The personal data you provide will be processed "lawfully, fairly, and transparently," safeguarding your confidentiality and rights. A periodic check will be carried out annually on the processed data and their possible deletion if no longer necessary for the intended purposes.
5. Data Access
Your data may be made available for the purposes mentioned in points 2.A) and 2.B) to:
Partners, employees, and collaborators of the Data Controller in Italy and abroad, in their capacity as internal processors and/or administrators of the system;
Third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external processors (indicatively: associated firms, lawyers, data processing companies, certifying bodies, accounting/tax consultants, and, in general, to all entities responsible for verifying and monitoring compliance with the above-mentioned purposes, banks, professional firms, consultants, insurance companies for insurance services, financial offices, Municipalities and/or Municipal Offices, consultants and service companies for workplace safety, which may in turn communicate the data or grant access to it to their member partners, users, and related parties for specific market research. The data collected and processed may also be communicated, in Italy and abroad, to subcontractors, suppliers, for the management of information systems, to carriers, freight forwarders, and customs agents). For brevity, the detailed list of these figures is available at our office and at your disposal.
6. Data Disclosure
Without the need for express consent (Art. 6 letters b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies (e.g., IVASS), Judicial Authorities, to insurance companies for the provision of insurance services, and to those to whom the communication is mandatory by law for the accomplishment of said purposes. These entities will process the data in their capacity as independent data controllers.
Your information will not be disseminated.
7. Data Transfer
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission
8. Nature of Data Provision and Consequences of Refusal to Respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee registration on the website, access to the e-shop and its services, browsing on the e-shop, or the execution of the purchase contract through the e-shop. The provision of data for the purposes referred to in art. 2.B) is optional. You can, therefore, decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising material related to the services offered by the Data Controller. You will continue to have the right to access the e-shop and to enjoy the services referred to in art. 2.A). The consent given for marketing purposes is also extended to the receipt of commercial communications via email, mail, and/or SMS and/or telephone contacts by third parties (e.g., business partners). You can also easily oppose further sending of promotional messages and commercial communications by clicking the "unsubscribe" button, which is present in each promotional email. After unsubscribing, we will promptly take steps to remove your contact information from the mailing list used for promotional and commercial communications. It is noted that even after your request for unsubscribing from the newsletter and/or deleting your data, you may continue to receive further promotional messages for a few days, which were already scheduled before your request.
9. Data Subject's Rights
In your capacity as a data subject, you have the rights set forth in Art. 15 of the EU Regulation and, namely, the right to obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form; the right to obtain the indication:
a) of the origin of the personal data;
b) of the purposes and methods of processing;
c) of the logic applied in case of processing carried out with the aid of electronic instruments;
d) of the identification details of the data controller, data processors, and the representative designated pursuant to Article 3, paragraph 1;
e) of the entities or categories of entities to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, data processors, or persons in charge of processing; the right to obtain:
a) the update, rectification, or, when interested, integration of data;
b) the erasure, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys. You have the rights under Art. 16, 17, and 18 of the EU Regulation, namely:
the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay;
the right to obtain from the Data Controller the restriction of processing where one of the conditions set out in art. 18 of the EU Regulation applies;
the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another data controller without hindrance from the Data Controller to which you have provided the personal data. You have the right to object, in whole or in part, as follows:
for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
to the processing of personal data concerning you for the purpose of sending advertising or direct marketing materials or for conducting market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail. It is noted that the right of objection of the data subject for direct marketing purposes through automated methods extends to traditional ones and that, in any case, the possibility remains for the data subject to exercise the right of objection even only partially. Therefore, the data subject can decide to receive only communications by traditional means or only automated communications or none of the two types of communication. Where applicable, the data subject also has the rights referred to in Articles 20 and 21 of the EU Regulation (right to data portability and the right to object), as well as the right to lodge a complaint with the competent Data Protection Authority. You can exercise your rights at any time by sending a registered letter to the Data Controller.
10. Exercise of Rights
You can exercise your rights at any time by sending:
A registered letter with return receipt to the address provided in the letterhead;
An email to the address email@example.com.
The data controller does not intentionally collect personal information related to minors as part of the services offered and the ongoing relationship with you. In case information about minors is unintentionally recorded, the data controller will promptly delete it upon the request of the data subject.
12. Personal Data Not Obtained from the Data Subject
It may happen that the data controller is not the entity to which you provided your personal data but is instead a joint data controller or an external data processor, and therefore, your data has reached the data controller as a result of a contract governing the parties. In this case, it is specified that the data controller will make every effort to ensure that you have been informed and have given consent to the processing. You can request from the data controller the source of the acquisition of your data at any time.
13. Data Controller and Data Processors
Below, we provide you with some information that needs to be brought to your attention, not only to comply with legal obligations but also because transparency and fairness towards our customers are fundamental to our business.
Data Controller: The Data Controller for your personal data is:
Brusidue srl, Via Lomazzo 58, 20154 Milan, Italy
on behalf of the legal representative, who is responsible for the lawful and correct use of your personal data and whom you can contact for any information or requests at the following contact details: phone +39 0234592020, email: firstname.lastname@example.org
Data Processors: An updated list of data processors is kept at the data controller's office.
Cookies are text files that are automatically saved on the user's computer during their browsing. Their purpose is to enhance the user's browsing experience by serving as tools for storing user preferences.
This website uses proprietary and third-party cookies as described below, and their presence is subject to the functionalities planned for the website during its design phase:
Technical cookies are essential for the proper functioning of certain areas of the website. Therefore, technical cookies are always used on the website, regardless of the user's preferences. In particular, the website uses PHPSESSID (session duration); it contains information about the browser session and allows users to access the website.
Reserved Area Cookies:
If a reserved area is present, a cookie is generated to remember the user's username and password, eliminating the need to re-enter this information on each subsequent visit.
Mobile Navigation Cookies:
To make the browsing experience enjoyable on the latest-generation devices, this website includes a cookie that detects and stores the type of device used for access. Based on the information collected, the most suitable website version is presented.
E-shop Order Recovery Cookies:
If an e-commerce area is present, the system stores the user's interaction with the purchasing area by generating a cookie that can recover orders placed.
Third-Party Cookies - Google Analytics:
This website uses third-party cookies owned by Google Inc. for the collection of user browsing data. The data collected is used solely for generating statistical reports within the Google Analytics analysis tool.
Demographic profiling of users can also be performed, extracting statistically relevant data such as age group, gender, and areas of interest. More information on Google Inc.'s data processing can be found at the following address:
http://www.google.com/analytics/learn/privacy.html To disable Google Analytics for display advertising or to customize the types of ads shown, you can visit: https://www.google.it/settings/ads To completely disable the collection of statistical data by Google Analytics, you can install the browser add-on, which is available for free download at: https://tools.google.com/dlpage/gaoptout/
Other active third-party cookies may include: AddThis (http://www.addthis.com/privacy), Bing (https://privacy.microsoft.com/it-it/privacystatement), CloudFlare (https://www.cloudflare.com/it-it/privacypolicy/), Facebook (https://www.facebook.com/policies/cookies/), Feedaty (https://www.feedaty.com/privacy), HotJar (https://www.hotjar.com/privacy), Linkedin (https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy), ShareThis (https://www.sharethis.com/privacy/), TrustedShop (https://www.trustedshops.it/legal-notice-privacy.html), Twitter (https://help.twitter.com/it/rules-and-policies/twitter-cookies), Yotpo (https://www.yotpo.com/privacy-policy/), Zendesk (https://www.zendesk.com/company/customers-partners/cookie-policy/)
To discover all the active cookies on this website, you can use the service available at the following address: http://www.cookie-checker.com/ or similar services.
Please note that all data collected with cookies on this website will never be provided to third parties other than Google Inc. or its certified partners.