This web-site collect some personal datas of users.
Who is the Data Controller of this web-site?
Fratelli Vassallo di Corrado e Paolo Vassallo S.n.c.
C.da Feudo Santa Anastasia, sn
95036 RANDAZZO CT
P. Iva 04332620873
Owner email address: firstname.lastname@example.org
Types of Data collected
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Website and warrants that he has the right to communicate or publish them, freeing the Owner from any liability to third parties.
Mode and place of data process
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is made through use of computer and/or digital tools, and when necessary on paper, with all security measures envisaged by the legislator.
In addition to the Data Controller, in some cases, other subjects, including employees and collaborators (administrative, commercial, marketing, legal, system administrators) or external subjects (suppliers of technical services, courier, hosting providers, communication agencies) may have access to the Data and could be nominated by Data Controller as Data Processor. The updated list of Data Processors can always be requested at the Data Controller.
Legal basis of the processing
The Data Controller processes Personal Data of the User in order to the following conditions:
when the User has given consent for one or more specific purposes. Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User's consent, until he opposed against data processing ("opt-out"). However, this is not applicable if the processing of Personal Data is regulated by European legislation regarding the protection of Personal Data;
when processing is necessary for the execution of a contract with the User and/or the execution of pre-contractual measures;
when processing is necessary to fulfill a legal obligation of the Data Controller;
when processing is necessary for public interest or for the exercise of public authority vested in the Data Controller;
when processing is necessary for the pursuit of the legitimate interest of the owner or third parties.
In any case, it's always possible to ask at the Data Controller extended explanations about the legal basis of data processing.
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved are located.
The User's Personal Data may be transferred to other countries different with the User country.
The User have the right to obtain information regarding the legal basis for the transfer of Data outside the European Union.
For more information, the User can refer to the respective sections of this document or request specific information at the Data Controller.
The Data are processed and stored for the time required by the purposes for which they were collected. Therefore:
The Personal Data collected through forms on the web-site, will be stored for the time necessary to give feedback to the User's requests.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be stoerd until such interest is met.
When the process is based on the consent of the User, the Data Controller can stored the Personal Data for a longer time until such consent is revoked, in any case the Data Controller will store the User's data for a maximum period of 36 months. Furthermore, the Data Controller may be obliged to store Personal Data for a longer time in compliance with a legal obligation or an order of an authority.
At the end of the storage time the Personal Data will be deleted, over this term the access, cancellation, rectification and portability right will be revocated.
Purposes of the datas process
Personal and Navigation Data obtained automatically or voluntarily released by the Users, are collected by the Data Controller for the following purposes:
Contacting the user, order management, shipping, contacts management and sending messages, reviews, customer support, interaction with social networks, Spam protection, hosting services, statistics, marketing activities such as sending informative material, sending marketing material via email, newsletter, brochures, text message, sending message using new communication platforms such as, for example, WhatsApp, Facebook, Telegram, qualitative surveys on customer satisfaction. With reference to online sales, the specific purposes are listed below:
e-Commerce (Online Sale)
The data entered to complete the purchase by the user such as: name and surname, email address, telephone number and other data provided, are collected to follow up at the customer's purchase request, and therefore:
- Registration of the order
- Contact the customer for information regarding the purchase
- Shipping of the product (s)
Payment datas relating to the online purchase of products are collected and processed by:
- Stripe: https://stripe.com/it/privacy
- Paypal: https://www.paypal.com/it/webapps/mpp/ua/privacy-full
- Wix https://it.wix.com/about/privacy
Collect and process data is necessary to follow up the User's requests. Any additional purposes, for example: marketing campaigns or sharing the User's data with partners or other companies, will need an explicit consent of the User, optional and separate. For all marketing purposes, each User has the right to revoke his/her consent, without this having consequences in the contractual relationship and/or for the performance of services requested by the User.
More information on the purposes of data processing may be requested at any time to the Data Controller using the contacts that on the top of this Policy.
Users may exercise some rights with reference to the Data processing.
In particular, the User's rights are:
The right of access: the User can request the access at their personal data and information about how the Data Controller process them. Under request of the User, the Data Controller will provide an overview of the categories of data processed, and a copy of the actual data collected and a description of the processing methods. The Data Controller will also provide the purposes of the processing, the way in which the data were acquired and the subjects with whom the data eventually shared.
The right of rectification: the User has the right to request the correction of personal data if they are inaccurate or incomplete.
The right to oppose: the User has the right to oppose at the processing of his Data when it occurs on a legal basis different than consent, may also oppose to the processing of Personal Data for profiling or automated processing purposes. When Personal Data is processed in the public interest, or to pursue a legitimate interest of the Owner, the User has the right to oppose at the processing only for particular reasons related to his situation. The User must motivate of his opposition, unless the processing is carried out for direct marketing purposes. In the latter case, in fact, no motivation is required to exercise this right.
The right to data portability: the User has the right to obtain their personal data for the purpose of transferring them somewhere else. This provision includes both, the data "supplied" by the user and those "observed".
The right to cancellation: the User has the right to request the cancellation of their data, when revoking the consent, or when they will no longer useful for the purposes for which they were collected. In this case, the Data Controller will carry out, as soon as possible, the cancellation and the termination of any form of communication. The Data Controller can deny the cancellation when the processing is done for a public interest or when the data will be necessary for the defense in court or to fulfill a legal obligation.
The right to limit the processing: When certain conditions are met, the User can request the limitation of the processing of his Data. In this case the Data Controller will not process the Data for any other purpose other than their conservation.
The right to file a complaint: the User can file a complaint at the competent personal data protection authority or act in court.
How to ask for your rights
To exercise her/his rights the Users can send a request using the contact details of the Owner indicated in this document. The requests are free and processed by the Data Controller as soon as possible, in any case within 30 days.
More information about data processing
Defense in court
The User's Personal Data may be used by the Owner in court to defense himself.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of the public authorities.
System logs and maintenance
For needs related to operation and maintenance, this Website and some third party services may collect System Logs, which are files that record the interactions and that may also contain Personal Data, such as the User IP address.
Information not contained in this policy
More information about the processing of Personal Data may be requested at any time at the Data Controller using the contact details.
Response to "Do Not Track" requests
This Website doesn't support "Do Not Track" requests.
To find out if the third-party services support them, the User can consult their respective privacy policies
If the modifications concern the legal basis and the type consent, the Data Controller, if necessary, will collect the User's consent again.
Definitions and legal references
The personal data are any information that directly or indirectly, also in connection with other information, including a personal identification number, make identifiable a person.
Data used to processing
These information is collected automatically through this Website (also from third party applications integrated into this Website), including: IP addresses or domain names, URI addresses (Uniform Resource Identifier), the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (good order, error), the country of origin, the characteristics of the browser and the operating system used by the visitor, the time of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the web-site, with particular reference to the sequence of the pages consulted.
The person who uses this Website that, unless otherwise specified, coincides with the person concerned.
The Person concerned
The person to whom the Personal Data refers.
Owner of data processing
The physical or legal person, public authority or other subjcts that determines the purposes and means of the processing of personal data and the tools adopted, including the security measures related to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.
The hardware or software tool through which the Personal Data are collected and processed.
The Service provided by this Website.
European Union (or EU)
Unless otherwise specified, any reference to the European Union contained in this document, is refer at all current member states of the European Union and the European Economic Area.
Small portion of data stored in the User's device.
Unless otherwise specified, this privacy statement applied exclusively to this Website.
Last change: April 28 2020