Privacy policy

Privacy Policy

CONTACT DETAILS

PULITO DA FAVOLA SRL
 VIA ZARA, 9 – 24058 ROMANO DI LOMBARDIA (BG) Italy

P.IVA IT04396040166 – info@pulitodafavola.it (“the owner”).

The Data Controller, as better defined below, takes care of its Users’ privacy and guarantees that the Personal Data processing is carried out in compliance with the privacy legislation in force, and in particular with the European Regulation no. 2016/679 and the national legislation on the personal data protection.

Therefore, the Data Controller has adopted the following Privacy Policy in order to regulate and inform the Users of the Website www.labellalavanderinashop.it of the methods and purposes of processingUsers Personal Data.

The User is kindly requested to read this document every time he connects to the Website, in order to update on any revisions, additions and / or modifications, occasiond by regulatory requirements and / or by changes and / or additions to the functionality of the Website itself.

Data Controller:

PULITO DA FAVOLA SRL
VIA ZARA, 9 – 24058 ROMANO DI LOMBARDIA (BG) Italy

P.IVA IT04396040166
Email: info@pulitodafavola.it

 

Collected Data Types

Among the Personal Data collected by www.labellalavanderinashop.it/ as well as from all the landing pages connected and / or correlated to it (hereinafter “the Website”), either independently or through third parties (see their privacy policy), there are: e-mails, various type of Personal Data as better specified below, cookies and Usage Data.

In the related sections of this Privacy Policy or through specific information texts displayed before the Data collection, the User can find all the details of each type of Data.

The Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically by the Website.

Unless otherwise specified, the Data requested are necessary to provide the Service.

In cases of optional Data, Users can refrain from communicating such Data, without any consequence on the availability of the Service or on its operation.

Users who have any doubt about which Data are mandatory are invited to contact the Data Controller.

The collection of any Cookies by the Website or by third party services used by the Website, unless otherwise specified, has the purpose of providing the Service requested by the User, and any other purposes described in this document and in the Cookie Policy, if available .

The User assumes liability for the third parties Personal Data obtained, published or shared through the Website and guarantees to have the right to communicate or share them, holding harmless the Data Controller for any related claim.

METHOD AND PLACE OF COLLECTED DATA PROCESSING

The Data Controller takes appropriate security measures to prevent Personal Data unauthorized access, disclosure, modification or destruction.

Data are processed by means of IT and / or telematic tools, by implementing organizational methods and strategies that are connected to the purposes of the activity.

Other subjects involved in the Data Controller organization and / or in the Website management (for example: administrative, commercial and marketing staff, lawyers, system administrators, etc.) or external subjects (for example: accountants, external legal advisors, third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, e-mail marketing service providers, etc.) may have access to the Personal Data. These subjects may be also appointed Data Processors by the Data Controller, if necessary. The Processors updated list can always be requested to the Data Controller.

DATA PROCESSING LEGAL BASIS

The legal bases of the Data Controller processing of User’s Personal Data are specified below:

  • the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes, pursuant to GDPR, art. 6, paragraph 1, letter a). Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User’s consent or another of the legal bases specified below, as long as the User does not object (“opt-out”) to such processing. However, this is not applicable if the Personal Data processing is governed by European legislation on the protection of personal data;

  • Personal Data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, pursuant to GDPR, art. 6, paragraph 1, letter b);

  • Personal Data processing is necessary for compliance with a legal obligation to which the Data Controller is subject, pursuant to GDPR, art. 6, paragraph 1, letter c);

  • Personal Data processing is necessary in order to protect the vital interests of the Data Subject or of another natural person, pursuant to GDPR, art. 6, paragraph 1, letter d);

  • Personal Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, pursuant to art. 6, paragraph 1, letter e) of the GDPR;

  • Personal Data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child, pursuant to GDPR, art. 6, paragraph 1, letter f).

Pursuant to GDPR, art. 6, the Personal Data acquired by the Website without the consent of the interested party will be processed by the Data Controller to manage and maintain the Website, to allow the use of Services, to satisfy Users’ requests, to allow effective communication with customers, to fulfill the obligations established by law, regulations, community legislation or orders of the Authorities or in any case for purposes connected to the activities and functions of the Data Controller, or to prevent or discover fraudulent activities or abuses to the detriment of the Data Controller through the Website.

It is always possible to ask the Data Controller to specify the legal basis of each Processing and, in particular, whether the Processing is based on the law, provided for by a contract, or necessary to conclude a contract.

PLACE OF PERSONAL DATA PROCESSING

The Data are processed at Data Controller Offices and / or legal and / or operational headquarters and / or at any other place where the parties involved and / or (external) Data Processors IT systems / servers are located.

For more information, the User is invited to contact the Data Controller.

The User’s Personal Data may be transferred to a different country from the User one. To obtain further information on the processing place, please see the Privacy Policy related section.

The User has the right to obtain information about the legal basis connected to any transfer of Personal Data to a third country outside the European Union or to any international organization governed by public international law or consisting of two or more countries (eg the UN) as well as regarding all the security measures adopted by the Data Controller to protect his / her Personal Data. Concerning such Personal Data transfers, please see the Privacy Policy related sections or request information to the Data Controller (see “CONTACTS” section).

PERIOD DATA STORAGE

The Data are processed and stored for the time required by the collecting purposes.

The User can contact the Data Controller (as specified in the “CONTACTS” section) to obtain further information regarding the Personal Data processed retention period.

At the end of the retention period, the Personal Data will be deleted.

Therefore, on expiry of that period, the right of access, erasure, rectification, data portability, object, restriction of processing can no longer be exercised.

PURPOSE OF COLLECTED DATA PROCESSING

The User’s Personal Data are collected to allow the Data Controller to provide its Services, as well as for the following purposes:

  1. Contact the User

  2. Statistics

  3. Displaying content from external platforms / third parties

  4. Contact Management, message sending and/or newsletter sending
  5. Behavioral targeting and remarketing

  6. Registration and authentication
  7. CMS (Content Management System)

To obtain further detailed information on these purposes and on the Personal Data processed for each purpose, see the following section.

DETAILS ON THE PERSONAL DATA PROCESSING

  1. Contact the User:

In order to contact the User, the Data Controller may use the Personal Data collected with the following tools:

– Contact form; Mailing list or newsletter (if the user has subscribed to mailing list or to the newsletter).

Personal Data: name and surname, e-mail address, phone number, Cookies; Usage date; other types of Data.

  1. Statistics

These services allow the Data Controller to monitor and analyze traffic data and to keep track of User behavior, by means of the following tools:

– Google Analytics with anonymous IP;

Google Analytics is a web analysis service provided by Google for statistical purposes to track and examine the Website use, compile reports and share them with other services developed by Google.

Google Analytics may use cookies to collect information and generate statistics on the Website use, without providing personal information on individual visitors. The User’s IP address is anonymized. Anonymization works by shortening the IP address of Users within the borders of the member states of the European Union or in other European Economic Area countries.

Only in exceptional circumstances, the IP address will be sent to Google’s servers and shortened within the United States.

Personal data: Cookies and Usage Data.

In relation to the Personal Data processing methods and place, the User is invited to carefully see the related Privacy Policy.

Please note that the Personal Data may also be processed outside the EEA.

As of July 16, 2020, Google no longer rely on the EU-US Privacy Shield to transfer data that originated in the EEA or the UK to the US, and from September 30, 2020, it uses the standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission.

Please see Google Privacy policy and cookie policy, “How can I grant or revoke consent to the use of Cookies?” section to disable Google cookies – aka Opt-out and also the Privacy Shield section.

 

3) Displaying content from external platforms / third parties

  • Facebook, Facebook Widgets

On the Site there are redirection or sharing buttons to the Facebook social platform, and to the individual social network pages attributable to the Controller.

Facebook shares information worldwide, both internally with Facebook companies and externally with its partners and with the people with whom the User connects and shares content all over the world. Information controlled by Facebook may be transferred or transmitted or stored and processed in the United States or other countries outside the EEA.

As stated in the related Policy, Facebook may use cookies to show ads and make suggestions for companies and other organizations to people who may be interested in their products, services or promoted causes, to measure the performance of advertising campaigns of companies that use Facebook products, to show and measure ads in different browsers and devices used by the same person, to provide statistical data on people who use Facebook products, on people interacting with advertisers’ ads, websites and apps, and on companies that use Facebook products and to enable the functionality that allows Facebook to provide its products.

Furthermore, by visiting the Site, the Facebook Pixel cookie may be installed which allows the Data Controller to monitor the conversions that occur on the Site as a result of the advertisements it is running on Facebook.

The information collected through cookies could be shared with organizations outside of Facebook, such as advertisers and / or networks of advertisers for the ads publication and for measuring the effectiveness of advertising campaigns.

The User is also advised that from July 16, 2020 Facebook no longer bases the processing of Users’ Personal Data on the EU-US Privacy Shield (EU-US Privacy Shield) to transfer data from the European Economic Area and the United Kingdom to the United States; but uses standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission regarding certain countries, as appropriate, for data transfers from the EEA to the United States and other countries.

In relation to the Privacy Shield, the User is referred to reading the relevant paragraph in the cookie policy.

In this case, the following Personal Data are processed: Cookies; Usage date; other types of data.

For more information on the installation and use of cookies by Facebook, the User is requested to carefully read the relevant cookie policy. Please read the Privacy policy of the service carefully to obtain detailed information on the collection and transfer of Personal Data, on the User’s rights and on how to configure your privacy settings.

For behavioral targeting and remarketing this Website uses Facebook remarketing services managed though Hubspot. For more information on Hubspot, the User is invited to consult the relevant section.

  • Instagram, Instagram Widgets

On the Site there are redirection or sharing buttons to the Instagram social platform, owned by Facebook, and to the individual social network pages attributable to the Controller.

Facebook / Instagram shares information worldwide, both internally with Facebook / Instagram companies and externally with partners and with the people with whom the User connects.

According to the related policies, Instagram uses cookies, pixels, local storage technologies and other similar technologies it’s a show advertising content, to offer the service and for reasons related to its use, as well as to collect information about the User use of Instagram. Instagram could also use these technologies to remember the choices made by the User (eg. User name, language or geographical area in which the User is located) and customize the Service to offer better functions and content. Instagram and its advertising partners may use these technologies to show the User advertisements targeted to the interests of the User. These technologies store visits to the User’s device and may also be able to monitor the browsing activities of the device on sites and services other than Instagram. This information may be shared with organizations outside of Instagram, such as advertisers and / or networks of advertisers for the publication of ads and for measuring the effectiveness of advertising campaigns.

The information controlled by Facebook / Instagram could be transferred and / or transmitted and / or stored and processed in the United States or in other countries outside the User’s residence or in any case outside SEE for the purposes described by the legislation referred to in the following links: Facebook conditionsTerms of Instagram.

The User is also advised that from July 16, 2020 Facebook / Instagram no longer bases the processing of Users’ Personal Data on the EU-US Privacy Shield (EU-US Privacy Shield) to transfer data from the European Economic Area and the United Kingdom to the United States; but uses standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission regarding certain countries, as appropriate, for data transfers from the EEA to the United States and other countries.

In relation to the Privacy Shield, the User is referred to reading the relevant paragraph in the cookie policy.

In this case, the following Personal Data are processed: Cookies; Usage date; other types of data.

For more information on the installation and use of cookies by Instagram, the User is requested to carefully read the relevant cookie policy. Please read the Privacy policy of the service carefully to obtain detailed information on the collection and transfer of Personal Data, on the User’s rights and on how to configure your privacy settings.

With reference to the conditions of use of the Instagram service, the User is finally invited to consult the aforementioned conditions.

For behavioral targeting and remarketing this Website uses Instagram remarketing services managed though Hubspot. For more information on Hubspot, the User is invited to consult the relevant section.

  • Google Maps

Google Maps is a map viewing service managed by Google LLC or by Google Ireland Limited (it depends on the location in which the Website is viewed), which allows the Website to integrate such content within its pages.

Personal data: Cookies; Usage date; other types of Data.

In relation to the Personal Data processing methods and place, the User is invited to carefully see the related Privacy Policy.

Please note that the data may also be processed outside the EEA.

As of July 16, 2020, Google no longer rely on the EU-US Privacy Shield to transfer data that originated in the EEA or the UK to the US, and from September 30, 2020, it uses the standard contractual clauses approved by the European Commission and based on the adequacy decisions of the European Commission.

Please see Google Privacy policy and cookie policy, “How can I grant or revoke consent to the use of Cookies?” section to disable Google cookies – aka Opt-out and also the Privacy Shield section.

4) Managing contacts and sending messages and / or newsletters

This type of service allows you to manage a database of e-mail contacts, telephone contacts or contacts of any other type, used to communicate with the User.

These services may also allow the collection of data relating to the date and time of display of the messages by the User, as well as to the User’s interaction with them (for example the detection of the use of links inserted in messages).

Tools:

  • AcyMailing

For the purpose of sending newsletters, this Website uses the third-party service AcyMailing, which analyzes and classifies requests via the contact form on the Website (view: https://www.acymailing.com/privacy-policy/).

By filling out the relative form and giving the relative consents, the User’s email address is automatically added to a list of contacts (managed through AcyMailing) to which e-mail messages containing a periodic newsletter on the initiatives and activities of the Data Controller may be sent, including, for example, any awareness campaigns and / or fundraising and / or marketing and / or any extraordinary newsletters for general or urgent information, including of a commercial and promotional nature.

By accepting this Privacy Policy, the User expressly gives consent to the Data Controller to communicate and / or transfer said data to the email address management and mailing service.

The User is informed that the Data collected in this way may be used by the Data Controller also for profiling purposes (direct marketing) in order to suggest the User the products most suited to his interests.

Personal Data: name and surname, e-mail address, phone number,  Cookies; Usage date; other types of Data.

5) Behavioral targeting and remarketing

This type of service allows this Website and its partners to inform, optimize and serve advertising based on past use of this Website by the User.

This activity is facilitated by tracking Usage Data and by using trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity. Some services offer a remarketing option based on email address lists.

  • Facebook and Instagram Remarketing

Facebook (and Instagram) remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc.

With the help of the Facebook pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps) Facebook (/ Instagram) is able to determine the visitors of this Website as a target group for the presentation of ads.

So this Website uses the “Custom Audiences” remarketing feature of Facebook Inc .: this allows Users of the Website to be shown interest-based advertisements (“Facebook Ads” or “Instagram Ads”) as part of their visit to the social network Facebook or Instagram or other websites that also use the process. So, advertisements that are of interest to the User in order to make online offers more interesting to him / her are shown.

The use of Custom Audience means the User’s browser automatically establishes a direct connection to the Facebook / Instagram server.

The collected Data are processed by Facebook Inc. in the United States.

This Website has no influence on the extent and further use of the Data collected through the use of this tool by Facebook Inc .: therefore please read carefully the relevant Facebook Privacy Policy and Instagram Privacy Policy .

The User can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.

Disabling the “Facebook Custom Audiences” feature is available to logged-in users at https://www.facebook.com/settings/?tab=ads# .

Personal Data: Cookies, email address, Usage Data, other types of Data.

6) Registration and authentication

Tools:

  • WordPress.com

In order to register in the reserved area and log in, this Site uses the WordPress platform.

For more information on the processing of Data by WordPress, the User is invited to read the related Privacy policy.

Personal Data: various types of Data.

7) CMS (Content Management System)

The Website is created using CSM WordPress.

The User is invited to read the related carefully Privacy policy.

Personal data: various types of Data.

PRIVACY SHIELD

Privacy Shield between EU and US is a self-certification mechanism for companies established in the US that process Personal Data received from European Union. It was deemed adequate by the European Commission in 2016.

In compliance with the principles contained therein, the companies undertake to provide adequate protection tools to the interested parties (ie all the Data Subjects whose Personal Data have been transferred from the European Union). If not, they are removed from the certified companies list (“Privacy Shield List”) by the US Department of Commerce and can be subjected to sanctions by the Federal Trade Commission.

However, on July 16, 2020, the Court of Justice of the European Union (CJEU) (2016/1250 Decision of on the adequacy of the protection offered by the EU-US privacy shield regime – cd. “Schrems II Judgment) declares the Privacy Shield inadequate to protect Personal Data received from EU to a company established in United States.

The standard contractual clauses were instead confirmed as valid for Personal Data transfer from EU to non-EU country (in accordance with European Court of Justice’s decision 2010/87).

The user is invited to see FAQs relating to the Schrems II ruling and its effects drafted by the European Data Protection Committee (EDPB), the website www.privacyshield.gov and the Data Protection Authority’s website to better understand the issue and monitor further developments.

DATA COMMUNICATION AND TRANSFER

The Data Controller processes Personal Data with the utmost care and confidentiality.

User data may be disclosed to third parties.

The Data Controller may use (external) Data Processors and service providers during the Data Processing in order to provide the services such as, for example, authentication services, hosting and maintenance, data analysis services, e-mail messaging services, delivery services, payment transactions management, creditworthiness, address and e-mail checking.

Some of the Data Processors / service providers referred to in the sections above are located outside European Union (EU) / European Economic Area (EEA). In these cases, the Data Controller guarantees that:

• the country located outside EU / EEA is considered a safe third country;

• the Data Processor / service provider has adhered to the European Commission’s standard contracts relating to the Personal Data transfer to third countries;

• the Data Processor / service provider is certified according to art. 40 of the GDPR or

• the Data Processor / service provider has a set of approved binding corporate rules.

The User’s Personal Data may be communicated or shared in order to comply with a legal obligation or with the indications of a Court / Judicial Authority or any other competent body or in order to enforce or apply the Website Privacy Policy and / or other agreements or to protect any rights or safety of the Data Controller, Data Processors, service providers and / or other third parties or to protect against fraud or reduce credit risk.

If the User has subscribed to the newsletter, expressly consenting with the “Point and click” mode to the transfer of his / her Personal Data to companies and / or third parties with whom the Data Controller collaborates and / or has entered into agreements for the purposes indicated in the relative consent (including marketing purposes also through profiling – for example Hubspot – for more information please consult the relevant section), it is also possible that the User’s Personal Data, and in particular the email addresses, are communicated or shared with these companies and / or third parties.

USER RIGHTS

With reference to the Data processed by the Controller, the User can exercise the following rights:

• right to withdraw consent at any time. The User can revoke the previously expressed consent to his / her Personal Data processing (see GDPR, art.7);

• right of access. The User has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him / her are being processed, and, where that is the case, access to his / her Personal Data and receive all the information about them (including the purposes of the processing), as well a copy of the aforementioned Data (see GDPR, art.15);

• right to rectification of his / her Personal Data. The user has the right to obtain from the Data Controller without undue delay the rectification of inaccurate Personal Data concerning him / her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal Data completed, including by means of providing a supplementary statement (see GDPR, art.16);

• right to erasure (“right to be forgotten”). The User has the right to obtain from the Data Controller the erasure of Personal Data concerning him / her without undue delay in these events: if the Personal Data are no longer necessary or the User withdraws consent on which the processing is based and there is no other legal ground for the processing or if the User objects to the processing or the Personal Data have been unlawfully processed or if they have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject or if the Personal Data have been collected in relation to the offer of information society services (see GDPR, art.17);

• right to restriction of processing. The User shall have the right to obtain from the Data Controller restriction of processing in these events: if the accuracy of the Personal Data is contested by the User or if the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use or if the User who has objected to processing is waiting for the verification whether the legitimate grounds of the Data Controller override those of the User (see GDPR, art.18);

• right to data portability. The user has the right to receive the Personal Data concerning him / her, which he / she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those Data to another data controller without hindrance from the Data Controller to which the personal data have been provided (see GDPR, art.20);

• right of object to personal data processing. The User can object at any time to processing of personal data concerning him / her (when it’s carried out on a legal basis other than consent). In particular, where Personal Data are processed for direct marketing purposes, the User has the right to object at any time to processing of Personal Data concerning him / her for such marketing, which includes profiling to the extent that it is related to such direct marketing (see GDPR, art.21);

• right to lodge a complaint with the competent supervisory authority. The User can lodge a complaint with the competent Personal Data protection supervisory authority (in Italy: www.garanteprivacy.it) and before the competent courts of the Member States (see GDPR, art.77 and following).

How to exercise your rights

To exercise the aforesaid rights, the User, without paying any fees or charges (except for the provisions of the GDPR, art. 12 paragraph 5), can address a request to the Data Controller:

PULITO DA FAVOLA Srl
VIA ZARA, 9 – 24058 ROMANO DI LOMBARDIA (BG)
P.IVA e C.F. 04396040166
Email: info@pulitodafavola.it
[]