The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols (so-called “ Browsing Data ”). Such information are not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes:

–          – the IP addresses or domain names of the computers used by users connecting to the site;

–          – the addresses in URI (Uniform Resource Identifier) notation of the requested resources;

–          – the time of the request;

–          – the method used in submitting the request to the server;

–          – the size of the file obtained in response;

–          – the numeric code indicating the status of the response given by the server (successful, error, etc.),

–          – other parameters related to the user’s operating system and computer environment.

This data is used for the only purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

The legal basis for the processing lies in the legitimate interest of the owner to promote its business through the web channel, to keep its online services active and functioning, and to protect users and the site itself from cyber attacks (protection of business assets).

The site may also process data automatically by sending Cookies to the user. Cookies are small strings of text sent during the consultation to the website and, based on their purpose and assumed value allow the website and/or third parties to collect related to the user. The use of this digital tool is analytically described through the Cookie Policy of the website.

Browsing data will be kept for the period strictly necessary for their processing to make the service available; they may be kept for longer periods exclusively for information security reasons, for the detection of anomalies or attempted computer attacks or for statistical processing (in this case, in aggregated or anonymized form); the retention period of cookie tools is specified within the Cookie Policy of the website.

The above mentioned browsing data and information on how users navigate the site, including cookie tools and where possible in anonymized and/or aggregated form, will be used to process statistics on the interaction of Users with the aim of evaluating interventions to improve, enhance or revise functionality in order to optimize, make the user experience more pleasant and meaningful, as well as evaluate the impact of the tool more overall.

The results of the processing will not constitute personal data, as they will be expressed in aggregate terms and for the Controller’s internal use only. The data, including personal data, on which such processing will be based are understood to be for internal use only and accessible only to the site operators in charge of extrapolating the reports.

The legal basis for the processing lies in the legitimate interest of the Data Controller to improve and enhance the website and user experience based on statistical surveys in order to make these changes relevant and data-driven.

Through the functions of the website (contact forms, chat, chatbots, other functions of interaction between user and the owner of the site) users have the opportunity to send inquiries to the data controller, as well as request to be contacted by the data controller.

The controller will use the communicated information exclusively to respond to such requests.

The same may be subject to further processing in case a relationship is established between the user and the Controller.

The personal information requested is submitted and sent spontaneously by the user who wishes to be contacted by the Controller in order to submit specific requests.

The collected data will be used exclusively to respond to the submitted requests and will be subject to further processing only if a relationship is established between the User and the Owner.

The legal basis for the processing lies in the execution of a contract or fulfillment of pre-contractual needs between the Controller and the User.

The data that the User transmits through the form or other contact functions will be kept for a maximum period of 3 years; after that it will be further processed in case a relationship is established.

The personal information entered within the registration form for the personal area is necessary for the creation of the personal profile to gain access to it.

All data present in or communicated through the personal area will be used to respond to specific requests from the registered user (e.g., to retrieve access credentials, information on the Holder’s activities, business relationship management, etc.), as well as to facilitate subsequent dealings with the data subject.

Registration is in the autonomy of the user necessary for the use of the functionality.

The legal basis for the processing lies in the execution of a contract or fulfillment of pre-contractual needs between the Data Controller and the User, as well as to ensure the data subject’s access to specific functions of the site.

Registration data for the personal area will be retained until the User requests deletion, unless this data is necessary to fulfill legal obligations (e.g., in the case of e-commerce) as well as to ascertain unlawful behavior or attempted cyber-attacks through access to the area.

The owner may provide, within the Terms and Conditions of Use of the site, for the deletion or deactivation of the account in case of prolonged inactivity.

E-commerce features are available within the site, through which the User can view and purchase products and services provided by the Data Controller directly through the site.

Data will be processed by the Data Controller to respond to specific user requests and to conclude commercial transactions.

The Data Controller takes all necessary security measures to protect the user data disclosed at the time of the transaction, especially for those related to the payment instruments used.

Similarly to the Controller’s customers, the User’s data will be further processed and stored in order to fulfill tax and accounting obligations, as well as to manage the preparation, shipment and completion of the order or the provision of the service, as well as for the purpose of managing any litigation between the parties. More information on the processing of customer data is available upon request.

In addition, the Terms and Conditions of Use and Sale, which regulates the use of and access to e-commerce features, apply to these features of the website, and the data processing may be necessary to ensure proper application of them.

The legal basis for the processing lies in the performance of a contract or fulfillment of pre-contractual needs between Controller and User, fulfillment of legal obligations and legitimate interest of the controller in the management of possible litigation as well as to ensure the effective application of the Terms and Conditions of Use and Sale.

Data related to online purchases and related administrative management or otherwise transmitted as part of the use of e-commerce functions will be retained for a maximum period of 10 years, unless the establishment of litigation or other needs that justify a longer retention.

Through the newsletter service, other channels that may be used by the Data Controller (social networks, messaging services, etc.) or marketing services and techniques aimed at the development and implementation of its services, it carries out activities to promote the company’s business to users and customers by sending emails or other telematic communications containing commercial and marketing information.

The communication of data for the purposes of providing the newsletter service or other direct marketing activities is subject to the prior consent of the person concerned if the email address or other address is collected through the website where, in order to forward the data to the system, it is necessary to tick the option by which express consent is given for this purpose.

Promotional communications may also be carried out by Soft Spam mode, in the absence of consent of the data subject, provided that the communications carried out have the following attributes:

·         carried out by sending e-mail messages to recipients who have already had business relations with Spagni L. e C. S.R.L. and who have communicated the e-mail address in this regard;

·         the content relates to products or services similar to those already purchased by the recipient or in which the recipient has previously shown interest.

That without prejudice to the data subject’s ability to make use of the option to unsubscribe from the mailing list, an action that will suspend the sending of further promotional communications of this kind, as well as to withdraw consent or exercise a right of the data subject.

Marketing activities take place by sending cookies or other tracking tools with the purpose of collecting data with marketing purposes, remarketing and personalization of ads and advertisements of the third parties to which these tools refer. More information about these tools is available within the website’s cookie policy.

The legal basis for the processing resides in the consent of the data subject, if the User subscribes to the newsletter through the appropriate boxes on the website (as well as through the contact forms or registration to the reserved area) or, in the case of acquired customers, in the legitimate interest of the data controller to promote its business through soft spam. The sending of any cookies and tracking tools for marketing purposes will take place following the consent of the data subject, which can be conferred by means of the specific banner on cookies.

Data relating to contact details entered, e.g., in the newsletter subscription box – if any – or for which the user has given explicit consent will be processed until the user unsubscribes from the service or withdraws consent, as well as in the event of the exercise of rights by the data subject; the retention of any marketing cookies is specified within the website’s Cookie Policy.

The controller manages part of its online communication through public profiles on social networks.

Comments left under shared posts/content and any other interaction will follow the regulations and policies of the social platform (the latter could configure itself as an autonomous Controller of these treatments, so please refer to the privacy policies of the individual social network).

The private correspondence held with the interested parties (through the messaging/chat tools made available by the social itself) will be processed in compliance with the rules of the social platform with the purpose of managing communication and providing answers to the requests of the interested party.

The controller has a social profile on the following social networks:

–          Facebook: https://www.facebook.com/SpagniTheGift/

–          Instagram: https://www.instagram.com/spagnithegift/

–          LinkedIn: https://www.linkedin.com/company/spagni-&-spagni/

The latter’s data may be processed outside the social network in the pre-contractual and, subsequently, contractual context in the event of the establishment of a relationship with the data subject.

The legal basis for processing lies in the execution of a contract or fulfillment of pre-contractual needs between Controller and User, as well as legitimate interest of the controller to manage its communications with data subjects and maintain its presence on social.

Functionality related to the “Lavora con Noi” area

Functionality related to the “Work with Us” area

A space is available within the website for you to make applications to job positions in the company and/or submit your Curriculum Vitae and submit such data for evaluation by the Controller, who may contact you again in case of job and collaboration opportunities. the data will be processed by the Controller with the purpose of evaluating the suitability of the candidate for job positions within the company.

The data may be shared with third parties who are involved, on behalf of the Controller, in selecting and evaluating applications for open job positions in the company.

The legal basis for processing lies in the execution of a contract or fulfillment of pre-contractual needs in the context of the possible establishment of a working relationship or collaboration between the Controller and the User. The communication of data and information belonging to special categories (ex. art. 9 GDPR, “sensitive data”) does not require express consent for processing, as established by Legislative Decree 101/18 in article 9, paragraph 1, letter c. (as they are communicated spontaneously by the worker) However, there is a box where the User declares that he/she has read this extended information.

The period of retention of personal data contained in the databases relating to potential employees/collaborators will be that limited to the performance of the purposes indicated above for a period of:

–          – if the candidate has a profile that meets the requirements for access to job positions within the company, the data related to the CV will be kept for a maximum period of 24 months;

Some services and features on the website may result in the transfer of personal data outside the European Union. The services, the identity of the providers, the purpose of the transfer as well as references to the legal basis and/or legal documents justifying the transfer are specified below.

Browsing the website may involve the communication of your personal browsing data to parties outside the European Union, as the website uses Google systems to ensure access to certain features (Google Analytics, Google Recaptcha, Google Maps, Google Tag).

Although Google’s services are provided in the European Union by Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, for service reasons some data may be processed, communicated or stored on Google systems residing outside the European Union.

The transfer is lawful because Google adheres to the “EU-US Data Privacy Framework,” a European Commission adequacy decision and mechanism that ensures adequate protection of personal data similar to that in place within the EU.

For more information on Google’s privacy policies, we suggest navigating to the following link:

https://policies.google.com/privacy/frameworks?hl=it

The Controller may use to send communications to data subjects of the Mailchimp e-mail marketing platform, provided by the U.S. Company The Rocket Science Group LLC, located: 675 Ponce de Leon Ave, Suite 5000 Atlanta, Georgia 30308, outside the European Union. Therefore, personal contact information provided for this purpose (master information, e-mail addresses) may therefore be subject to transfer outside the Union.

The Rocket Science Group LLC is part of the Intuit Inc. group, headquartered at 2700 Coast Avenue, Mountain View, CA 94043, in the United States Of America (https://www.intuit.com)

The transfer is lawful because The Rocket Science Group LLC adheres to the “EU-US Data Privacy Framework,” an adequacy decision of the European Commission and a mechanism to ensure adequate protection of personal data similar to that which exists within the EU.

In addition, The Rocket Science Group has contractual terms and addenda designed to ensure compliance with data protection as required by European law.

For more information on Mailchimp’s privacy policies, we suggest navigating to the following link:

https://mailchimp.com/it/gdpr/

As part of the customization of advertisements and improvement of the online visibility of spagnithegift.com, the controller has implemented within its website some browsing tracking tools for re-marketing purposes (Facebook Pixel) used following the provision of user consent through banner cookies.

These tools are operated by Meta Platforms, Inc. and/or its wholly owned subsidiaries and therefore may be subject to transfer outside the European Union (United States of America).

The legal basis for the transfer is based on Meta Platforms, Inc.’s adherence to and participation in the EU-U.S. Data Privacy Framework. This certification covers Meta’s processing of personal information received from the European Economic Area.

The certificate is available at the following link on the Data Privacy Framework website (https://www.dataprivacyframework.gov/list) and more information is available in Meta’s legal privacy area (https://www.facebook.com/privacy/policies/data_privacy_framework)

Some services reachable from the site may involve the transfer of data outside the European Union. These services are accessed outside the site (via redirection) and are listed below:

–          Paypal (handling payments for e-commerce)

–          Whatsapp (management of communications with the data subject).

The user is invited to check the privacy policies of these external services.