Privacy

 

Controller: Eleonora Bonucci S.r.l., Tax Code / VAT number 02025100567, with registered office in 01100 Viterbo (VT), Via dell’Industria SNC, e-mail: customerservice@eleonorabonucci.com.

*****

Pursuant to and for the purposes of art. 13 of Regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the Processing of Personal Data, as well as the free circulation of such Data (the "Regulation" or the "GDPR") and legislative decree 30 June 2003, n. 196 "Code regarding the protection of personal data" ("Code") (Code and Regulations also jointly defined as "Regulations") we inform the interested parties ("Data Subjects") that their Personal Data will be processed in compliance with the Regulations and what is specified below.

Definitions

  • Authorized, the natural persons authorized to carry out Processing operations under the direct authority of the Controller or the Processor, pursuant to art. 29 of the Regulation and art. 2-quaterdecies of the Code.
  • Communication, the giving knowledge of Personal Data to one or more specific subjects other than the Data Subject, the Controller's representative in the State, the Processor and the Authorized, in any form, including by making them available or consulting.
  • Controller, means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the purposes of this Privacy Policy, the terms "Controller" and "Bonucci" are equivalent.
  • Data Subject, User.
  • Designated, the natural persons who are assigned specific tasks and functions related to the Processing of Personal Data and who operate under the authority of the Controller or the Processor, pursuant to art. 2-quaterdecies of the Code.
  • Dissemination, the giving knowledge of Personal Data to undetermined subjects, in any form, including by making them available.
  • Personal Data or Data, any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, with particular reference to an identifier such as the name, an identification number, location data, an identifier online or to one or more characteristic elements of its physical, physiological, genetic, psychic, economic, cultural or social identity.
  • Privacy Policy, this document.
  • Products, means all the goods offered for sale by the Controller through the Website.
  • Processing,  means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Processor, the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Controller.
  • Security Measures, the set of technical (including IT), organizational and physical measures adopted by the Controller to guarantee a level of security adequate to the risk of the Processing, pursuant to art. 32 of the Regulation.
  • Services, indicate all the features that the Controller supplies to Users through the Website and include, in particular, the Product Purchase Service, a service through which the User can purchase the Products on the Site.
  • Supervisory Authority, the supervisory authority referred to in art. 51 of the Regulation.
  • User, indicates the person who wants to use the Services offered on the Website. For the purposes of this Privacy Policy, the term "User" is equivalent to that of "Interested".
  • Website, means the website https://eleonorabonucci.com owned and managed by Eleonora Bonucci S.r.l., Tax Code/VAT number 02025100567, with registered office in 01100 Viterbo (VT), Via dell’Industria SNC ("Bonucci").

 

Privacy Policy

1. Types of Data processed

1. Data provided by the Data Subject and relating to the provision of the Services, means Data provided by the Data Subject during the use of the Services (e.g. name, surname, telephone number, e-mail, shipping address, billing data). Further Data (es. username and password in the case of registered Users) will also be processed by the Controller in order to let the User access to specific services (such as the login to his personal account) The Data Subject is informed that he/she may or may not provide the Data, but that, in the event of failure to provide such Data, some services of the Website will not be available (e.g. request to purchase the Products; access to the reserved area etc.).

2. Data acquired by the Controller for the normal operation of the Website, means those Data collected automatically by the Controller during normal navigation on the Website (e.g. IP address, date and time of the request, etc.) and whose transmission is implicit in the use of the Internet. Such information is not collected in order to be associated with identified Data Subjects, but, with regard to their nature and other information held by third parties, may permit identification of Users. As indicated above, this category of Data includes the "IP addresses" or domain names of the computers used by the Users who connect to the Website, the URI (Uniform Resource Identifier), the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the operating system and the environment computer of the User. These Data are used for the purpose of the correct provision of the Services through the Website. The Controller informs the Users that the aforementioned Data could be used to ascertain responsibility in the event of cybercrimes against the Website or committed through the use of the same.

2. Processing purposes

 

Processing purposes

Legal basis

Data retention

A

The Personal Data referred to in art. 1.1 (name, surname, e-mail, billing data) are processed in order to fulfill the legal obligations imposed on the Controller (e.g. accounting, administrative, tax obligations concerning the management and invoicing of the Products purchased by the User through the Website).

The processing of such Data is necessary for compliance with a legal obligation to which the Controller is subject.

10 years from the issue of the invoice or from registration in the Controller’s accounting records.

B

The Personal Data referred to in art. 1.1 (name, surname, e-mail address, Product and order identification code, shipping address, billing address if different, telephone number) are processed by the Controller in order to carry out the obligations arising from the purchase of one and/or more Products by the Data Subject, including after-sales assistance (e.g. delivery of Products, return of Products).

The processing of such Data is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.

10 years from the purchase of the Product.

C

The Personal Data referred to in art. 1.1 (e.g. name, surname, Product and order identification code, telephone number and/or e-mail) are processed in order to respond to requests for clarification or to provide assistance to the User (by way of example, through filling in the specific form in the "contacts" section of the Website).

The processing of such Data is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.

10 years from the end of the assistance provided by Bonucci to the User.

D

The Personal Data referred to in art. 1.1 (e.g. name, surname, e-mail, Product identification code) could be processed for the purpose of sending the Data Subject e-mails containing information on visits to the Website (e.g. warning e-mails relating to orders of purchase not completed).

The processing of such Data are carried out on the basis of the consent of the Data Subject.

30 days from when the Data Subject has given its consent.

E

The Personal Data referred to in art. 1.2 are processed for the purpose of the correct supply of the Services through the Website.

The processing of such Data is necessary for the purposes of the legitimate interests pursued by the Controller.

The navigation Data are deleted immediately after their processing and, in any case, are not kept for more than 15 days from the time of collection, without prejudice to any need for the investigation of crimes by the judicial authority.

F

The Personal Data referred to in art. 1.1 (name, surname, e-mail) could be processed by the Controller in order to send, by e-mail, commercial communications relating to Products similar to those purchased by the User (so-called soft spam) to the Data Subject.

The processing of such Data is necessary for the purposes of the legitimate interests pursued by the Controller (recital 47 of the Regulation and Article 130 paragraph IV of Code) and the consent of the Data Subject is not required, without prejudice to the right of subsequent opposition.

48 months from the last purchase.

G

The Personal Data referred to in art. 1.1 could be processed by the Controller in order to send the Data Subject commercial communications relating to offers published on the Controller's Website using automated methods (e-mail, sms).

The processing of such Data are carried out on the basis of the consent of the Data Subject.

48 months from when the Data Subject has given its consent.

 

 

3. Processing methods and categories of recipients.

1. Unless otherwise expressly provided for in this Privacy Policy, the Data Subject is informed that the Processing of his/her Personal Data is carried out using manual systems and/or IT, telematic or automated systems, in compliance with the principles of relevance, lawfulness, fairness and purposes provided for by the Regulation.

2. The Controller processes the Personal Data of the Data Subject by adopting the appropriate Security Measures aimed at minimizing the risks of unauthorized access, Diffusion, loss and destruction of the aforementioned Data, pursuant to the Regulation.

3. The Data Subject is also informed that the Processing of Personal Data for the accomplishment of the aforementioned purposes may be carried out by the Controller directly or with the collaboration of other subjects, as Processors, Designated or Authorized (e.g. employees and/or collaborators of the Controller).

4. In particular, the Personal Data may be disclosed to the following categories of recipients:

  • External companies, professionals or IT (information technology) consultancy and assistance companies;
  • E-mail service suppliers;
  • transport company for the delivery of the Products;
  • third party services.

The Data Subject is informed that the Processing operations put in place by the following categories of recipients are put in place by them as independent Controllers:

  • third party payment services. The Data Subject is informed that in the case of payments made through third-party payment services, the Personal Data provided by the Data Subject to make the payment will be processed exclusively by the third-party payment service and will not transit on the Controller's servers.

5. The list of Processors can be consulted at any time, by request to be sent to the e-mail address indicated at the beginning of this Privacy Policy.

6. The Data Subject is informed that the Website uses buttons for interaction with external social networks (e.g. Facebook "like" button, Twitter "share" button, "save" button on Pinterest). If the Data Subject selects these buttons, the social network platforms may process some User’s Personal Data. However, the social network platforms will act as independent Controller, without any direct or indirect involvement of the Controller. The Data Subject is therefore invited to consult the privacy policies before sharing any content.

4. Data Transfer

1. The Data Subject is informed that the Personal Data processed by the Controller may be transferred to other countries within the European Union.

2. The Data Subject is informed that the Personal Data processed by the Controller may be transferred to other countries outside the European Union, for which there is an adequacy decision by the EU Commission or for which additional security measures are applied to the outcome of an assessment by the Controller regarding the impact of the transfer on the rights and freedoms of the Data Subject.

5. Rights of the Data Subject

1. The Data Subject may exercise at any time, by means of a notice to be sent to the addresses indicated at the beginning of this Privacy Policy, the rights provided for by the Regulation pursuant to articles 15-22. In particular:

  • The Data Subject has the right to ask the Controller for access to Personal Data, pursuant to and within the limits of art. 15 of the Regulation.
  • The Data Subject has the right to ask the Controller to rectificate inaccurate Personal Data, pursuant to and within the limits set out in art. 16 of the Regulation.
  • The Data Subject has the right to ask the Controller to erase the Personal Data, pursuant to and within the limits of art. 17 of the Regulation.
  • The Data Subject has the right to ask the Controller to restrict the Processing of Personal Data, pursuant to and within the limits of art. 18 of the Regulation.
  • The Data Subject has the right to ask the Controller to transmit his/her Personal Data in a structured, commonly used and machine-readable format, pursuant to and within the limits of art. 20 of the Regulation.
  • The Data Subject has the right to object to the Processing by the Controller, pursuant to and within the limits of art. 21 of the Regulation.
  • The Data Subject has the right to lodge a complaint with the Supervisory Authority.
  • The Data Subject has the right to withdraw consent with reference to those Processing operations that are based on this legal basis. Pursuant to art. 7, paragraph 3 and art. 13, paragraph 2 lett. c) of the Regulation, the Data Subject is informed that, in any case, the withdrawal of consent does not affect the lawfulness of the Processing based on consent before the withdrawal itself.

6. Changes to this Privacy Policy

1. The Controller reserves the right to make changes to this Privacy Policy at any time. The Controller will post the up-to-date Privacy Policy on the Website.

 

This Privacy Policy was published on June 16, 2022.