Privacy policy GDPR

Privacy Policy pursuant to Article 13 of (EU) Regulation No. 679/2016 (“GDPR”)

Bordignon A. di Codutti Barbara (hereinafter "bordignonskates") protects the confidentiality of personal data and guarantees its necessary protection against any event that may put it at risk of violation. as provided for by European Union Regulation No. 679/2016 (hereinafter “GDPR”) and Article 13 in particular, please find below the information required by law relating to the processing of your personal data.

SECTION I

Who we are and what data we process (Article 13, paragraph 1 (a), Article 15 (b) GDPR)

bordignonskates, represented by Codutti Barbara with registered offices at Vicolo Apollo, 1 Palmanova (UD) Italy, acts as the Data Controller and can be reached at barbara@bordignonskates.com and collects and/or receives information relating to you, such as:

Category of data

Examples of types of data

Contact details

First name, last name, physical address, nationality, residential province and city, landline telephone number and/or cell number, fax, tax ID number, email address(es)

Banking information

IBAN and banking/postal account information (except for Credit Card number)

Internet traffic data

Logs, originating IP address

 

bordignonskates does not require you to supply so-called "private" data, that is, according to the provisions of the GDPR (Art. 9), personal data that identifies race or ethnicity, political opinions, religion or philosophy, or any union affiliation, nor any genetic or biometric information used to uniquely identify a physical person, data associated with health or one's sex life, or sexual orientation. In the event the services requested from bordignonskates require the processing of this data, you will first receive specific notification with a request for your consent.

The Data Controller has nominated Data Protection Officer (DPO) who can be contacted for any information or requests:

email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Telephone number : +39 0432 928411

For any information or requests, please contact the following address

barbara@bordignonskates.com

Telephone number +39 0432 928411

SECTION II

Why we need your data (Art. 13, paragraph 1 GDPR)

The data is used by the Data Controller to fulfill the registration request and for the supply contract on the pre-selected Service and/or Product purchase, to manage and execute the contact requests forwarded by you, offer assistance, fulfill legal and regulatory obligations demanded of the Data Controller in accordance with the activities performed. In no case will bordignonskates resell any of your personal information to third parties nor use it for any purpose not stated.

In particular, your data will be processed for:

a) registration and contact information, and/or informational materials

Your personal data is processed to implement preliminary actions and those following a registration request, to manage information and contact requests, and/or to send informational materials, as well as to satisfy any and all other obligations arising herewith.

The legal basis for this processing is to provide the services relating to a request for registration, information and contact, and/or the sending of informational materials, and to comply with legal requirements.

b) administering the contractual relationship

Your personal data is processed to implement preliminary actions and those following the purchase of a Service and/or a Product, to manage the applicable order, to perform the Service itself and/or for production and/or shipping of the purchased Product, the associated invoicing and payment management, handling of any returns and/or notifications to the support service and performance of the support itself, fraud prevention, as well as fulfillment of any and all other requirements arising from the contract.

The legal basis for this processing is to provide the services relating to the contractual relationship and to comply with legal requirements.

c) promotional activities on Services/Products that are similar to those you have purchased (Clause 47 GDPR)

The Data Controller, even without your explicit consent, may use the contact information you provided for direct sales of its own Services/Products, limited to those Services/Products that are similar to the ones included in the sale, unless you specifically refuse.

d) business promotional activities on Services/Products that are different from the ones you purchased

Your personal data may also be processed for business promotional purposes, for market research studies involving the Services/Products that the Data Controller offers, but only if you have authorized this processing and have not opposed it.

This processing may occur by the following automated methods:

- email;

- sms;

- telephone contact

and may occur:

1. if you have not with drawn your consent fort heuse of your data;

2. if processing is done through contact with a telephone operator, and you are not registered ont he non-call registry as outlined in Presidential Decree No. 178/2010;

The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time (see Section III).

e) digital security

The Data Controller, in line with the provisions of Clause 49 of the GDPR and through its providers (third parties and/or recipients), processes your personal data involving traffic only to the extent strictly necessary and proportional to guarantee security of the networks and the information. This means the capacity of a network or information system to block, at a given level of security, any unforeseen events or illegal or malicious acts that would compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.

The Data Controller will immediately notify you if there is any risk of violation of your data, except for any obligations noted in the provisions of Art. 33 GDPR associated with notifications of personal data violations.

The legal basis for this processing is to comply with legal requirements and the legitimate interests of the Data Controller in undertaking processing for the purpose of protecting corporate assets and the security of the bordignonskates offices and systems.

f) profiling

Your personal data may also be processed for profiling purposes (such as analyzing the transmitted data and the pre-selected Services/Products, suggesting advertising messages and/or business offers in line with user selections) exclusively when you have given explicit and informed consent. The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time (see Section III).

g) fraud prevention (Clause 47 and Art. 22 GDPR)

Your personal data, except for private data (Art. 9 GDPR) or legal information (Art. 10 GDPR) will be processed to allow controls for monitoring purposes and prevention of fraudulent payments. This processing will be done by software systems that run automated checks and will be carried out prior to negotiating Services/Products;

a negative result on these checks will render the transaction impossible; you can, in any case, express your opinion, obtain an explanation or dispute the decision by outlining your reasons to the Customer Support Department or to the contact barbara@bordignonskates.com;

personal data collected only for anti-fraud purposes, which differs from the data needed for the proper performance of the service requested, shall be immediately deleted upon termination of the verification phase.

h) protection of minors

The Services/Products offered by the Controller are reserved for those entities legally able, based on national regulations, to satisfy contractual obligations.

The Controller, to prevent illegal access to its own services, implements preventive measures to protect its own interests, such as checking tax identification numbers or, when necessary for specific Services/Products, the accuracy of the identification data on the identification documents issued by the applicable authorities.

Communication to third parties and categories of recipients (Article 13, paragraph 1 GDPR)

Your personal data is communicated mainly to third parties and/or recipients whose activity is necessary to perform the activities relating to the contract established, and to meet certain legal requirements, such as:

Categories of recipients

Purposes

Bordignon A. di Codutti Barbara

Fulfillment of administrative and accounting requirements as well as those connected with the contractual services,

Third party providers and companies

Performance of services (assistance, maintenance, delivery/shipping of products, performance of additional services, providers of networks and electronic communication services) associated with the requested service

Credit and electronic payment institutions, banks/post offices

Managing deposits, payments, reimbursements associated with the contractual service

External professionals/consultants and consulting firms

Fulfillment of legal requirements, exercising rights, protecting contractual rights, credit recovery

Financial Administration, Public Agencies, Legal Authorities, Supervisory and Oversight Authorities

Fulfillment of legal requirements, protection of rights; lists and registries held by Public Authorities or similar agencies based on specific regulations relating to the contractual service

Formally mandated subjects or those with recognized legal rights

Legal representatives, administrators, guardians, etc.

 

* The Controller requires its own third party providers and Data Processors to adhere to security measures that are equal to those adopted for you by restricting the Data Processor's scope of action to processing directly related to the requested service.

The Controller will not transfer your personal data to countries where the GDPR is not applicable (countries outside the EU) except where specifically indicated otherwise, in which case you will be notified first, and if necessary asked for your consent.

The legal basis for this processing is fulfillment of the services outlined in the established contract, compliance with legal obligations, and the legitimate interests of Aruba S.p.a. to perform the processing necessary for these purposes.

SECTION III

What happens when you do not provide your identification information as needed to perform the requested service? (Article 13, paragraph 2 (e) GDPR)

The collection and processing of your personal data is necessary to fulfill the service requests as well as to perform the Service and/or supply the requested Product. Should you fail to provide your personal data as expressly required within the order form or the registration form, the Data Controller will not be able to carry out the processing associated with managing the requested services and/or the contract and the Services/Products associated with them, nor fulfill the operations dependent on them.

What happens when you do not provide the consent for processing personal data for the business promotion activities on Services/Products that are different from those purchased?

When you do not give your consent to the processing of your personal data for these purposes, the processing will not be implemented for these specific purposes, but it will not affect the performance of the requested services or those for which you have already given your consent, if requested.

In the event you have given consent and later withdraw it or oppose the processing for business promotional activities, your data will no longer be processed for these activities, although this will not create negative effects or consequences for you or the services requested.

How we process your data (Article 32, GDPR)

The Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of your personal data, and requires the same security measures from third party providers and the Processors.

Where we process your data

Your data is stored in hard copy, electronic and remote archives located in countries where the GDPR is applicable (EU countries).

How long is your data stored? (Article 13, paragraph 2 (a) GDPR)

Unless you explicitly express your own desire to remove it, your personal data will be stored until required for the due purposes for which it was collected.

In particular, the data will be stored for the entire duration of your registration and in any case for no longer than a maximum period of 12 (twelve) months of inactivity, that is, within this time period, there have been no Services and/or Products purchased using this registration.

For data provided to the Controller for the purposes of business promotion for services other than those you have already purchased, for which you initially gave consent, it will be stored for 24months, except when such consent is withdrawn.

For data provided to the Controller for the purposes of profiling, it will be stored for 12 months, again except when consent has been withdrawn.

It is also important to add that, should the user forward to bordignonskates personal data that has not been requested or that is unnecessary for the purposes of performing the services requested, or for the performance of services strictly connected thereto, bordignonskates cannot be considered controller of this data and will proceed to delete it as soon as possible.

Regardless of your determination to remove the data, your personal information will be, in any case, stored according to the terms outlined in current law and/or national regulations, for the exclusive purpose of guaranteeing specific requirements, applicable to certain Services (for example, but not limited to, Certified Electronic Mail, Digital Signature, Digital Preservation - refer to the associated section).

Furthermore, personal data will in any case be stored to comply with obligations (e.g. tax and accounting purposes) which may continue even after termination of the contract (Art. 2220 Civil Code); for these purposes, the Controller shall retain only the data necessary to complete these activities.

For those cases where the rights arising from the contract and/or registration are used in the courts, your personal data, exclusively required for these purposes, shall be processed for the time necessary to complete them.

What are your rights? (Articles 15 - 20 GDPR)

You have the right to obtain the following from the Data Controller:

a) confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the following information:

1. the purposes of the processing;

2. the categories of personal data in question;

3. the recipients or categories of recipients that have received or will receive your personal data, in particular if these recipients are in third party countries or are international organizations;

4. when possible, the anticipated storage period of your personal data or, if not possible, the criteria used to determine this period;

5. whether you have the right to ask the Data Controller to correct or delete your personal data or the limits on processing your personal data or to oppose the processing of the data;

6. the right to lodge a complaint with a supervisory authority;

7. in the event the data is not collected from you, all of the information available regarding its origin;

8. whether there is an automated decision process, including profiling, and, at least in these cases, significant information on the logic used, as well as the importance and consequences to you for this processing.

9. the suitable guarantees provided by the third party country (outside EU) or international organization to protect any transferred data

b) the right to obtain a copy of the personal data processed, again given that this right does not affect the rights and freedoms of others; for extra copies requested by you, the Data Controller may assign a reasonable fee based on administrative costs.

c) the right to edit any of your incorrect personal data from the Data Controller without unjustified delay

d) the right to have your personal data deleted by the Data Controller without unjustified delay, if there are the reasons outlined in the GDPR, Article 17, including, for example, if the data is no longer needed for processing or if the data is considered illegal, and again, if there are no conditions outlined by law; and in any case, if the processing is not justified by another equally legitimate reason;

e) the right to obtain limits on the processing from the Data Controller, in those cases outlined in Art. 18 of the GDPR, for example where you have disputed the correctness, for the period necessary for the Data Controller to verify the data's accuracy. You must be notified, within an appropriate time, even when the suspension period has passed or the cause of limiting the processing has been eliminated, and therefore the limitation itself has been withdrawn;

f) the right to obtain information from the Data Controller on the recipients who have received the requests for any corrections or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort.

g) the right to receive your personal data in a structured format, commonly used and readable by automatic devices as well as the right to forward this data to another Data Controller without obstruction from the original Data Controller, in those cases outlined by Art. 20 of the GDPR, and the right to obtain direct forwarding of your personal data from one Data Controller to another, if technically feasible.

For further information and to send your request, contact the Data Controller at This email address is being protected from spambots. You need JavaScript enabled to view it.. To guarantee that the rights noted above are exercised by you and not by unauthorized third parties, the Data Controller may require you to provide other information necessary for this purpose.

How and when can you oppose the processing of your personal data? (Art. 21 GDPR)

For reasons associated with your particular situation, you may at any time oppose the processing of your own personal data if it is based on legitimate reasons or if it is done for business promotional activities, by sending a request to the Data Controller at barbara@bordignonskates.com.

You have the right to have your own personal data deleted if the Data Controller has no legitimate reason prevailing over such request, and in any case, where you have opposed the processing for business promotional activities.

Who can you lodge a complaint with? (Art. 15 GDPR)

Without prejudice to any other ongoing administrative or judicial action, you may lodge a complaint with the applicable supervisory authority of the Italian territory (Italian Personal Data Protection Authority), that is, with the agency that performs its duties and exercises its rights within the member country where the GDPR violation occurred.

Any updates to this information shall be communicated in a timely manner and through suitable means, and will be notified to you if the Data Controller processes your data for purposes other than those outlined in this privacy policy prior to proceeding and after you have given your consent, if necessary.

SECTION IV

COOKIES - General information

This site uses cookies and in some cases third-party cookies to provide a better experience and service for users. When navigating or using our services you agree to our use of cookies. However, the user has the option to prevent the generation of cookies and disposal of the same by selecting the appropriate option in your browser. If you block the use of cookies on your browser it may disrupt some services and some functions of the website may not be available.

What is a cookie?

A cookie is a small piece of text that websites send to the browser and is stored on the user's terminal, which may be a personal computer, a mobile phone, a tablet, etc. These files allow the website to remember information about your visit, such as language and preferred options, which can make your next visit easier and make the site more useful for you. Cookies play a very important role in improving user experiences on the web.

How are cookies used?

By browsing this website you are accepting that we can install cookies on your machine and let us know the following information:

Statistical information on the user's use of the web.

The user 'login' which keeps the session active on the web.

The preferred format of web access from mobile devices.

Latest searches over web services and data customisation services.

Information about the ads that are displayed to the user.

Information from surveys that the user has participated in.

Types of cookies used

This website uses both temporary session cookies and persistent cookies. Session cookies store information only while the user accesses the Web and persistent cookies stored in the terminal data to be accessed and used in more than one session.

Technical cookies: these allow the user to navigate through the website or application and use the various options or services there. For example, with traffic control and data communication, to identify the session, access restricted Web parts, remember the elements of an order, make the request for registration or participation in an event, use the security features during navigation, and store content for broadcast video or sound.

Cookies customisation: these allow users to access the service with some predefined general features in your terminal, or user defined settings. For example, the language, the type of browser through which you access the service, the design of selected content, geolocation terminal and place where you can access the service.

Advertising cookies: these allow the effective management of advertising spaces which are included in the Web page or application from which the service is provided. They allow the adaptation of advertising for it to be relevant to the user and to avoid showing ads that the user has already seen.

Statistical analysis cookies: these allow the monitoring and analysis of user behavior on websites. The information gathered through such cookies is used in measuring the activity of web, application or platform sites and the profiling of user navigation of these sites, in order to make improvements to the service and functionality for users.

Third Party Cookies: On some web pages you can install third-party cookies allow you to manage and improve the services offered. For example, the statistical services of Google Analytics.

How to manage cookies in the browser?

The user has the option to allow, block or delete cookies installed on your computer by setting your browser options installed on your terminal: - Internet Explorer; - Chrome; - Safari; - Firefox; - Opera. Mobile: - Android; - Safari; - Windows Phone; - Blackberry.

For more information about Cookies plase visit www.youronlinechoices.com


Print   Email