INFORMATION ON THE PROCESSING OF CUSTOMERS' PERSONAL DATA
PROCESSING AREA: ONLINE SHOE SALES.
Dear Customer,
In compliance with the obligations laid down in the European Privacy Regulation EU 2016/679 (GDPR) and Legislative Decree no. 196 of 30
June 2003 (Code for the protection of personal data) we hereby inform you that Sharlene
Calzature slrs as Data Controller will process the personal data concerning you that
have been or may be - from you or other subjects - provided/communicated during the relationship with our structure.
The processing of the data, freely provided by you or otherwise collected, will be carried out in compliance with the privacy regulations
in force; it will be based on the principles of correctness, lawfulness and transparency and carried out in compliance with the principles of relevance,
completeness and non-excessiveness.
Therefore, in accordance with the provisions of Article 13 of European Regulation 2106/679 (GDPR) we inform you that:
1. Identification of the data controller
The Data Controller, for all the purposes specifically indicated in point 2, is:
SHARLENE CALZATURE SRLS
Via Papa Giovanni XXIII n.83
76125 Trani,
Tel: 0883/883107
Email: sharlenecalzature@gmail.com
Website: www.sharlenecalzature.it
Pec: sharlenecalzaturificio@pec.it
2. Purpose of processing
The data you provide will be processed for the following purposes:
- Needs relating to the management of the sale of shoes through the website,
through a dedicated form.
- Fulfilment of any type of obligation provided for by laws, regulations or Community legislation;
3. Category and nature of the data processed
The categories of data processed are:
- Personal data (e.g.: name, surname, physical address, nationality, province and municipality of residence,
fixed and/or mobile telephone, fax, address/s, e-mail, etc.);
- Banking data (e.g.: IBAN and bank/postal data, etc.);
- Fiscal and economic data (e.g.: tax code, VAT number, tax regime, active and passive invoices, subsidies, etc.);
4. Retention period
In compliance with the provisions of Article 5(1)(e) of the GDPR, personal data are stored in a form
that allows the identification of the data subject for a period of time not exceeding the achievement of the
purposes for which the data are processed or according to the deadlines provided for by law. Verification of the
obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically,
under the supervision of the Data Controller.
In particular:
- When the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures
, the data shall be processed until the execution of such contract is completed and shall be
stored for the following 10 years, except in the event of the Owner's legitimate interest in the event of
lawsuits;
- When the processing is necessary to fulfil a legal obligation to which the Owner is subject, the data
shall be stored as long as the law permits;
- When the processing is necessary for the pursuit of the legitimate interest of the Data Controller, the data will be
stored as long as the law permits.
Personal data will in any case be retained for the fulfilment of obligations (e.g. tax and accounting) that
remain even after the termination of the contract (art. 2220 c.c.); for these purposes the Data Controller will retain only the data
necessary for the relative pursuit and for the following 10 years, except in the case of legitimate interest of the Data Controller
in the case of espanolfarm.com lawsuits.
5. Processing methods
The processing will be carried out in a non-automated manner. The processing may consist of the following operations: collection,
registration, organisation, storage, consultation, use, processing, modification, selection, extraction,
comparison, interconnection, transmission, communication, cancellation, destruction, blocking and restriction.
The processing will be carried out both with the use of paper media and with the aid of electronic, IT and
telematic tools suitable for guaranteeing the security and confidentiality of the data itself in accordance with the provisions of Article 32 of
European Regulation 2016/679.
In carrying out the processing operations, all technical, IT,
organisational, logistical and procedural security measures will always be adopted, so that the adequate level of data protection provided for
by law is guaranteed. The above-mentioned methods applied for processing shall guarantee access to the data only to the subjects
specified in points 4 and 5.
6. Nature of contribution
The provision and processing of data is:
- Compulsory and does not require your consent for the achievement of purposes connected with the obligations provided for by
laws, regulations or Community legislation;
- Indispensable and does not require your consent for all personal data that are essential for the correct
establishment of the professional assignment, as well as for the management and continuation of the professional service;
- Indispensable and does not require your consent for the performance of tasks of public interest or for the exercise
of public powers vested in the Data Controller;
- Indispensable and does not require your consent for the pursuit of legitimate professional interests or those of
third parties;
- Optional and requires your explicit consent for all personal data collected for purposes not directly and/or
indirectly related to contractual, pre-contractual, legal obligations, the safeguarding of vital interests, the
performance of public duties, the exercise of public powers or the pursuit of legitimate interests.
Any refusal, albeit legitimate, to provide all or part of the above data, could compromise the regular
conduct of the relationship with our structure and in particular, for the personal data defined above as mandatory and
indispensable, could make it impossible for us to carry out the normal course of the professional
assignment and the regular provision of the professional services requested.
7. Communication of data
The subjects or categories of subjects who may become aware of your data or to whom personal data may be communicated
, in addition to the Legal Representative of the Data Controller, are the following:
- Persons authorised to process data (such as employees);
- Persons in charge of processing: (such as consultants, freelance professionals, software service providers).
The updated list of Data Processors and Persons in Charge of Processing is kept at the registered office of the Data Controller
.
Your personal data, in any case, will not be disseminated.
Your personal data may also be communicated to the Public Administration, Social Security and Welfare Institutions,
Public Institutions, Police Forces, Judicial Authorities or other Public and Private Parties, but exclusively for the purpose of fulfilling
the professional assignment conferred and the obligations of law, regulation or Community legislation.
The data in question will not be communicated to other parties other than those envisaged in this information notice, and the data suitable for
revealing the state of health of the data subject will not be disseminated under any circumstances.
8. Processing of data of particular relevance
If the processing also concerns personal data falling within the category of particularly significant data pursuant to Art. 9
GDPR (i.e. data revealing racial or ethnic origin, religious, philosophical or other beliefs,
political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or
trade unionist character, as well as personal data disclosing health and sex life) or "judicial" data (i.e. data capable of
disclosing measures relating to criminal records, the register of administrative sanctions dependent on crime and the
related pending charges or the status of accused or suspected person) the processing will be carried out within the limits and according to the procedures
provided for by the European Regulation 2016/679 and D.Legislative Decree 196/2003 and for the purposes strictly necessary for the regular
conduct of the company's business, operations relating to the performance of professional assignments and the fulfilment
of contractual obligations and/or laws or regulations.
In this case, the subjects or categories of subjects who may become aware of the sensitive data or to whom the data may be
communicated, in addition to the Legal Representative of the Data Controller, are:
- Persons authorised to process the data (such as employees);
- Data Processors: (such as: consultants, freelance professionals, software service providers).
The updated list of Data Processors and Persons in Charge of Processing is kept at the registered office of the Data Controller
.
9. Place of data storage
Your personal data are processed and stored at the operational headquarters of the Data Controller and are archived in paper format and
electronically at the server and archives of the facility, in P.zza Garibaldi 1- Sonnino (LT).
.
10. Rights of the persons concerned
You may always request, at any time, from the Legal Representative of the Data Controller, using the contact details
indicated in this information notice, a copy of your personal data, information on the location where your
personal data are processed and an updated list with the identification details of all the Data Processors and the
System Administrators authorised to process your data.
You may freely withdraw your consent at any time, without any charge and without prejudice to the lawfulness of the
processing carried out up to that time, and, in your capacity as data subject, exercise your rights of Access, Rectification,
Cancellation, Limitation, Opposition, Portability and Complaint to the Privacy Guarantor against the Data Controller
as provided for by art. 15 of European Regulation 2016/679.
More specifically, in your capacity as data subject, you have the following rights:
- Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded and
their communication in intelligible form;
- Obtain indication of: a) the origin of personal data; b) the purposes and methods of processing; c) the logic
applied in case of processing with the aid of electronic instruments; d) the identity of the
owner, managers, the representative appointed under Art. 5, paragraph 2, Privacy Code and art. 3, paragraph
1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who
may become aware of it in their capacity as designated representative in the territory of the State, managers or
appointees;
- Obtain a) the updating, rectification or, when interested, the integration of data; b) the
cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those
which need not be kept for the purposes for which the data were collected or subsequently
processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement at
proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- Oppose, in whole or in part a) on legitimate grounds, to the processing of personal data concerning you, even if
relevant to the purpose of collection; b) to the processing of personal data concerning you, where it is carried out for the purpose of sending advertising or direct sales material
or for the performance of market or commercial communication surveys,
by means of automated calling systems without the intervention of an operator by e-mail and/or by means of
traditional marketing methods by telephone and/or paper mail. Please note that the right to object
of the data subject referred to in point b) above, for direct marketing purposes using automated methods is
extended to traditional methods and that, in any case, the possibility remains open for the data subject to exercise the right to
oppose even only in part. Therefore, the data subject may decide to receive only communications via
traditional methods or only automated communications or neither of the two types of
communication.
11. Contact details of the Holder
The contact details to exercise your rights are:
sharlenecalzature@gmail.com