WHY THIS INFORMATION
Under the Legislative Decree 196/2003 and Regulation (EU) 2016/679 (hereinafter “Regulation”), this page describes the methods of personal data processing of those users who consult the website of PHOENIX S.R.L., accessible electronically at the following address: www.zeusandals.it.
We inform the user that following this site consultation, data relating to identified or identifiable persons may be processed.
This information does not concern other sites, pages or online services reachable by hyperlinks that may be published on the site.
Identity of the owner
The data controller is PHOENIX S.R.L., with registered office in Via Praga snc – 76011 Bisceglie (BT) (Email: firstname.lastname@example.org PEC: email@example.com, Tel .: +39 080 399 1533).
Data Source and type of data collected
Data communicated by the user
DE.VI.L. SHOES srl, collects personal data provided voluntarily by users:
- When registering on the website or when the aforementioned perform a transaction via the website, in addition to other personal data associated with order processing. In this case, the personal data requested are: name and surname, gender, telephone number, mobile number, email address, password, address and city of the person concerned, zip code, country;
- Relating to the use of the website by the user, for example: IP address, the products displayed and those in the bag; if the user reaches the website via a referral page or via a promotional email link or advertisement on another website that redirects to the website of PHOENIX S.R.L., the company may also collect information on the referral page and on the promotional e-mail or advertising targeted together to the user’s IP address to analyze the effectiveness of marketing operations (overall “data on the use”);
- At the time of registration through the “Work with us” section where the requested data may include: work area, personal data (name, surname, city, address), contact details (email address and number by telephone) and curriculum vitae of the interested party;
- At the time of the optional, explicit and voluntary sending of messages to the contact addresses shown on the website www.zeusandals.it, to the “Information and contacts”, “Returns and refunds” and “Send a message” pages that imply the acquisition of the sender’s contact data. This information is necessary to provide feedback to the contact request. Personal data included in communications will also be processed. The data provided will be used with IT and telematic tools for the sole purpose of providing the requested service and for this reason, will be kept exclusively for the period in which it will be active;
- When registering for the newsletter service offered on the website. In this case, personal data required are: the email address, gender, country and city of the person concerned. The data provided will be used with IT and telematic tools for the sole purpose of providing the requested service and for this reason, they will be kept exclusively for the period in which it will be active.
PHOENIX S.R.L., also collects data relating to the use of the website by the user, this information is acquired by the computer systems and the software procedures used to operate the online portal, during their normal operation, moreover, the transmission of the same it is connected and inherent to the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, the addresses in URI / URL (Uniform Resource Identifier / Locator) of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numerical code indicating the the response status given by the server and other parameters relating to the user’s operating system and IT environment.
These data, necessary for the web services’ use, are also processed for the purpose of:
- Obtaining statistical information about the services use (most visited pages, number of visitors per hour or per day, geographical areas involved, etc.);
- Checking the correct functioning of the offered services. Navigation data are not kept for more than seven days and they are deleted immediately after their combination(except for any need to ascertain possible crimes by the judicial authorities).
Cookies and other tracking systems
Depending on the type of treatment to be implemented, the Data Controller uses:
- Data on transactions to process and ship orders, manage payments, communicate with the user about the order, manage any returns, provide customer assistance and allow the picking up of products. They will be also used to acquire pre-contractual data and information; exchange information aimed at the execution of the contractual relationship, including pre and post contractual activities; formulate requests or process received requests; manage accounting and tax obligations.
- To send newsletters about news or commercial promotion (invitations to events, communications regarding new services, promotions). This processing occurs automatically by e-mail and goes on if the interested party has not revoked his consent for the use of the data;
- To provide feedback to any communications, requests for information and / or services from users through the appropriate forms or using the address (es) present in the contact section;
- Finally, the data will be used to manage and control risks, prevent possible fraud, insolvency or default; prevent and manage possible disputes, take legal action if needed.
Treatment legal basis
With reference to the purposes indicated in the previous paragraph, the legal basis of the same is, in relation to the point:
- The need to execute a contract where the interested party is a party or to execute pre-contractual measures adopted at the request of the same;
- The consent expressed by the interested party;
- The fulfillment of contact request performance and / or interventions’ reporting and legal obligations compliance;
- The need to pursue the legitimate interest of the data controller (above all the prevention of fraud and insolvency).
The personal data processed by the Data Controller are not disclosed, that is, they are not disclosed to indeterminate subjects, in any possible way, including the one of their availability or simple consultation. Instead, they can be communicated to workers who work for the Data Controller, or to persons authorized to process the treatment as they operate under the authority of the data controller. In this regard, DE.VI.L. SHOES srl has engaged third party service providers in connection with the operation of the website, such as hosting service providers, marketing and website service providers, IT maintenance service providers, shipping services and VAT verification services , as well as service providers that allow the integration into the website of other functions that the user can use at his discretion. These service providers, designated as Data Processors, are provided only the personal data necessary to provide the corresponding services and they are not allowed to use or disclose the personal data of the interested parties for other purposes, without the prior authorization of the interested party.
The data may also be communicated, as strictly necessary, to subjects who, for the purpose of fulfilling orders or other requests or services relating to the transaction or contractual relationship with the Data Controller, must supply goods and / or execute, on behalf of the Controller, any performance or services. Finally, the data may be communicated to those subjects entitled to access them according to laws provisions, regulations, community regulations.
In particular, on the basis of the roles and work tasks performed, some workers have been entitled to process personal data, considering their respective skills and in accordance with the instructions given by the Data Controller.
In no case the Data Controller transfers personal data to other countries or to international organizations.
However, it reserves the right to use cloud services; in this case, the service providers will be selected from those who provide adequate guarantees, as required by art. 46 GDPR 679/16.
Unless explicitly requested to remove them, the personal data of the interested party will be kept as long as they are necessary with respect to the legitimate purposes according to which they were collected.
In particular, they will be kept for the duration needed to process the contact request and / or intervention request and, in any case, no longer than a maximum period of 24 months of user inactivity.
In case of data provided for newsletters sending, the treatment will be carried out until the consent is revoked. In the absence of revocation, the treatment will still be suspended after 24 months of user inactivity.
Regardless of the determination of the interested party to remove them, personal data will be stored in any case according to the terms established by current legislation and / or national regulations, for the exclusive purpose of ensuring the legal obligations the Data Controller is subject to.
Expect those cases where contact rights and / or intervention reporting rights have been asserted in court, in this case the personal data of the interested party, only those necessary for these purposes, will be processed for the indispensable time to their pursuit.
It should also be added that, in the event that a user provides the Data Controller with unsolicited or unnecessary personal data in order to perform the requested service or to provide a service strictly connected to it, PHOENIX S.R.L. cannot be considered the owner of these data and will delete them as soon as possible.
Rights of the interested party
In relation to the data subject to the processing referred to in this information, the interested party is recognized at any time the right to:
- Ask the Data Controller to access his personal data and information relating to them (Article 15 of the GDPR); the correction of inaccurate data or the integration of incomplete ones (Article 16 of the GDPR); the deletion of personal data upon occurrence
- One of the conditions indicated in art. 17, par. 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of his personal data processing (in the event of one of the hypotheses indicated in art.18, par.1 of the GDPR);
- Request and obtain from the Data Controller – in the cases where the legal basis of the treatment is the contract or consent, and the same is carried out by automated means – his personal data in a defined and readable format by automatic device, even with the aim to communicate those data to another data controller (the so-called right to the portability of personal data – Article 20 of the GDPR);
- Object at any time to the processing of his personal data in the event of particular situations that concern him (Article 21 of the GDPR);
- Withdraw consent at any time, limited to cases where the treatment is based on his consent for one or more specific purposes. The treatment based on consent and carried out prior to the his revocation preserves, however, its lawfulness (Article 7, paragraph 3, of the GDPR).
The appropriate application is submitted by contacting the owner via pec at the address firstname.lastname@example.org e-mail to the address: email@example.com or registered letter with return receipt to the address in Via Praga snc – 76011 Bisceglie (BT). If the interested party considers that his data treatment infringes the provisions of the Regulation, he can apply a complaint to a supervisory authority (Data Protection Authority – www.garanteprivacy.it), as indicated by ‘art. 77 of the GDPR, or file a petition to the appropriate judicial offices (Article 79 of the GDPR).
Refusal to provide data
Interested parties cannot refuse to provide the Data Controller with the personal data necessary to comply with the laws governing commercial transactions and taxation.
The provision of further personal data may be necessary to improve the quality and efficiency of the transaction.
Therefore, the refusal to provide the data required by law will prevent the fulfillment of orders.
The additional data indicated in the paragraph ” Data Source and type of data collected” are provided on a voluntary basis; however, if the interested party decides to not provide the requested data, DE.VI.L. SHOES srl, may not be able to provide the services, allow the transaction to be completed via website or process the order.
Automated decision-making processes
The Data Controller does not carry out treatments consisting of automated decision-making processes on the data of physical persons, except for the interested ones who give their consent to data treatment for newsletters sending and for profiling purposes.